mssqlmng.exe, DNSMng.exe, php.exe and pmm-ras.exe are marked as infected by Microsoft Security / Windows Defender

Dmitry Bystrov

10 months ago

Situation

mssqlmng.exe, DNSMng.exe, php.exe,pmm-ras.exe, nssm.exe and/or pleskstartup.exe utilities are shown as infected by Trojan:Win32/Detplock on Windows Defender:

It is a false-positive detection by Windows Defender antivirus. This has been registered as a security issue with ID PPPM-11032.

The following error message might be shown in Tools & Settings > Database Servers > <MS SQL Server name>:

Error: The test connection to the database server has failed because of network problems:
mssqlmng failed: plesk_exec_with_response("C:Program Files (x86)Pleskadminbinmssqlmng" --check "--server=example.com,1234" "--login=john_doe" "--password=******) failed: Unable to execute plesk_exec_with_response: Unable to start ("C:Program Files (x86)Pleskadminbinmssqlmng" --check "--server=example.com,1234" "--login=john_doe" "--password=*")<br> at Plesk impersonation(PipeServer::ServerThread::simpleRunAs line 687)<br> at (zif_plesk_exec_with_response line 1135)
Unable to perform a migration, the Pre-Migration checks or migrating a subscription might show one of the following errors:

- Failed to import the remote configuration dump from the target server. Not all settings may be migrated.
Error message: Command execution failed on the local server with non-zero exit code.
command: "C:Program Files (x86)Pleskadminbinpmmcli.exe" --import-file-as-dump
exit code: 1
stdout: <?xml version="1.0" encoding="UTF-8"?>
<response>
<errcode>1001</errcode>
<errmsg>[Error 2] The system cannot find the file specified</errmsg>
</response>

Failed to remap database servers for subscription 'example.com'
Migration for that subscription is considered completely failed. No further actions are performed for it.
Migration tools tried to perform operation in 3 attempts: Failed to execute local command '"C:Program Files (x86)Pleskadminbinphp" -dauto_prepend_file="" "C:Program Files (x86)Pleskadminplibcudatabase-registrar.php" --get-credentials localhost:3306 -type mysql': [Error 2] The system cannot find the file specified
Unable to run CLI commands:

plesk login
'plesk' is not recognized as an external or external command, operable program or batch file.

Impact

Files can be automatically removed/quarantined by antivirus, preventing the normal functionality of Plesk services.

Call to action

Until the issue is resolved, add the directories containing Plesk executable files to exclusions on Windows Defender:

Via Windows UI

Connect to the server via RDP
In the Start menu, open Settings
Go to Update & Security > Windows Defender > Exclusions > Click Add an exclusion > Click Exclude a folder > Add the following Plesk folder paths:
- %plesk_dir%adminbin
- %plesk_dir%adminbin64
- %plesk_dir%bin
- %plesk_dir%ctl
- %plesk_dir%PleskWebSocket
- %plesk_dir%PleskStartup

Via CMD

Connect to the server via RDP
Start a command prompt as Administrator
Switch to PowerShell running the following command:

powershell
Exclude the Plesk folders with the following commands:

PS C:> Add-MpPreference -ExclusionPath “C:Program Files (x86)Pleskadminbin64”
PS C:> Add-MpPreference -ExclusionPath “C:Program Files (x86)Pleskadminbin”
PS C:> Add-MpPreference -ExclusionPath “C:Program Files (x86)Pleskbin”
PS C:> Add-MpPreference -ExclusionPath “C:Program Files (x86)Pleskctl”
PS C:&gt…

0 Shares