Archive for the ‘Remote Monitoring’ Category

Datto (Autotask) RMM Agents showing previous AV endpoint after removing from Agent endpoint.

Recently I switched from using two separate endpoint AV solutions (ESET and Webroot) to using Windows 10 Defender and Huntress labs scanning agent. The cost difference was significant enough and have found that Huntress has found infections that previous AV software missed/didn’t report on.

In order to make this all happen successfully, one needs to uninstall the AV endpoints (ESET/Webroot/Sentinel1,others) first. My Datto RMM had several uninstallers built-in and I even added some that went through and purged the Endpoint from registry after doing a manual uninstall of the endpoint using the MSI file on the systems. The problem arose when looking at the devices in my RMM console, the display still showed either Endpoint as the primary AV product. Subsequent calls to ESET, Webroot and others, proved that re-installing and re-uninstalling had no effect.

I even tried deleting the RMM agent from system and re-installing figuring it as something in the RMM agent software – NOPE!

I connected via Chat to Datto community and the engineer there suggested I run this powershell command: Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct

Results showed this:

__GENUS : 2
__CLASS : AntiVirusProduct
__DYNASTY : AntiVirusProduct
__RELPATH : AntiVirusProduct.instanceGuid=”{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}”
__NAMESPACE : ROOT\SecurityCenter2
__PATH : \ODIN\ROOT\SecurityCenter2:AntiVirusProduct.instanceGuid=”{D68DDC3A-831F-4fae-9E44-DA132C1A
displayName : Windows Defender
instanceGuid : {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
pathToSignedProductExe : windowsdefender://
pathToSignedReportingExe : %ProgramFiles%\Windows Defender\MsMpeng.exe
productState : 397568
timestamp : Thu, 17 Mar 2022 18:24:07 GMT
PSComputerName : XXXXX

__GENUS : 2
__CLASS : AntiVirusProduct
__DYNASTY : AntiVirusProduct
__RELPATH : AntiVirusProduct.instanceGuid=”{885D845F-AF19-0124-FECE-FFF49D00F440}”
__NAMESPACE : ROOT\SecurityCenter2
__PATH : \ODIN\ROOT\SecurityCenter2:AntiVirusProduct.instanceGuid=”{885D845F-AF19-0124-FECE-FFF49D00
displayName : ESET Security = > this is what showed in the RMM Console.
instanceGuid : {885D845F-AF19-0124-FECE-FFF49D00F440}
pathToSignedProductExe : C:\Program Files\ESET\ESET Security\ecmds.exe
pathToSignedReportingExe : C:\Program Files\ESET\ESET Security\ekrn.exe
productState : 266240
timestamp : Tue, 14 Sep 2021 19:43:46 GMT
PSComputerName : XXXXXX

The Datto support tech then said to run same powershell command but with delete option to delete all wmi objects for the Security Center:

Get-WmiObject -Namespace root\SecurityCenter2 -Class AntiVirusProduct | ForEach-Object{$_.Delete()}

The result cleared all objects for Security Center and in the RMM console, the computers showed Windows Defender – the required result. No reboots necessary.

Hope this proves helpful for those with similar types of RMM console trouble when switching AV products.

Categories: Remote Monitoring

Datto RMM Agent Browser lost in Chrome extensions

A few days ago I noticed that after some updates or whatever on my laptop, that the Agent Browser for Datto (Autotask) RMM wasn’t opening when trying to access a client’s machine. I could do the web access but anything requiring the Agent Browser to open, failed. Rather than uninstalling I dug into what was going on between a working machine and a non working machine. Plus found something on the web that described similar issue with other application.

Long story short, this is because the Agent Browser setting got lost in the Chrome Setting Preferences file. The file is located here:
c:\users\\appdata\local\google\chrome\user data\default\preferences

Look for Excluded_Schemes and if not found, add the information below back to the preferences file and save. then close out of Chrome and re-open. Thereafter when you want to connect to client’s desktop using the Agent Browser, it will be called upon.

Look for this area of preferences:

Add section in italics to the file, hit save and reopen chrome.

hope this helps MSP’s out there in need of this relief!