Antivirus software flags LogMeIn Resolve as potential threat
In some cases, antivirus or Endpoint Detection and Response (EDR) solutions may incorrectly identify LogMeIn Resolve as a threat. This is usually a false positive and not a cause for concern.
Why does this happen?
When you use LogMeIn Resolve’s Patch Management features, the client software (Resolve.PatchManagement.Client.exe) installs and uses the Microsoft.WinGet.Client PowerShell module. Some security tools, including antivirus and EDR solutions, might flag the installation or usage of this module as suspicious.
Why is the Microsoft.WinGet.Client module used?
Windows Package Manager (WinGet) is an official Microsoft tool for installing, updating, and managing software on Windows devices. LogMeIn Resolve uses the Microsoft.WinGet.Client PowerShell module for the following:
- Scan your system for installed software packages.
- Find available patches and updates for both Microsoft and third-party applications.
- Install or update software as part of its Patch Management and Reporting features.
This integration allows you to keep your Windows applications secure and up to date.
Should I be concerned about security alerts?
No. EDR or antivirus detections can be ignored or marked as false positive.
The download and use of the WinGet PowerShell module by Resolve.PatchManagement.Client.exe is expected behavior and not malicious. These actions simply aim to improve the security of your Windows devices by keeping software and patches up to date.
If your EDR or antivirus solution flags this activity (for example, when downloading or installing the PowerShell module, or performing WinGet operations) while using LogMeIn Resolve, you can safely treat it as a false positive.
What should I do if LogMeIn Resolve is flagged?
You can safely whitelist or mark as "trusted" both of the following components and activities in your security software:
- Resolve.PatchManagement.Client.exe.
- The installation and use of the Microsoft.WinGet.Client PowerShell module.