Help Center
Log in
Log in

How can we help?

Common topics:

AI, Tickets, Agents
Help Center
MSP
IT Department
In this Article:
    1. Atera Support
    2. Library
    3. RMM
    4. Atera agent

    Whitelisting the Atera Agent in ESET

    Dragos Gabriel Tulbure
    To prevent ESET from blocking the installation of the Atera agent and the MSI file associated with the Atera agent, we recommend adding or editing a detection exclusion.
    Important note: ESET will not flag already installed agents, only the MSI and new installations.

     

    Files to whitelist

    Ensure you add an exclusion for the MSI in ESET. When downloading the MSI, the default file name will be:

    • setup.msi

    If the MSI installer is specific to a customer, the naming scheme will change to:

    • setup_*CustomerName*.msi

    If you plan to whitelist the Atera Agent MSI installer, be sure to whitelist the correct file name.

     

    You also have the option to use a Hash exclusion. You can obtain the hash using PowerShell or an application like VirusTotal to generate the hash for your Atera Agent MSI installer.

     

    Additionally, you might want to whitelist the following paths to prevent any issues with the installation of new agents on your devices:

    • C:\Program Files\Atera Networks (or C:\Program Files (x86)\ATERA Networks for 32-bit systems)
    • C:\Windows\Temp\AteraUpgradeAgentPackage

    Consider also whitelisting the folder: C:\Windows\Installer.

     

    Detection Exclusion

    This functionality is particularly useful when a false positive detection occurs. It is important to exercise caution when excluding detections related to real threats, as doing so can expose the system to significant security risks. When creating exclusions, consider limiting them to specific files or directories. This can be done using the ... button in the Path field. Additionally, it is advisable to set exclusions only for temporary periods when possible.

    Note: Exclusions will also apply to the following categories:

    • Potentially unwanted applications (PUAs)
    • Potentially unsafe applications
    • Suspicious applications

    For more details, refer to the Path exclusion format.

    DIALOG_EXCLUDE_THREAT

    Refer to the example below for creating detection exclusions.

     

    Hash Exclusion

    You can exclude a file from detection using its SHA-1 hash. This exclusion method is file-specific and is independent of the file's type, name, location, or extension.

    DIALOG_EXCLUDE_HASH

     

    Example: Excluding Specific Detections

    To exclude a detection using its name, provide the valid detection name as shown:

    • Example Detection Name: Win32/Adware.Optmedia

    Alternatively, use the following format for exclusions directly within the ESET Endpoint Antivirus alert window:

    @NAME=Win32/Adware.Optmedia@TYPE=ApplicUnwnt
@NAME=Win32/TrojanDownloader.Delf.QQI@TYPE=Trojan
    @NAME=Win32/Bagle.D@TYPE=worm

     

    Control Elements

    • Add: Allows you to exclude objects from detection.
    • Edit: Enables editing of selected entries.
    • Delete: Removes selected entries. To select multiple entries, use CTRL + click.

    By following these guidelines, you can effectively manage detection exclusions while minimizing security risks.

     

     

     
     
     
     
     

    Copyright © Atera Networks Ltd.2023

    apple store app google play app

    AICPA SOC for Service Organizations and ISO 27001 certified