I've been having a lot of trouble with SEP blocking the Kaseya Remote Agent when I try to remote control a machine. Kaseya tries top download a file called No-ActiveXxxxxxx.exe but uses a different file name for this each time. It also trioes to put the file in a temporary folder in the Internet temporary files which gets a diferent folder name each time. Due to the changes in folder names and file names there is no way to put an exclusion in Symantec Endpoint Protection. I've opened a ticket with Symantec over this issue and they've sent me the following:
I just spoke with one of our Security Response engineers. We like to get a copy of the Kaseya software from you for testing purposes. Is this possible? Once we're able to run some tests, we can determine why SONAR is treating these executables as security threats; then, we can perhaps create whitelist entries for these applications.
Please let me know if you can provide us a copy of Kaseya for testing purposes. Thanks.
Sincerely,Eric Dye Symantec Enterprise Technical Support"
Is there any way to get Kaseya to work with Symantec so that Symantec can write an exclusion that will prevent the Kaseya remote agent from being blocked? Who can I talk to to get this process started?
I've gone ahead and opened a Kaseya support ticket on this issue, as well.
I thought Symantec was a third party integration partner?
Good question. Maybe it's only for BackupExec?
No, Symantec is in the Third Party Integration Program (TPIP). They have developed specific modules to monitor SEP and BackupExec.
The issue here has no relation with the TPIP.
Symantec support says that they're going to download the Kaseya trial and do some testing. They seem to be concerned and working on it, so that's good. Kaseya support said that they're passing my ticket on to a "Specialist" for review. Hopefully, it'll get sorted out before too long. I have to kill SEP before I can remote control a workstation so that's not good.
What browser are you using?
If you're using Chrome, do this: community.kaseya.com/.../70666.aspx
If you're using Firefox, switch to Chrome. :P
I just realized you had posted in that thread. You're still having the problem with SEP blocking "NoActiveX****.exe"? What about if you use IE? (shudder)
Yes, still blocked. I'm using IE9 (yeah, I know!) but it's also blocked in Chrome. Haven't tried Firefox but I "assume" it's the same. Symantec Endpoint Protection is detecting the Kaseya ActiveX control as "Bloodhound.SONAR.9" and, of course, it's sending it to purgatory. I could make an exception for "Bloodhound.SONAR.9" but it'd be my luck to then actually encounter the real thing... :-)
I use SEP 12.1 on my machine and I dont have any problems with the Kaseya Remote Agent and IE9. I did initially when SEP 12.1 came out 6 months ago. It was getting blocked by SONAR. But not had that issue personally for months. It was getting blocked on the reputation engine initially for me.
That's very interesting diggisaur. When you select a client to remote control do you get prompted to download and install the ActiveX control? I've tried installing it and not installing it but my session still gets blocked by SEP SONAR. Have you made any exceptions or changes to SONAR or Policies for this issue?
@Zippo - You should only get the ActiveX pop up if you're using the legacy Remote Control screen. Is that true or are you getting it on the LiveConnect Screen?
Yes, it's getting blocked when I use the Remote Control portion of Kaseya.
I don't usually use KLC becausse it opens an extra window when all I want is a remote control session but SEP 12.1 does work correctly with KLC.
Well, what a frustrating support experience this one has been. I finally just told the guy to close the darn ticket as it was obvious he was going to do everything he could not to address the issue. I kept telling him, "The file gets quarantined by Symantec when I do this" and he kept saying, "Well, don't do that". Good grief. It's like telling them "Here's a bug" and them responding, "If you don't use that feature you won't notice the bug". Sheesh! Fortunately, Symantec Support is still happily working to resolve the problem although they don't seem to be getting any more help from Kaseya than I received. Symantec has filled out the form and tried downloading the Kaseya trial for testing a couple of times without success. One would think that Kaseya would be concerned that one of their files is getting quarantined by a major anti-malware vendor but I guess not. Ah, well. It's not a showstopper but it sure is frustrating.