Hi,
we use as Client Antivirus Protection Symantec Endpoint Protection Version 11.0.4 MR4
We use as RemoteControl in our Enterprise environment the Program DameWare Development Remote Control
All Clients have a file named c:/winnt/system32/dwrcst.exe or c:/windows/system32/dwrcst.exe
dwrcst.exe is the executabale for the service Dameware Remote Control to control the Clients from a Admin-Session
Since we use SEP 11 we had the Problem that all Clients detect wrongly this file as a Virus:
Event No: 48921
Event Type: Potential risk found
Source: AV - Heuristic Scan
Logger: AV - Heuristic Scan
Threat: Bloodhound.SONAR.1
Threat Category: unknown
Threat Type: Trojan_Horse
Discovered: 01.01.1970 00:00:00
File / Path: c:/winnt/system32/dwrcst.exe
Description: DameWare Development DWRCST
Actual Action: Left alone
Primary Action: Left alone
Secondary Action: Left alone
Source Computer: 0.0.0.0(IP: 0.0.0.0)
We have insert this filename %[SYSTEM]%dwrcst.exe in the Centralized Exceptions Policy, but it doesnt work.
Anyone a idea to solve this problem?
Greetings
Daniel