Kaseya

VSA Windows Defender Exclusions – Important

There are certain processes which the VSA agent runs (I’m looking at you, Software Management!) that alert Windows Defender. This can be especially troublesome during patch scans. For this reason, you’ll want to make sure that the Windows Defender exclusions are set for VSA. Here’s an Agent Procedure to do just that! I recommend this be added to a global settings policy and configured to run once on all agents. It excludes the following directories:

  • <agent working directory>
  • C:\Program Files\Kaseya\
  • C:\Program Files (x86)\Kaseya\
  • C:\Program Files\Kaseya Remote Control\
  • C:\Program Files (x86)\Kaseya Remote Control\
  • C:\ProgramData\Kaseya\
  • C:\Program Files\Kaseya Live Connect\

Here’s the XML for the agent procedure. Save it to a .xml file and import it under System > Import Center

You’ll also need the Powershell Script below. Upload it under VSA Shared Files

<?xml version="1.0" encoding="utf-8"?>
<ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">
  <Procedure name="Kaseya Windows Defender Exclusions" treePres="3" id="936564150" folderId="647149113308242" treeFullPath="MSP.System Configuration">
    <Body description="">
      <Statement description="Add Kasyea agent directories to Windows Defender exclusions" name="GetVariable" continueOnFail="false" osType="Windows">
        <Parameter xsi:type="EnumParameter" name="VariableType" value="AgentTempSystemDirectory" />
        <Parameter xsi:type="StringParameter" name="SourceContent" value="" />
        <Parameter xsi:type="StringParameter" name="VariableName" value="kworking" />
      </Statement>
      <Statement name="WriteFile" continueOnFail="false" osType="Windows">
        <Parameter xsi:type="StringParameter" name="Path" value="#kworking#\Defender-Exclusions.ps1" />
        <Parameter xsi:type="StringParameter" name="ManagedFile" value="VSASharedFiles\Defender-Exclusions.ps1" />
        <Parameter xsi:type="BooleanParameter" name="DeleteAfter" value="False" />
      </Statement>
      <Statement name="Execute Powershell" continueOnFail="false" osType="Windows">
        <Parameter xsi:type="StringParameter" name="Parameter1" value="#kworking#\Defender-Exclusions.ps1" />
        <Parameter xsi:type="StringParameter" name="Parameter2" value="" />
        <Parameter xsi:type="StringParameter" name="Parameter3" value="False" />
      </Statement>
      <Statement name="DeleteFile" continueOnFail="false" osType="Windows">
        <Parameter xsi:type="StringParameter" name="Path" value="#kworking#\Defender-Exclusions.ps1" />
      </Statement>
      <Statement name="WriteScriptLogEntry" continueOnFail="false" osType="Windows">
        <Parameter xsi:type="StringParameter" name="Comment" value="Added Kaseya agent exclusions to Windows Defender" />
      </Statement>
    </Body>
  </Procedure>
</ScriptExport>

Powershell Script – Defender-Exclusions.ps1

#Powershell script to add Kaseya agent exclusions to Windows Defender
Add-MpPreference -ExclusionPath "C:\kworking\"
Add-MpPreference -ExclusionPath "C:\Program Files\Kaseya\"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Kaseya\"
Add-MpPreference -ExclusionPath "C:\Program Files\Kaseya Remote Control\"
Add-MpPreference -ExclusionPath "C:\Program Files (x86)\Kaseya Remote Control\"
Add-MpPreference -ExclusionPath "C:\ProgramData\Kaseya\"
Add-MpPreference -ExclusionPath "C:\Program Files\Kaseya Live Connect\"

Let me know if this worked for you!

– Chris

Leave a Comment

Categories

Recent Posts

Archives

Meta