I just received a worrying message that our ESET Antivirus has had the Octopus.manager.exe file removed because of the following;
Potentially unwanted application Win32/AtlasVPN.A was detected on computer xxxxxx
*Detection type: Potentially unwanted application *
*Detection name: Win32/AtlasVPN.A *
*Computer name: xxxxxxx *
*Logged user: *
*Time of occurrence: 1/26/22, 8:45:03 PM UTC *
*Scanner: Startup scanner * Action performed: Cleaned by deleting
We are using v2021.2.7580 for this staging environment. Our production server is on an older version so hopefully this is only a problem for the staging environment, but nonetheless a strange one.
We haven’t had any other reports of the Octopus Manager being flagged by AV software.
I’d be tempted to re-download 2021.2.7580 and run the installer again to restore the Octopus Manager and ensure that the .exe is clean.
If the AV continues to flag the .exe though, the only option would be to place an exclusion on the Octopus install folder.
I wasn’t to keen on installing the same version again, so i decided to install the newest version.
No issues there, even when i scan the particular exe file.
How might it be possible that the file has been there for a couple of weeks and all of a sudden, ESET decides it might contain a virus? Could it be that because of an update, ESET saw it as a threat?
It isn’t uncommon for some AVs to flag files incorrectly at times. An update to ESET would explain why it happened out of the blue.
The other possibility is that a process triggered by Octopus Manager is what caused the AV to see it as a threat.
Octopus Manager contains options to start, stop and install the Octopus service, manage network bindings and some other options. Is it possible that someone used one of these recently and that caused the AV to react?