The Kaseya R&D team confirmed with Microsoft counterparts that the issue was caused by misclassification of the 15.0 Datto RMM version's cagservice.exe in a recent security intelligence update for Microsoft Defender Antivirus and other Microsoft antimalware. This issue was fixed in the security intelligence update version 1.451.15.0, and the issue should no longer occur as long as the device is on this definition version or later. Microsoft currently does not offer an automated way to revert the quarantining of a file, therefore manual action is required to bring affected devices back online in Datto RMM. We recommend our partners to ensure that devices are updated with security intelligence version 1.451.15.0 or later to avoid the agent being falsely flagged as malicious by Microsoft antimalware.
Last update on
We are providing an update on the ongoing service disruption. The Middle East (UAE) Region (ME-CENTRAL-1) has suffered damage as a result of the conflict in the Middle East and is currently unable to reliably support customer applications. While some workloads continue to function normally, we strongly recommend customers migrate all accessible resources to other Regions and restore inaccessible resources from remote backups as soon as possible. Relevant billing operations are currently suspended while we restore normal operations in this AWS Region. This process is expected to take several months.
Last update on
Monitors
Datto RMM - Cagservice.exe being flagged as malicious by Antivirus Software due to a Microsoft Defender Definition update misclassifying the executable
Datto
Amazon Web Services
StatusGator