Just had a example of this issue on a clients computer today. They said they had seen this issue for the past couple of weeks.

What happens is that they start a program that they have used for years. Avast says it may be infected. If they click on “Add to exceptions”, they can run their software. Typically the issue will come back after some time has passed. (Not sure if it is hours or if it is the next day.) Probably whenever the Portal Policy overwrites the local settings.

I can add that program to the portal policies. No problem there. But why does the Portal not show an alert for the supposed detection?

Anyone else seeing this? It is hard to know it is happening if the client doesn’t tell you.

Yes, that scenario happens far more often than it should. Doesn’t seem to be any particular rhyme or reason for why it happens. It’s been something I’ve had to deal with for years in CloudCare.

Yeah, you are correct. One thing I noticed tonight was that the detection was from having “Hardened Mode” enabled. I have added the exclusions, which didn’t work at first, until I checked off everything. But I would think an alert should have been triggered and logged.

Well, the mystery works in reverse. I got an alert from the portal that a virus was detected in C:\Windows\System32\cmd.exe on a computer by Behaviour Shield. The alert shows in the portal. But, I go to the computer, and there is no record of the detection. I did a full scan and found nothing. The alerts don’t seem to synchronize between the endpoint and the portal in either direction.