AW keeps deleting Dameware Service

Mastering Compliance
Unveiling the power of Compliance Blade

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

May the 4th (+4)
Navigating Paradigm Shifts in Cyber

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

Introducing Quantum Force
Accelerated AI-Powered Firewalls

LEARN MORE

Create a Post

We have been working with Check Point on this issue nearing 3 months.

Despite all of the exclusions and updates we have made, the Anti-Malware Blade insists that the Solarwinds: Dameware Mini Remote Control service is malicious and deletes the corresponding .exe files.

-DWRCS.exe

-DWRCST.exe

-DWRCSET.dll

-LogAdjuster.exe

What we've done:

-Followed ALL of the steps in sk13132

-Analyzed the forensics reports and made suggestions for new exclusions

-Tested several "new" AW policies that Check Point suggested

-Selected "Skip File" under "Riskware Treatment"

-Updated our SmartEndpoint (R77.30.03-990003009, e80.86 version)

-Tested the software on different client versions (Same result between e80.70-e80.86)

-Applied the necessary hotfixes to the Smart Endpoint

-Added Dameware as a whitelisted application under "Application Control"

-Sent various updates and cpinfo's, logs, and screenshots to Check Point

-Reached out to SolarWinds for advice (No such luck)

Was wondering if anyone else has experience with the Dameware service while using Checkpoint Endpoint Protection and whether or not they need exclusions/if their exclusions are working properly?

I realize that there are businesses in the same boat as us and that this may be a shot in the dark, but I thought it was worth a try.