Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Nickel

I need to allow UltraVNC on the endpoint client

Jump to solution

Hello all,

I have searched quite a bit on this and have not found a way to allow Ultra VNC (winvnc.exe) on the client endpoint.  The anti-malware keeps detecting it as a threat and removing it.  I have already added it to exception lists in anti-malware and SandBlast policies in SmartEndpoint.  I am not sure why it keeps removing it as it is in like 4 exception lists.  Any help would be much appreciated.

 

Tim

0 Kudos
1 Solution

Accepted Solutions
Nickel

the last place I added the exclusion to was on SmartEndpoint in the Policy tab.  under the Anti-Malware policy.  Right click the Periodically scan local-hard drives only and select edit shared action.  Click on the link at the bottom that says Configure files and folders exclusions.  Click add and add the folder of where the executable is stored.  But I also added it to many other areas first.  I am not sure if it needs all of them or not but I will also list the other locations.

SmartEndpoint--->Policy--->Anti-Malware...right click Scan all files upon access and select edit shared action.  Add the folder location with the Add button under the Processes to exclude from scan.  I also added the specific process just as a precaution.  I assume if just the folder is there it will still work.

SmartEndpoint--->Policy--->Sandblast Agent Threat Extraction, Emulation and Anti-Exploit...right click on Inspect all domains and files and add the folder location to the Exclusions list in that window.

SmartEndpoint--->Policy--->Sandblast Agent Anti-Ransomware, Behavioral Guard and Forensics...right click on Default File Quarantine Settings and add the file location into the Items excluded from quarantine list.  I added the location and process.

 

I hope this helps someone.  It was a pain trying to find any of this information anywhere.  I basically just had to keep poking around in the policy until I found the locations.   But I found them one at a time and not all at once so I am assuming all need to be in place in order for it to work.

 

Tim

 

 

View solution in original post

0 Kudos
4 Replies
Highlighted
Admin
Admin
What version of the Endpoint client?
What precise logs are showing when it is removed?
0 Kudos
Highlighted
Nickel

Thanks for the reply.  I found where I needed to add it.  I had it in many exception lists but apparently I needed it also in the one that does the periodic scan.  Once it was added to that one, it stopped deleting it.  I appreciate the efforts.  It just took longer than I expected to find the right place to add it, or it needed it in multiple places.  but it is now working.

 

Tim

0 Kudos
Highlighted
Admin
Admin
For the folks following along, can you detail where you added it?
0 Kudos
Nickel

the last place I added the exclusion to was on SmartEndpoint in the Policy tab.  under the Anti-Malware policy.  Right click the Periodically scan local-hard drives only and select edit shared action.  Click on the link at the bottom that says Configure files and folders exclusions.  Click add and add the folder of where the executable is stored.  But I also added it to many other areas first.  I am not sure if it needs all of them or not but I will also list the other locations.

SmartEndpoint--->Policy--->Anti-Malware...right click Scan all files upon access and select edit shared action.  Add the folder location with the Add button under the Processes to exclude from scan.  I also added the specific process just as a precaution.  I assume if just the folder is there it will still work.

SmartEndpoint--->Policy--->Sandblast Agent Threat Extraction, Emulation and Anti-Exploit...right click on Inspect all domains and files and add the folder location to the Exclusions list in that window.

SmartEndpoint--->Policy--->Sandblast Agent Anti-Ransomware, Behavioral Guard and Forensics...right click on Default File Quarantine Settings and add the file location into the Items excluded from quarantine list.  I added the location and process.

 

I hope this helps someone.  It was a pain trying to find any of this information anywhere.  I basically just had to keep poking around in the policy until I found the locations.   But I found them one at a time and not all at once so I am assuming all need to be in place in order for it to work.

 

Tim

 

 

View solution in original post

0 Kudos