Windows Defender Trojan virus
-
Hi,
Since today windows defender detects toec-services.dll as a trojan virus.
I have the case on several PCs!!!!
-
Since Theopenem executes code that essentially provides full control over the system via the client most anti-virus is detecting it as a virus. The only option is to add exceptions to your antivirus for c:\program files\toec
-
@theopenem_admin said in Windows Defender Trojan virus:
Since Theopenem executes code that essentially provides full control over the system via the client most anti-virus is detecting it as a virus. The only option is to add exceptions to your antivirus for c:\program files\toec
Ok no other choice?
I guess Microsoft doesn't want to certify this DLL
In any case, thanks for the quick reply
. -
I can look into getting the client signed in a future release, I tried this once before and was never able to get anywhere with Microsoft, mostly just silence.
-
@theopenem_admin Yes, I know I have the same problem with them at work.
-
@theopenem_admin Hi we are seeing that defender is also picking up and blocking random MSI's being created in C:/Windows/Installer/ is this expected behaviour?
-
@theopenem_admin Signing the client would be awesome, we're currently having an issue with Microsoft Defender doing the same. It looks like the number of AVs detecting Toec-Services.dll as malicious has gone up over the last year, despite the file not changing at all.
-
@EddieHD Not sure about that, when you install the client I believe windows keeps a copy of the msi so it can be used for uninstalling. But as far as I know it should only be one file, or at least 1 per version.
@mzprays I'm not sure that just signing it would solve the problem, but it may help. The problem is that the client is generated for your environment, it embeds your certificates, provision key and com servers into the installer. So I can can't sign the client ahead of time. This all needs addressed but I'm not sure of the best way to handle this. Does anyone have any suggestion or experience with this? The only thing I can think of at the moment is to provide a signing fee, or for anyone with a support plan or donation. They could send me their generated client, I'll sign it and send it back. Any thoughts?
-
@theopenem_admin (
this is just one of the msi's others look like thisc9ab.msi
1b5af34b.msi
6a45.msi
24c9d42f.msi
e2262d.msireally appreciate the help
-
@theopenem_admin I think TacticalRMM has a similar model. When you buy a support plan it comes with code signing, you put the key they give you into your Tactical instance, and it talks to their servers to sign the agent. I could be wrong about the backend, but that's how the frontend shows it; you buy a key and put it into the instance, there's a text box for it. I can't speak to the implementation side of things, though.