Just had my remote desktop session killed, after remoting in to server with RDP instead I found the following entry in the event viewer.

 

Event Type:    Warning
Event Source:    WinDefend
Event Category:    None
Event ID:    3004
Date:        21/10/2011
Time:        9:05:10 AM
User:        N/A
Computer:    SERVER
Description:
Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=74409
     Scan ID: {E273EC88-E10A-4C62-8ADA-CED1EB0D126F}
     User: rsttiling\Administrator
     Name: Unknown
     ID:
     Severity: Not Yet Classified
     Category: Not Yet Classified
     Path Found: service:Ktvn_BSNT9998155121573512;file:C:\Program Files\Kaseya\BSNT9998155121573512\DesktopAccess\Ktvnserver.exe
     Alert Type: Unclassified software
     Detection Type:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

Perhaps someone at Kaseya could tap Microsoft on the shoulder and point out that they are detecting a false positive with their software.

 

Does anyone know of any reg entries we can drop in to let kaseya get passed Windows Defender?

 

l