Why is aligning with your antivirus important while installing our product?

For some years now, antivirus programs have evolved from detecting pre-registered evasive binaries to a more general control based on behavioral analysis, leaving the responsibility to the client to authorize or not programs that use certain operating system resources. There are APIs that all developers use, such as reading typed content, analyzing the activity of programs running on the system, monitoring who is accessing which file, among many others. These APIs can be used by both the original components of the operating system and third-party software. Now, all these specific accesses are monitored by antivirus programs, which, when detected, are considered evasive and generate warnings or even blocks by the antivirus programs.

Due to the nature of our solution, it makes use of all these monitoring APIs, as the objective of our product is to analytically and documentally report everything that happens on the computer, at both the hardware and software levels, as well as user usage. These analyses are used both to measure user productivity and to analyze system security.

It is important to maintain harmony between our solution and other solutions installed to protect the system; therefore, both solutions must work together. To achieve this, it is enough to declare this harmonious and complementary relationship within the antivirus.

That is why we maintain a partnership with the main antivirus programs on the market, trying to reduce these detections characterized as "false positives" by adding our solution to whitelist, although not all antivirus programs have this possibility.

Thus, if you have problems installing our agent, the safest way to install it in some cases is to pause the antivirus and proceed with the installation. Depending on the antivirus, it may be necessary to add our agents to the antivirus exclusion lists, a process that only the user can perform.

Our solution has existed for more than 20 years and is now installed on more than 100 million computers worldwide. Corporate antivirus programs can create exclusions and additions of hashes globally, avoiding any problems with network-wide installation, but personal antivirus programs with local control depend on user intervention.

Negative scenarios that may arise during installation

1. Antivirus prevents our “agent” from being installed: During the installation process at the last step, it will be indicated that installation was not possible. The antivirus blocks the files and removes them as soon as they are written to disk, causing no impact on the computer. To resolve, pause the antivirus before installation and then restart the antivirus.
2. Agent installed, but in an antivirus update, it removed the agent: You need to install the agent again. This can be seen within the antivirus logs as well as in our solution, indicating that the agent has not communicated with the server for x days.
3. Agent installed but cannot send data: The antivirus may be blocking the ports used for the agent to communicate with the server. To resolve this, it is important to tell the antivirus that the solution can access system resources. Each antivirus has its own method for this, but normally you just need to select the binary stating that it should not be blocked or monitored (wwtask.exe and awtask.exe) and all contents of the folder (“Windows Installation”\NetworkClient).

Glossary

• APIs - A set of internal system commands that provide access to resources, usually used by any system developer.
• Hash = A unique number to identify a binary. Each binary/system file has a different hash.
• Windows Installation - Should be replaced by your Windows installation path, which is usually something like “C:\Windows”.
• False positive - This occurs when the antivirus mistakenly detects a file as a virus or trojan unrelated to it. Based on behavior, it associates an action with another reported case. Nowadays, with antivirus programs running very tightly on the system, this is quite common. Reporting the erroneous detection to the antivirus can help correct it in a future version.

Check the mandatory step to understand how our product will be compliance with your antivirus

Descriptions:

No Detection: Agent sent to the antivirus, and we received feedback that it does not have detection in the mentioned antivirus;

Whitelist: Whitelist represents the agents that have been added to the official exceptions list of the antivirus;

Awaiting Response: Agent sent and we are still awaiting the official response;

Pending: We have not received a response from the antivirus after multiple submissions.