https://community.checkpoint.com/t5/Endpoint/Devolutions-Remote-Desktop-manager-reported-as-ransomeware/m-p/212056#M8548 <P><SPAN>Solution Description form CP TAC service request: Remote admin tools are considered PUA under&nbsp;</SPAN><SPAN class="">Check</SPAN><SPAN>&nbsp;Point's policies due to their capabilities, therefor this one is considered TP. If the customer trusts the use of this specific one internally and uses it safely he may create a local exception for this one. Exclusion suggestion provided</SPAN></P> Tue, 23 Apr 2024 12:18:55 GMT Mitja-S3NEXT 2024-04-23T12:18:55Z https://community.checkpoint.com/t5/Endpoint/Devolutions-Remote-Desktop-manager-reported-as-ransomeware/m-p/211107#M8510 <P>This was alreasy sent to the emergency response e-mail</P><DIV class="">&nbsp;</DIV><P>Incident: 6c157e2b-5e8a-4d1e-9a17-5d70e5f2ba2f<BR />Status: Active<BR />User: *******<BR />Computer: *******<BR />OS: Windows 10<BR />Trigger: c:\windows\system32\rundll32.exe<BR />Triggered by: Endpoint Behavioral Guard<BR />Trigger Time: 12. 4. 2024, 08:54:24<BR />Protection Name: behavioral.win.anonymousmemorype.a<BR />Entry Point: ****-PC\**** was logged in. <STRONG>msiexec.exe created [remotedesktopmanager_x64.exe]</STRONG></P><DIV class="">&nbsp;</DIV><P>&nbsp;</P> Fri, 12 Apr 2024 07:21:48 GMT https://community.checkpoint.com/t5/Endpoint/Devolutions-Remote-Desktop-manager-reported-as-ransomeware/m-p/211107#M8510 Mitja-S3NEXT 2024-04-12T07:21:48Z https://community.checkpoint.com/t5/Endpoint/Devolutions-Remote-Desktop-manager-reported-as-ransomeware/m-p/211111#M8511 <P>Why not open SR# with CP TAC?</P> <P>&nbsp;</P> Fri, 12 Apr 2024 08:24:27 GMT https://community.checkpoint.com/t5/Endpoint/Devolutions-Remote-Desktop-manager-reported-as-ransomeware/m-p/211111#M8511 G_W_Albrecht 2024-04-12T08:24:27Z https://community.checkpoint.com/t5/Endpoint/Devolutions-Remote-Desktop-manager-reported-as-ransomeware/m-p/211214#M8514 <P><SPAN>Service Request: 6-0003913660 opened <span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></SPAN></P> Sat, 13 Apr 2024 18:59:51 GMT https://community.checkpoint.com/t5/Endpoint/Devolutions-Remote-Desktop-manager-reported-as-ransomeware/m-p/211214#M8514 Mitja-S3NEXT 2024-04-13T18:59:51Z https://community.checkpoint.com/t5/Endpoint/Devolutions-Remote-Desktop-manager-reported-as-ransomeware/m-p/212056#M8548 <P><SPAN>Solution Description form CP TAC service request: Remote admin tools are considered PUA under&nbsp;</SPAN><SPAN class="">Check</SPAN><SPAN>&nbsp;Point's policies due to their capabilities, therefor this one is considered TP. If the customer trusts the use of this specific one internally and uses it safely he may create a local exception for this one. Exclusion suggestion provided</SPAN></P> Tue, 23 Apr 2024 12:18:55 GMT https://community.checkpoint.com/t5/Endpoint/Devolutions-Remote-Desktop-manager-reported-as-ransomeware/m-p/212056#M8548 Mitja-S3NEXT 2024-04-23T12:18:55Z