Will Code Signing Resolve Antivirus from Saying Agents are Trojans or Malware? #985
Replies: 6 comments 4 replies
-
Code signing certainly works fine for me, there's afew who have suggested ways and better support on discord if you want to try without code signing. There is no trial for code signing, essentially you are supporting an opensource project by sponsoring and getting code signing. |
Beta Was this translation helpful? Give feedback.
-
From: https://github.com/wh1te909/tacticalrmm It's the Discord Chat: https://discord.gg/upGTkWp |
Beta Was this translation helpful? Give feedback.
-
I never have problems with triggering a powershell install with code signed, but I usually install from my screenconnect commandline |
Beta Was this translation helpful? Give feedback.
-
The problem is really two parts. One is which I can work around the agent installer, however that wasn't the issue I ran into when this all started. The problem is with agents that are already installed. All of a sudden out of the blue BitDefender and normal Windows Defender started flagging all of the .exe files such as Tactical RMM and Mesh and all as malware in the ATP. This caused the Services basically to stop and now because the files are gone it won't start the services so all of my agents that were online which seem to be only all workstations but about 20 of them are now offline. There was a small point where I tried using the Recovery Agent which brought it back online once but about 5 mins later it just did the same thing. |
Beta Was this translation helpful? Give feedback.
-
Don't think they'll alert if you have exceptions setup properly |
Beta Was this translation helpful? Give feedback.
-
Well positive side, I figured out what was triggering it. It seems that the built in script for disabling Fast Boot kept creating ps1 scripts and made the tacticalrmm.exe trigger false malware triggers that caused the Antivirus to think it was malware running in process. It then faulted to the path and ultimately put the tacticalrmm.exe into Quarantine. Was able to get a few back up and running but hopefully as I released remotely from Quarantine, a few reboots and they all should be back up. |
Beta Was this translation helpful? Give feedback.
-
Just recently within the last 4 days all my agents for workstations are now having tactical RMM agents as well as other components getting quarantined for Trojan:Win32/Sabsik.TE.A!ml or another Malware name. I tried going into Bitdefender and Windows Defender and excluding the files as mentioned in another discussion however it doesn't seem to do any change. I didn't have this problem before but now it has become an issue. Will Code Signing prevent this from happening or the agent being picked up as malicious? Would like to somehow test Code Signing but not sure what the best route for this is.
Thank you
Derrick
Beta Was this translation helpful? Give feedback.
All reactions