Microsoft Defender Antivirus in Windows Security, formerly Windows Defender Antivirus on older Windows versions, may sometimes detect SoftActivity Monitor application or Agent files on monitored computers as a threat and remove them. It may categorize them as MonitoringTool:Win32/ActivityMonitor, PUA:Win32/SoftActivity (Potentially Unwanted Application), or similar.

There is no virus or malware in SoftActivity Monitor software. The software only does what is declared in its features described on the website: it records user activity on company-owned computers to help with insider threat detection and employee productivity tracking. The SoftActivity application folder can be excluded from scanning by an administrator to allow this software.

Microsoft Defender Antivirus exclusions reduce scanning coverage for the selected path. Limit the exclusion to the SoftActivity Agent folder and apply it only on computers where SoftActivity Agent is authorized by your organization.

Add manually via Windows Security in Windows 11/10

Note: if your organization uses Group Policy in Active Directory to manage Microsoft Defender Antivirus exclusions, scroll down for how to add an exclusion there. This is the recommended way for domain-managed computers. If you add an exclusion rule to a computer locally, it may later be removed or overridden by Group Policy or endpoint security policy.

If you want to add an exclusion to one or several computers in your organization that are not managed by Group Policy, follow the steps in this section.

Click the Windows Start button and start typing virus, then click the Virus & threat protection link to open the Windows Security settings page:

Scroll down to the Virus & threat protection settings section on the page, then click Manage settings:

On the next page, scroll down to the Exclusions section and click Add or remove exclusions. On some older Windows versions this area may still be described using the legacy Windows Defender name:

Click Add an exclusion, then select Folder in the drop-down menu. In the Select Folder dialog, enter the Agent folder path:

C:\Windows\sysnchrb

The folder is hidden by default, so you cannot see it when browsing. Type the path directly into the Folder field, or copy and paste it.

If the Agent module has not yet been installed on this system, first create a new empty sysnchrb folder inside C:\Windows. Otherwise, Windows will say the folder does not exist. After SoftActivity Agent is installed, it hides the folder so the monitored user cannot see it. Click Select Folder to apply the folder selection:

After these steps, you should see the Agent folder added to exclusions in Microsoft Defender Antivirus. The antivirus will ignore the presence of the Agent module on the monitored PC:

You can then install Agent remotely from the SoftActivity Monitor desktop application on the administrator’s computer.

Add via Group Policy Editor

If you want to add the exclusion to all computers in your Active Directory network before installing Agent, this can be done through Group Policy.

Administrators can do the following:

1. Open Group Policy Management Editor, then select Computer Configuration and select Administrative Templates.
2. Expand the tree to Windows Components > Microsoft Defender Antivirus > Exclusions. On older Windows administrative templates, this may still appear under Windows Defender Antivirus.
3. Open the Path Exclusions setting for editing, then add the Agent folder to exclusions.
4. Set the option to Enabled.
5. Click the Show... button inside the Options panel.
6. Enter C:\Windows\sysnchrb as the content of the Value name column.
7. Enter 0 (zero) as the content of the Value column.
8. Click OK on the Show Contents dialog box.
9. Click OK to apply the new exclusion.

After these steps, Microsoft Defender Antivirus will ignore files of the Agent module on monitored computers after this Group Policy is applied. This usually happens upon reboot. The policy can also be applied anytime by running this command on a remote computer:

gpupdate /force

Smart App Control in Windows 11

Smart App Control in Windows 11 is separate from Microsoft Defender Antivirus exclusions. It can block apps, scripts, or app components before they run if Windows does not trust them.

Microsoft does not provide a per-app allowlist for Smart App Control. If Smart App Control blocks SoftActivity Agent installation or execution, an administrator should open Windows Security > App & browser control > Smart App Control settings and temporarily turn off Smart App Control if company policy allows it.

After installation, verify that SoftActivity Agent is running and that the computer appears in SoftActivity Monitor. Keep Microsoft Defender Antivirus folder exclusions configured separately where needed. In managed environments, align Smart App Control settings with your organization’s endpoint security policy rather than treating this as a local user workaround.

By SoftActivity Team

AVG Antivirus may detect Activity Monitor Agent on the monitored computer and Activity Monitor installation on the manager’s PC as Win32:ActivityLogger-E [PUP] or Potentially Unwanted Program(PUP) threat. In fact, there is no virus in Activity Monitor software. It only does what is declared in its features described on the website.

To prevent AVG Antivirus from detecting this threat you will need to exclude Activity Monitor installation folder from scans following instructions  below.

Basically, you need to exclude on admin’s PC:

C:\Program Files\SoftActivity\Activity Monitor

on the monitored computers:

C:\Windows\sysnchrb

Read More

Most antivirus products do not detect any threats or issues in SoftActivity employee monitoring software. In fact, there is no viruses, spyware or malware in SoftActivity Monitor software, as long as the downloaded file is digitally signed by Deep Software Inc. All SoftActivity executable and .DLL files are digitally signed.

We recommend to check the file’s signature by opening the file’s Properties – Digital Signatures tab to ensure the file you are installing is an original and has not been tampered with.

Read More

ESET NOD32 Antivirus may detect SoftActivity Monitor or TS Monitor on your computer as Potentially Unwanted Program(PUP) or Win32/Spy.ActivityMonitor.D or Win32/KeyLogger.ActivityMonitor.AG threat. In fact, there is no virus in SoftActivity software. It only does what is declared in its features on this website, i.e. records user activity on the computers owned by your company. Recording is done with the computer owner’s permission.

To prevent ESET NOD32 Antivirus from detecting this threat you will need to exclude SoftActivity destination folder and/or thread name from scans as described below.

Read More

Avast Antivirus may detect SoftActivity Monitor employee monitoring software on the manager’s PC and Agent installed on monitored computers as Potentially Unwanted Program(PUP) or Win32:ActivityLogger-E [PUP] threat. In fact, there is no virus in SoftActivity software. It only does what is described in its features on our website, i.e. records your employees computer activity.

To prevent Avast Antivirus from detecting this threat you will need to exclude these folders from scans in Avast:
On a manager’s PC or server, where Activity Monitor admin console is installed:

C:\Program Files\SoftActivity\Activity Monitor

It’s also recommended to temporarily disable the antivirus protection before running installation on the admin’s PC. Otherwise it may find threats in TEMP folder that is used during installation. Then add the folder exclusion and enable antivirus protection.

On the monitored PC, where Activity Monitor Agent software is installed:

C:\Windows\sysnchrb

You need to add an exclusion before running Agent installation. Otherwise installation might fail.

How to add exceptions in Avast Antivirus

Read More

Avira AntiVir Antivirus may detect Activity Monitor employee monitoring software on the manager’s PC and Agent installed on monitored computers as Potentially Unwanted Program(PUP) threat. In fact, there is no virus in Activity Monitor software. It only does what is declared in its features on the website, i.e. records your employees computer activity.

To prevent Avira AntiVir from detecting this threat you will need to exclude these folders from scans in the antivirus:

On the monitored PC, where Activity Monitor Agent software is installed:
C:\Windows\sysnchrb

On the manager PC(server), where Activity Monitor admin console is installed exclude this folder:
C:\Program Files\SoftActivity\Activity Monitor

Please note that you should configure Avira AntiVir exclusions before the monitoring program installation.

If you have Norton 360 installed, it may detect and delete Activity Monitor and Agent. To avoid this you need to setup exclusions in Norton 360. It will then ignore presence of Activity Monitor and allow monitoring of computers in your office network. Following steps below add these Signature Exclusions in Antivirus Settings in Norton 360:

• Spyware.ActMon
• Spyware.ActivMonAgent

You need to do it on computers where you are planning to install Activity Monitor and Agent before the installation. If you add exclusions after installation, you may need to reinstall Activity Monitor again, as it could be already damaged by the antivirus.

UPDATE (Sept 2012): Since version 7.0 of Activity Monitor exclude this folder on monitored computers: C:\Windows\sysnchrb

You may also need to create a Firewall Rule for Activity Monitor and Agent.

Antivirus exclusions for Activity Monitor and Agent in Norton 360

1.Open Norton 360 main window. Click Settings:

Read More