Kaspersky
Question

JumpCloud Software Management and System Watcher not playing nicely

  • 10 July 2021
  • 4 replies
  • 76 views

I’m on Windows 10 1909 on my desktop and 21H1 on my laptop (so it’s Win10 version agnostic) and have another 21H1 machine which uses Windows Defender.  I use the free version of Kaspersky Security Cloud 21.3.10.391 (d).

I’m a user of JumpCloud for managing my machines which has a feature for Software Management.  to do this, it makes use of chocolateyGet as a “package provider” for PowerShell, so the JumpCloud agent executes powershell commands to install chocolateyGet (which it does each time as that’s just how PowerShell and chocolateyGet are, but it keeps it up to date so that’s nice) and then to install the requested package with choco.

Now that’s how it should work in theory, and it does on my machine without Kaspersky.  Kaspersky’s System Watcher component blocks this process from happening as it believes it’s some form of generic remote installer trojan.  I’m not exactly sure what to exclude, as I’ve made both Exclusions and Trusted Applications for all of JumpCloud’s .exes and folders, chocolatey’s .exes and folders, and even PowerShell.  I’m at a loss of what to do as I don’t know what else I can exclude and I don’t know any more about the process that JumpCloud go through to make all this happen.

I’m really quite frustrated with this as I’ve spent the best part of a day trying to work out what on Earth was blocking my RMM from installing things, and then on top of that work out which bit of it is being blocked by my AV!


This topic has been closed for comments

4 replies

Userlevel 7
Badge +9

@supreme.icecreme Welcome. Can you please check if your Kaspersky reports contains any notifications related to your issue?

@Berny No, there’s nothing of the sort in the logs, which makes me even more confused.  I had seen something which looked vaguely like it was related, but I can neither find it nor remember exactly what it contained.

It really is perplexing…

I’ve tied it down to it being System Watcher as disabling System Watcher allows the remote software install to succeed.

I have also sent an email to JumpCloud support and am awaiting a response.

If anybody wants to give this a try, JumpCloud is free to sign up to so you can set it up in a VM, along with KSC, then try to push software to it.  I’ve been using chocolateygui as a test package (that’s the chocolatey package ID which JumpCloud uses).  It’s fairly straight forward to set up - sign up online then add a System - install it and paste in your connect key.

Userlevel 7
Badge +9

@supreme.icecreme I think that your best option is Kaspersky Technical Support:

https://my.kaspersky.com/techsupport#/requests/new 

Thanks @Berny that won’t be an option.  I have spoken to them already, and pointed me to here as I don’t pay for their software.