Title says it all, RMA is 7.64.
Event viewer says:
Antivirus Microsoft Defender a détecté un logiciel malveillant ou potentiellement indésirable.
Pour plus d’informations, reportez-vous aux éléments suivants :
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Nom : Trojan:Win32/Injector.RPZ!MTB
ID : 2147807732
Gravité : Grave
Catégorie : Cheval de Troie
Chemin : process:_pid:4796,ProcessStart:132839746935600679
Origine de la détection : Inconnu
Type de détection : Concret
Source de détection : Système
Utilisateur : AUTORITE NT\Système
Nom du processus : C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe
Version de la veille de sécurité : AV: 1.355.247.0, AS: 1.355.247.0, NIS: 1.355.247.0
Version du moteur : AM: 1.1.18800.4, NIS: 1.1.18800.4
We think it's since server got update KB2267602.
Active RMA quarantined as Trojan by Windows Defender
Problems with Defender and RMA Process
Hi there,
I also had the same problem with a customer. Here the Windows Defender update has classified the rma_active.exe process as a threat and terminated it continuously. Putting the process on the exception list helped.
System: Windows10 Pro 21H1
It has occurred since the pattern update was played.
Installation successful: The following update has been installed. Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.355.269.0)
I also had the same problem with a customer. Here the Windows Defender update has classified the rma_active.exe process as a threat and terminated it continuously. Putting the process on the exception list helped.
System: Windows10 Pro 21H1
It has occurred since the pattern update was played.
Installation successful: The following update has been installed. Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.355.269.0)
I also have it happening on numerous machines, Windows Defender is identifying RMA as 'Trojan:Win32/Injector.RPZ!MTB'
https://www.microsoft.com/en-us/wdsi/th ... 2147807732
https://www.microsoft.com/en-us/wdsi/th ... 2147807732
We momentary treated the issue by launching this command on each concerned server:
It just adds the rma exe to exclusions in windows defender then start the service again.
Code: Select all
powershell.exe -command Set-MpPreference -ExclusionPath 'C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe'
net start ActiveRMAService