- This topic has 4 replies, 2 voices, and was last updated 2 years, 8 months ago by .
-
Posts
-
Hi,
I’m wondering if you have a full list of files we need to add to our whitelist for anti-malware exceptions?
Recently my anti-malware was flagging on the client:
C:\Windows\BatchPatchExeSvc-servername.exeDo we have a full list of files we should whitelist or except from our anti-malware?
There is no list. That file is the psexec service set to run with a custom name assigned under ‘Tools > Settings > Remote Execution’. That file needs to be allowed to run/execute. It’s not likely that anything else would trigger your anti-malware software.
As mentioned in the previous posting, it’s the psexec service running with a custom name. There is nothing different about it now as compared to the previous version of BatchPatch because it’s not part of BatchPatch but rather is the psexec service component that is created by psexec. Approximately a year ago the version of BatchPatch that we released changed the default setting to use a custom name instead of the default psexesvc.exe, but if you have not updated your BatchPatch in the past year, then it’s possible that with this current BatchPatch it’s the first time you’ve had a custom name applied, and perhaps the custom name BatchPatchExeSvc-servername.exe as compared to the old name psexesvc.exe is what triggered the detection. I could only guess.
PsExec is sometimes detected by anti-malware apps because malware apps like to use psexec, and many anti-malware apps are not being particularly intelligent about what they are flagging. It would be kind of like flagging all red cars as being malicious just because some criminals like to drive red cars. But they’re just red cars and have nothing to do with the malice of the drivers.
- You must be logged in to reply to this topic.