Jump to content

Datto RMM Agent Process False Positive


slabar

Recommended Posts

We have marked the software and corresponding folder as not malicious inside Malwarebytes, but it is still flagging as a false positive three weeks later.  

What solutions are available?

"The Datto RMM Agent Process (AEMAgent.exe) is a child process of the main Datto RMM Agent Service (CagService) and is dedicated solely to performing endpoint"

https://rmm.datto.com/help/de/Content/5AGENT/Agent.htm

Link to post
Share on other sites

You can find Scan and Protection logs within the Malwarebytes 4 program in the following location

 

image.png

 

RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged

 

image.png

 

If you click on the View option you should get something similar to the following with other options available.

 

image.png

 

 

 

Thank you

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/3/23
Protection Event Time: 7:53 AM
Log File: 82487724-61e3-11ee-baaf-2cf05d657dc7.json

-Software Information-
Version: 4.6.3.282
Components Version: 1.0.2158
Update Package Version: 1.0.75919
License: Premium

-System Information-
OS: Windows 11 (Build 22621.2361)
CPU: x64
File System: NTFS
User: System

-Exploit Details-
File: 0
(No malicious items detected)

Exploit: 1
Exploit.PayloadFileBlock, C:\ProgramData\CentraStage\AEMAgent, Blocked, 601, 392684, 0.0.0, , 

-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload file blocked
File Name: C:\ProgramData\CentraStage\AEMAgent
URL: 



(end)
Link to post
Share on other sites

@slabar This is a known issue with exploit protection. The current beta fixes this.

Open Malwarebytes and go to Settings by clicking the small gear icon and go to the General tab, scroll down and enable Beta updates 

You may need to wait up to about 5 minutes or so, but then check for updates on that same General tab or the About tab and let it update to the latest Beta version

Once it has updated, RESTART the computer again and let us know if you're still having an exploit block

Please report back with an update.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.