• State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 19 subscribers
  • Views 2984 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

DamewareRE.exe and DamewareRemoteEverywhereAgent.exe being flagged by Symantec and Windows Defender

atltech76

On either Thursday or Friday (June 11th and 12th), our team suddenly could no longer connect to end user systems using the applet - DamewareRE.exe. The applet is flagged by Symantec EndPoint Protection as WS.Reputation.1 and quarantined. The same for the desktop agent. Also, Microsoft Windows Defender SmartScreen (Win 10) is flagging it as well. I can duplicate this behavior on a personal machine with Norton Security and Windows 10 Home. Same behavior that suddenly started Thursday or Friday.

The DameWare executables generate different hashes. Our System Admin has concerns about flagging the application name as we don't want to let malicious applications through that may have the same name. 

Anyone else is experiencing this? How did you address it? We have a ticket (or two) open with Solarwinds but wanted to also see if anyone else is seeing this issue suddenly after this past Thursday or Friday.

Thanks,

  • 0

    Hi  , we also experience this with Kaspersky AV and Check Point Sandblast Agent.

    This is because Dameware is a Remote Access Tool- RAT tool classified as "riskware".

    Riskware is the name given to legitimate programs that can cause harm if they are used by malicious users to delete, block, modify or copy data, as well as to alter the performance of computers or networks.

    In our case we solved this by applying an exclusion to the specific protection that this software is triggering (not-a-virus: HEUR: RemoteAdmin.Win32.DameWare.gen). Sure you can find the right protection and exclude it.

  • 0 in reply to mfbarrios

    Upon further investigation with SolarWinds, Symantec and Microsoft, it was determined that the root cause was due to SolarWinds' certificate issuers for DRE being switched from Symantec to another provider. We reached out to Symantec to have it whitelisted and now it is no longer being flagged. Microsoft's SmartScreen filter in Windows 10 started flagging it at the same time Symantec did. Per Microsoft, Smartscreen had to "learn" it again. 

    At this time, our Symantec products nor the Microsoft Smartscreen filter are flagging it any longer. We were good to go once Symantec put the exception in their updates.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.