AnsweredAssumed Answered

AW keeps deleting Dameware Service

Question asked by Stacy Dunn on Sep 7, 2018
Latest reply on Nov 5, 2018 by Stacy Dunn

We have been working with Check Point on this issue nearing 3 months. 

 

Despite all of the exclusions and updates we have made, the Anti-Malware Blade insists that the Solarwinds: Dameware Mini Remote Control service is malicious and deletes the corresponding .exe files. 

   -DWRCS.exe

   -DWRCST.exe

   -DWRCSET.dll

   -LogAdjuster.exe

 

What we've done:

-Followed ALL of the steps in sk13132

-Analyzed the forensics reports and made suggestions for new exclusions 

-Tested several "new" AW policies that Check Point suggested

-Selected "Skip File" under "Riskware Treatment"

-Updated our SmartEndpoint (R77.30.03-990003009, e80.86 version)

-Tested the software on different client versions (Same result between e80.70-e80.86)

-Applied the necessary hotfixes to the Smart Endpoint

-Added Dameware as a whitelisted application under "Application Control"

-Sent various updates and cpinfo's, logs, and screenshots to Check Point

-Reached out to SolarWinds for advice (No such luck)

 

Was wondering if anyone else has experience with the Dameware service while using Checkpoint Endpoint Protection and whether or not they need exclusions/if their exclusions are working properly?

 

I realize that there are businesses in the same boat as us and that this may be a shot in the dark, but I thought it was worth a try.

Attachments

Outcomes