DeepGuard blocks windows defender (msmpeng.exe)

Scholar

DeepGuard blocks windows defender (msmpeng.exe)

Hello,

 

we currently have Client Security 13.11 build 110 installed on various Win10 machines.

Nearly daily we get 1 - 5 Notifications about DeepGuard Security alerts regarding blocked msmpeng.exe.

account: SYSTEM
Product: F-Secure DeepGuard (OID: 1.3.6.1.4.1.2213.53)
Severity: security alert (5)
Message: Action by malware was blocked.
 
Malware path: c:\programdata\microsoft\windows defender\platform\4.18.1807.18075-0\msmpeng.exe
File hash: 82e7ffb4e780bf16f3c42d52e2c6b0a4ef48732c

f-securedeepguard.png

 

I have tried to exclude the filehash a few times on the PM, without success, also hash changes a lot, so thats not really a solution.

Any advice?

1 ACCEPTED SOLUTION

Accepted Solutions
F-Secure
F-Secure

Re: DeepGuard blocks windows defender (msmpeng.exe)

Hello vlit,

 

In version 13.11 we'd introduced a new exclusions policy setting for DeepGuard: "Excluded applications" (Object identifier 1.3.6.1.4.1.2213.53.1.195). This policy provides a possibility to exclude applications by name/path. Please, try it.

 

Best regards,

Vad

View solution in original post

3 REPLIES 3
F-Secure
F-Secure

Re: DeepGuard blocks windows defender (msmpeng.exe)

Hello vlit,

 

In version 13.11 we'd introduced a new exclusions policy setting for DeepGuard: "Excluded applications" (Object identifier 1.3.6.1.4.1.2213.53.1.195). This policy provides a possibility to exclude applications by name/path. Please, try it.

 

Best regards,

Vad

View solution in original post

Scholar

Re: DeepGuard blocks windows defender (msmpeng.exe)

Hello Vad,

 

i had already added "msmpeng.exe" alone in this section, but as it states it needs full paths -> didn't work that way.

i will try it with the full paths of reported msmpeng.exe now (fortunately there are only 2 different paths at the moment where msmpeng.exe lives). Will report if any notifications get send again. Thank you for now!

excluded apps now:

msmpeng.exe
*msmpeng.exe
c:\programdata\microsoft\windows defender\platform\4.18.1807.18075-0\msmpeng.exe
c:\programdata\microsoft\windows defender\platform\4.12.17007.18022-0\msmpeng.exe

Scholar

Re: DeepGuard blocks windows defender (msmpeng.exe)

Hello, i can confirm that i didn't got any more notifications about defender from 13.11 Clients. Thank you!