SoftActivity

How to Exclude SoftActivity Agent from Windows Defender

Windows Defender antivirus (Windows Security virus & threat protection) in Windows 10/11 may sometimes detect SoftActivity Monitor application or Agent files on the monitored computers as a threat. It might be categorized as MonitoringTool:Win32/ActivityMonitor, or PUA:Win32/Presenoker (Potentially Unwanted Application) or similar.

In fact, there is no virus or malware in SoftActivity Monitor software. It only does what is declared in its features described on the website, i.e. records users activity on the company-owned computers to help with insider threat detection and employees productivity tracking. SoftActivity application folder can be safely excluded from scanning to allow this software.

Add manually via System Settings UI in Windows 10/11

Click Windows Start button and start typing virus, click on the appeared Virus & threat protection link to System settings page:

Scroll down to Virus & threat protection settings section in the appeared page, click on Manage settings link:

In appeared next page, scroll down to Exclusions section and click on Add or remove exclusions link:

Then click on Add an exclusion button and select the Folder item in the drop down link. The Select Folder dialog box will appear, type agent’s folder here (or even better use copy and paste):

C:\Windows\sysnchrb

The folder is hidden by default, so you can’t see it when browsing, so just type it directly into the Folder field (or copy from here and paste).

In case the Agent module was not yet installed on this system, create a new empty sysnchrb folder inside C:\Windows folder manually first. Otherwise it will say Folder does not exist. After SoftActivity Agent has been installed, it will hide the folder, so the monitored user will not be able to see it. Click Select Folder button to apply the folder selection:

After these steps you should see the agent’s folder added to exclusions in Windows Defender and the antivirus will ignore presence of Agent module on the monitored PC:

Go ahead and install Agent remotely from SoftActivity Monitor desktop application on the admin’s computer. 

Add via Group Policy editor

In case you want to quickly add the exclusion to all computers in your Active Directory network for installing Agent, this can be done quickly via GPO. Administrators can do the following steps:

  1. Open Group Policy Management Editor, then select Computer configuration and select Administrative templates
  2. After this, expand the tree to Windows components > Microsoft Defender Antivirus > Exclusions.
  3. Open the Path Exclusions setting for editing, and add agent’s folder to exclusions.
    1. Set the option to Enabled
    2. Click the Show… button inside the Options panel
    3. Enter C:\Windows\sysnchrb as the content of Value name column
    4. Enter 0  (zero) as the content of Value column
    5. Click OK button on Show Contents dialog box
  4. Click OK button to apply the new exclusion

After these steps Windows Defender will ignore files of the Agent module on the monitored computers, once this Group Policy is applied on those computers, which usually happens upon reboot. The polocy can be applied anytime by running gpupdate /force on a remote computer.

By SoftActivity Team

July 9th, 2021