We have been working with Check Point on this issue nearing 3 months.
Despite all of the exclusions and updates we have made, the Anti-Malware Blade insists that the Solarwinds: Dameware Mini Remote Control service is malicious and deletes the corresponding .exe files.
-DWRCS.exe
-DWRCST.exe
-DWRCSET.dll
-LogAdjuster.exe
What we've done:
-Followed ALL of the steps in sk13132
-Analyzed the forensics reports and made suggestions for new exclusions
-Tested several "new" AW policies that Check Point suggested
-Selected "Skip File" under "Riskware Treatment"
-Updated our SmartEndpoint (R77.30.03-990003009, e80.86 version)
-Tested the software on different client versions (Same result between e80.70-e80.86)
-Applied the necessary hotfixes to the Smart Endpoint
-Added Dameware as a whitelisted application under "Application Control"
-Sent various updates and cpinfo's, logs, and screenshots to Check Point
-Reached out to SolarWinds for advice (No such luck)
Was wondering if anyone else has experience with the Dameware service while using Checkpoint Endpoint Protection and whether or not they need exclusions/if their exclusions are working properly?
I realize that there are businesses in the same boat as us and that this may be a shot in the dark, but I thought it was worth a try.