Kaseya Community

New Issue with Window Defender

  • Windows defender is now apparently detecting the Kaseya service as suspected Spyware. Specifically from one of our client PC's we are seeing the following error:

    Windows Defender Real-Time Protection agent has detected spyware or other potentially unwanted software.
    For more information please see the following:
    http://www.microsoft.com
    Scan ID: {D4299DFD-6B99-44D5-94A1-BAB7839DC56E}
    User: ****
    Name: Unknown
    ID:
    Severity ID:
    Category ID:
    Path Found: service:KASEYAHA
    Alert Type: Unknown
    Detection Type:





    Has anyone else run into this and found a workaround yet?






    Legacy Forum Name: New Issue with Window Defender,
    Legacy Posted By Username: Jonathan
  • Yep, it's been happening with all our computers with the new Defender on it. Most of the computers we rolled back to the old version because we found Defender to be an intense memory hog.

    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: niclyn
  • Yes. We ran this little script in Kaseya to allow Defender to coexist:

    Script Name: AllowedApps
    Script Description: This script allows applications in Windows Defender so they will not be alerted on as possible spyware. Steps 1 - 3 are various versions of WinVNC, Step 4 is to allow Kaseya.

    IF True
    THEN
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\7480
    Parameter 2 : 00000006
    Parameter 3 : REG_DWORD
    OS Type : 1
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\4150
    Parameter 2 : 00000006
    Parameter 3 : REG_DWORD
    OS Type : 1
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\13052
    Parameter 2 : 00000006
    Parameter 3 : REG_DWORD
    OS Type : 1
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\2147483646
    Parameter 2 : 00000006
    Parameter 3 : REG_DWORD
    OS Type : 1
    ELSE



    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: mcmonagle
  • Thanks for the script.

    We have identified another item that is being picked up by Windows Defender, refer extract from System Event Log below.

    Windows Defender Real-Time Protection agent has detected spyware or other potentially unwanted software. Scan ID: {82649E03-DF40-4F09-9B12-0E5AC6E58D73} driver:KAPFA;file:C:\WINDOWS\system32\drivers\KAPFA.SYS

    Kapfa.sysis the "Kaseya Agent Protected File Access Driver".

    Any thoughts on how to configure Windows Defender to allow this?

    Cheers, Ian


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: TechOnline
  • Bump. Has anyone got a fully functioning, complete implementation of a Windows Defender deployment?


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: BulletproofSean
  • Another side thought on this... although not a fast resolve.......... Hi Kaseya... Can you not call Microsoft, Fill out a form, ...something...ask them to stop detecting your product as spyware..? Long term, that seems like the best answer.

    As Windows Defender evolves, the reg entries will most certainly change. As Kaseya evolves, so it willto.

    Gamer-X


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: Gamer-X
  • Actually, I just did the following:

    - downloaded WindowsDefender.msi (NOT from MS Website, so I didn't perform the validation, although I very likely DO have the validation activex control installed)
    - installed the msi package manually. It took a few minutes before it got all its updates, and I ran a scan. After being fully updated, the scan found no threats on my machine. It did not flag VNC or any component of Kaseya as a threat.


    I've since removed it and I'm now writing my own Kaseya installation script and I'm going to test on my machine.


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: BulletproofSean
  • Has anyone else been running into Defender detecting Kaseya as spyware? Because it hasn't happened in my testing since October 5, 2006.


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: BulletproofSean
  • All day long... I have finally just setup an event log ignore with certain keywords for Kaseya, as well as other applications that constantly get flagged.

    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: adamsteinhoff
  • How do you manage wins2k workstation, since Windows Defender runs only on XP and later pcs?

    kind regards,

    claudio


    Legacy Forum Name: Spyware Scripts,
    Legacy Posted By Username: achab