I’m on Windows 10 1909 on my desktop and 21H1 on my laptop (so it’s Win10 version agnostic) and have another 21H1 machine which uses Windows Defender. I use the free version of Kaspersky Security Cloud 18.104.22.1681 (d).
I’m a user of JumpCloud for managing my machines which has a feature for Software Management. to do this, it makes use of chocolateyGet as a “package provider” for PowerShell, so the JumpCloud agent executes powershell commands to install chocolateyGet (which it does each time as that’s just how PowerShell and chocolateyGet are, but it keeps it up to date so that’s nice) and then to install the requested package with choco.
Now that’s how it should work in theory, and it does on my machine without Kaspersky. Kaspersky’s System Watcher component blocks this process from happening as it believes it’s some form of generic remote installer trojan. I’m not exactly sure what to exclude, as I’ve made both Exclusions and Trusted Applications for all of JumpCloud’s .exes and folders, chocolatey’s .exes and folders, and even PowerShell. I’m at a loss of what to do as I don’t know what else I can exclude and I don’t know any more about the process that JumpCloud go through to make all this happen.
I’m really quite frustrated with this as I’ve spent the best part of a day trying to work out what on Earth was blocking my RMM from installing things, and then on top of that work out which bit of it is being blocked by my AV!