Jump to content

Search the Community

Showing results for tags 'antivirus'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • MSPGeek
    • Announcements
    • The Geek Cast
    • Code of Conduct
  • ConnectWise Automate / Labtech
    • ConnectWise Automate / LabTech
    • ConnectWise Automate / LabTech - Development


  • ConnectWise Automate
    • Scripts
    • Plugins
    • SQL Snippets
    • Role Definitions
    • Automate PowerShell Code
    • Reports
    • Internal Monitors
    • Remote Monitors
  • ConnectWise Manage
    • API Interacting Code

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me


Agent Count













Found 14 results

  1. All-- So with the rise of ransomware and this ever evolving issue. We understand that AV and backups are the first lines of defense on this. But AV solutions are only so good at picking up the attach as they are happening. I'd rather this be resolve BEFORE the attack in order to make sure the servers and other resources on the network remain safe. That said, what solutions are people doing to combat the issue of ransomware? What tools are people deploying to make sure that ransomware stays off their network? I understand that viruses are an when not if statement, but there has to be something out there that does better than most. I am currently using Automate for patching and webroot for AV. Let me know your thoughts. Thanks Jason
  2. Hi there, here are my definitions for Kaspersky Security 10.1.2 for Windows Server (KSWS). It works ;) Name: Kaspersky Security 10.1.2 for Windows Server x64 Program Location: {%-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{93EDBC7E-D73F-4401-84A5-79E8CBB8B843}:InstallLocation-%}\kavshell.exe Definition Location: {%-HKLM\SOFTWARE\Wow6432Node\KasperskyLab\WSEE\10.1\Environment:Bases-%} Update Command: "{%-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{93EDBC7E-D73F-4401-84A5-79E8CBB8B843}:InstallLocation-%}\kavshell.exe" UPDATE /KL Version Check: EMPTY Infection Check: EMPTY Scan Template: SCAN /MYCOMP /AI:DISINFECT AP Process: kavfs* Date Mask: (.*) OS Type: x64 Version Mask: EMPTY Infection Match: EMPTY Best wishes from Munich EDO
  3. Hi All, Following an update to 1809, we have had issues with definitions for any Windows 10 machine with Intune (or just the vanilla Windows Defender). Turns out the 'RemediationEXE' referenced by the LT default definition no longer exists. I create the below definition which seems to work fine - thought I'd share with you all! 😀 Name: Windows Defender 10 AV Process: msmpeng* Program Location: {%_if|{%_ne|{%-HKLM\SOFTWARE\Microsoft\Windows Defender:DisableAntiVirus-%}|1_%}|{%-HKLM\SOFTWARE\Microsoft\Windows Defender:InstallLocation-%}MsMpEng.exe_%} Definition Location: {%-HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates:SignatureLocation-%}\mpavdlta.vdm Date Mask: (.*) Update Command: "{%-HKLM\SOFTWARE\Microsoft\Windows Defender:InstallLocation-%}\mpcmdrun.exe" -SignatureUpdate -Trace -Grouping 15 -GetFiles
  4. I've worked with Labtech (connectwise Automate) regarding this with no luck at all. Windows 7 showed fine on all machines for MSE inside AV dashboard. Out of the box machines with windows 10 show Defender with no issue. Every machine upgraded from 7 to 10 are not showing Defender in the AV tile. It shows physically on the machine and is working fine, it shows in software and processes in labtech to be running, but anything inside AV it shows nothing installed. Anyone ran into this?
  5. https://www.webroot.com/us/en/about/press-room/releases/carbonite-to-acquire-webroot This is horrible news. We used AVG when they were the darling of the industry many years ago. They got big and downhill the antivirus went. We switched to Vipre when they were the darling of the industry. They were acquired by GFI and went downhill afterwards. We switched to Webroot and have been happy ...until now. I have zero hope that Webroot will fare any different after this acquisition than AVG or Vipre did. On top of that ...Carbonite??? Really? I can't believe they are still in business in the day of super cheap and much better online backup choices, Carbonite is as outdated at floppy disks. I would have been less surprised if Webroot acquired Carbonite. Anyone with recommendations for where we go next when Webroot starts to suck?
  6. I have a few machines that do not require antivirus. They constantly show in the Antivirus Dashboard as 'Virus Scanner None Found', as you'd expect. My question is, does anyone know of a way to exclude a machine from appearing in the Antivirus Dashboard, or if it is even possible? Cheers
  7. Hey all, We're running into some limitations with the health history queries for the stock AV health report (too many agents, query takes too long to run), and I'm looking to modify the stock report to: show all computers for the client, whether they're at risk or not, and their current definition date. I got this from support on pulling definition data straight from the SQL backend using a query virus definition date is stored in the computers table, in the field named virusdefs, so a query like this will get you a list of computers, their clients, and the AV definition date: SELECT cl.name, c.computerid, c.name, c.virusdefs FROM computers c LEFT JOIN clients cl ON c.clientid = cl.clientid; Can anyone help me modify the stock report to pull and show the current status and definition date for a client, instead of referencing any historical data? Please and thank you!
  8. Hey All, Looking to see if anyone has the entries for the Virus Scanners section in the Dashboard for Eset 6 and 7 Thanks, Stephen
  9. What are folks using out there besides Webroot, that you'd recommend? Preferably something that integrates to LabTech.
  10. Hey folks All our Sophos Endpoints are saying they haven't updated since Feb 20. Looking in the appropriate folder, I can see it's looking at VDL.DAT, which was indeed last updated on that date. Looks like Sophos have changed what they update, now there are a bunch of files with .ide extensions that seem to get updated whenever they need to, but no definitive file I can watch as far as I can tell. I'm trying inje-ddi.ide, that was the one that most recently updated, will monitor, but if anyone has a solid answer for this I would love to get it nailed Jase
  11. Investigating an issue that we are seeing on a number of workstations at two clients. After scanning and cleaning with MBAM 1.80, Malwarebytes is re-flagging the registry string where REG_DWORD is UpdatesDisableNotify and value flips back from 0 to 1 after the full scan and clean. I ran REVO uninstaller and did not find remnants of old AV programs. It's difficult to believe that multiple machines at two clients have rootkits or other stealthy infections. What could be flipping the value back to 1?
  12. Has anyone had experience with a client that has enabled Script control in their environment? After it is enabled all powershell scripts and plugins are blocked, regardless of the exclusions we have put in. Running scripts when it is off to report the directory show the scripts launching at "c:\windows\system32". However, when we re-enable it and exclude that directory, the scripts are still blocked. We have also tried some temp directories, trailing backslashes on diretories, the LTSvc directory and subdirectories but they all seem to be blocked still. Any insight would be helpful, as I am sure I am missing something.
  13. How are other people with Webroot monitoring for threat detections on Macs? The 3.0 plugin does not pull detection data from the GSM console into the plugin_webroot3_threathistory table (as it does for PC's), and thus the "Webroot 3 - Active Infection" monitor never triggers for Macs. Webroot support confirmed this is expected behavior (since the mac client isn't "fully supported" yet).
  14. I'm hoping that this is the right place to post this question. We have a script that we use to deploy Webroot, and have noticed fairly recently that it does not work. We've found that the following error is returned on the host machine: "C:\Windows\LTSvc\packages\Webroot\wsasme.msi You don't have permission to save in this location. Contact the administrator to obtain permission. Would you like to save in the *our company name* folder instead?" The perplexing thing is that permissions on LTSvc show that administrators have full access to the folder, and the administrator account that we use to manage customers is a domain admin, so I'm kind of at a loss as to why there is a permissions error.
  • Create New...