I had this as well.  What worked for me was a TruScan Exception, specifying the path to the logmein executable (C:\program files\logmein\x86\logmein.exe).

okay.  I just had the process name, not the path. It is strange that it also still doesn't give me the choice to ignore, just "log only".  I will see if this fixes the problem on the client.

 

On a similar subject, when I add a Truscan Centralized Exception that is a choice called "Detected process exceptions".  However, there is nothing in it.  I would assume it would give me a choice from among detected processes it has seen on the clients.  Anyone see this and figure it out? 

Yep, have to put in the full path.  Now the Centralized Exception UI does allow for using environmental variables to built a path, but I haven't figured out the proper syntax for it to work and it isn't worth the time to play with it.

well, I put it in the path, and it doesn't work.  I entered it as "process".exe, nada. I double-checked the path and no luck. That other area I talked about is stil blank.  It is strange as I had a risk scan for Spiceworks come up, and I was able to place an exception for that with no problems.  But that was a risk exception, not a truscan.

 

I really want to shoot this software, as their help file is very, well unhelpful. Kinda like looking at a box on the screen that says enter, and the help file says, "this is the enter box".  Not much help.

 

I'll keep playing with it and conduct my almost daily hunt for the SEPM KB of the day.  Geez.  It's like they think we got nothing better to do all day.

Okay, here is a part of the issue. The popup alert being generated on the client (commericalapps.2) is on the client log, but not being seen on the server's log.  According to the manual, I should of been able to see the alert on the server's logs and create an exception rule off the log entry.  The problem is that there is no server log entry, although the client's log shows an entry every hour or so.

 

So I guess the client is not communicating correctly to the server?  Anyone having any problems with this?

Looks like yours might be getting detected by a different component than mine was.  Have to setup the exception based on the component that is "catching" it.  Reading back to your original post, the blocked message that your getting says that it is a Security Risk, so that's the exception you have to make.    In your Centralized Exception policy, click on add, goto Security Risk Exceptions>File, then add in the path to the file that was referenced in the alert message, which I assume is logmein.exe.

I'll try that but the client log does show that the scan engine generating the error is TruScan. 

What i didt to disable this message was,

 

1. Entering policy

2. Entering Antivirus and Antispyware

3. Choosing TruScan

4. When commercial keylogger is detected = Ignore.

 

Or else

 

disable the notification the same place so the clint dont see anything

 

but its right i cant see it in the logs anywhere

Hi

 

How can I create a list/report of clients that receive the message regarding WinVNC4?

 

We have just bought SEP and I am trying it out on some of our client computer including my own. On some of the computers we receive the WinVNC4 risk message, I have added it to the centralized exception list but would like to create a list/report with all the users that receives it.

Do I have to create some sort of survaillance before I can create a report?

 

/Lasse