slabar

Porthos, Thank you for the quick replies and confirmation that this is a bug. Have a great day today!

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/3/23 Protection Event Time: 7:53 AM Log File: 82487724-61e3-11ee-baaf-2cf05d657dc7.json -Software Information- Version: 4.6.3.282 Components Version: 1.0.2158 Update Package Version: 1.0.75919 License: Premium -System Information- OS: Windows 11 (Build 22621.2361) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Exploit.PayloadFileBlock, C:\ProgramData\CentraStage\AEMAgent, Blocked, 601, 392684, 0.0.0, , -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload file blocked File Name: C:\ProgramData\CentraStage\AEMAgent URL: (end)

Sorry for the delay. In a meeting for about another 30 minutes.

Yes it is a stand alone version. #4.6.3.282

Thank you for asking. No, it's not a web block. Malwarebytes is blocking the cmd line agent update and rmm tools for the software.

We have marked the software and corresponding folder as not malicious inside Malwarebytes, but it is still flagging as a false positive three weeks later. What solutions are available? "The Datto RMM Agent Process (AEMAgent.exe) is a child process of the main Datto RMM Agent Service (CagService) and is dedicated solely to performing endpoint" https://rmm.datto.com/help/de/Content/5AGENT/Agent.htm