This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SEC - PUA exceptions not working?

We constantly have warnings about remcomsvc.exe.

We know the software so it's a bit of a false positive for us. So to save alerts, we placed exceptions under antivirus (C:\Windows\System32\RemComSvc.exe) and also authorized the PUA RemCom under Authorization.

We still keep getting email alerts from loads of our clients. It looks like the exceptions we put in don't work. Any ideas?

regards,

Louis

This thread was automatically locked due to age.

0 QC over 5 years ago in reply to MEric

Hello MEric and Louis,

sav32cli will still detect the PUA even if it has been excluded
this is the expected behaviour. sav32cli.exe is stand-alone (once there was a self-contained version available), while it uses SAVXP's engine and detection data (libraries and IDEs) it doesn't take heed of SAVXP's settings, rely on the On-Access driver or SAVService.exe.

Scheduled scans will also detect Authorized PUAs
Correct. You get a message like File "C:\Program Files\PSTools\PsExec.exe" belongs to authorized adware or PUA 'PsExec' but you shouldn't get an alert or email. I suggested to test whether the behaviour with psexec.exe is the same (i.e. exclusion and authorization have seemingly no effect) or as intended.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Louis-M over 5 years ago in reply to QC

After taking the av/hips scanning exceptions out (left authorization for RemCom in), things seemed to have calmed down. I'll monitor it until next wednesday (weekly scan on weds 0300hrs) and report back.
Cancel
Vote Up 0 Vote Down

Cancel