The agent was quarantined by my antivirus
Antivirus products sometimes have difficulty deciding whether or not our software is malicious, this is because we're constantly checking the configuration of your device, including every possible security setting, service, and product. It's called a false positive when an antivirus product incorrectly quarantines a safe and legitimate application based solely on its behaviour.
This is not an issue unique to Node Patrol, and many software vendors have the same problem. A large part of our service is helping you identify and manage the vulnerabilities and other security risks on your devices. This is something a malicious party would also be interested in doing (hackers would love to know your exploitable weaknesses), and this is largely why our behaviour looks suspicious.
What's the solution?
Any antivirus product worth its salt will operate a policy of "shoot first, ask questions later", which means it will kill any suspicious processes and remove their associated files. You will need to tell your antivirus to exclude the Node Patrol folders and then reinstall the agent, this is usually very easy to do (there's a demonstration below) and can be completed in less than 1 minute.
The two folder paths you need to exclude are:
C:\Program Files (x86)\Node Patrol
Here are some useful links for the leading antivirus product vendors (please let us know if a link is broken):
- Windows Defender
- Sophos Endpoint Security
- Trend Micro
In the following clip, you can see how easy it is to add an exclusion to Windows Defender:
What is Node Patrol doing to prevent this issue?
We regularly submit our applications to security vendors for pre-assessment, so that the behaviour and signatures of software can be understood in a sandbox environment and hopefully 'trusted' by each vendor. Unfortunately, it is largely out of our hands, and we have to sit back and hope that each security vendor judges each version of our applications to be safe before you attempt to install them.
We also sign all of our software using an Extended Validation Code Signing Certificate. This means that a trusted third-party organisation (in our case, ssl.com) has verified our legal company registration, physical premises address, and contact information. It's a guarantee that our identity, purpose, and legal registration has been verified. You can read more about the process here: https://www.globalsign.com/en/code-signing-certificate/ev-code-signing-certificates
As a result of signing our code using a certificate with extended validation, the User Account Control prompt will show us as a VERIFIED PUBLISHER when you install our software: