Trend Micro blocks Atera Agent upgrades

Options
d.calzolato
d.calzolato Member Posts: 1

Hello,

in the last 10/15 days Trend Micro systems have blocked Atera agent updates indicating the installers as PUA.MSIL.RemoteAdmin.E threat

This is not the first time that Trend Micro antiviruses have blocked Atera.

Thank you

Comments

  • m.mayse
    m.mayse Member Posts: 1
    Options

    Hi,

    We're experiencing the same with Trend Micro WFBS and have been advised by our Trend partner to add an exclusion to the spyware/grayware. The issue with this though is it doesn't allow us to exclude the Atera agent filename, instead we have to exclude the PUA code.

    Does anyone have anything else to add?

    Thanks

  • cb
    cb Member Posts: 1
    Options

    Hallo!

    Same problem here with trend micro on all our customers.

  • jonathan.jeremia
    jonathan.jeremia Member Posts: 1
    Options

    Hello. I have the same problem. But, by blocking PUA code in Trend Micro. Is this problem clear?

  • SWIT
    SWIT Member Posts: 1
    Options

    Hello, same problem here.
    I also have added PUA.MSIL.RemoteAdmin.E as an exception for spyware/greyware
    Added the folder C:\Windows\Installer\ and the installer path C:\WINDOWS\TEMP\ateraAgentSetup64_1_8_6_7.msi to exclusions and also added C:\WINDOWS\TEMP\ateraAgentSetup64_1_8_6_7.msi our behavior monitoring. but still same error.
    Any suggestions ?

  • Sarah_from_Atera
    Sarah_from_Atera Administrator Posts: 93 admin
    Options

    Hey everyone, Sarah from Atera here.

    I am happy to report that we added a fix in production on Jan 23rd which should prevent this from happening in the future.

    You will need to whitelist the following path on your devices: C:\Windows\Temp\AteraUpgradeAgentPackage. You may also need to create a new installer for Atera by clicking Install Agent on the dashboard.

    If you still have issues, please reach out to our support via live chat or email at support@atera.com.

  • [Deleted User]
    [Deleted User] Posts: 0
    edited January 26
    Options

    @Sarah_from_Atera

    It never ceases to amaze me how disjointed Atera is with none of the teams talking to each other. I have had a ticket going on this for weeks and emails from Jan and that information has not been passed on to me at all.

    You really need to get your house in order on this. Also you haven't actually "fixed" the problem which is working with Trend to whitelist your application properly, you are just doing a terrible workaround telling the virus checker to ignore that install folder - This just makes it yet another folder that virus writers know they can drop their malware in to and it will be ignored by the virus checker! This from a company that boasts that you have achieved SOC2 - and yet you clearly understand nothing about good security.

  • Sarah_from_Atera
    Sarah_from_Atera Administrator Posts: 93 admin
    Options

    Hi @nathan , I apologize for any miscommunication on this issue.

    As of now, the workaround that I have mentioned above is the current solution. We will of course update if anything changes.

    I have also told Jan, your Customer Success Manager, to reach out to you so please keep your eyes open for that.

  • [Deleted User]
    Options

    is there any update on this ? The last I heard from Jan was a copy of a letter sent to Trend, but nothing since that.