Hi,
we started upgrading servers to use the new monitoring agent.
However, we are getting message from Windows defender, it's removing mk_logwatch.exe, claiming it's
C:\ProgramData\checkmk\agent\plugins\mk_logwatch.exe
Trojan:Win32/WoreflintA!cl
Is this alarm for real? I guess it's accessing several system logs so that could trigger the detection.
If not, could the executable be sent to Microsoft's defender submissions? It's just that the particular exe is probably going to change slightly over upcoming versions.
https://www.microsoft.com/en-us/wdsi/filesubmission
- Antti