Applicable to:
- Plesk for Windows
Situation
-
mssqlmng.exe,DNSMng.exe,php.exe,pmm-ras.exe,nssm.exeand/orpleskstartup.exeutilities are shown as infected byTrojan:Win32/Detplockon Windows Defender:
It is a false-positive detection by Windows Defender antivirus. This has been registered as a security issue with ID PPPM-11032.
-
The following error message might be shown in Tools & Settings > Database Servers > <MS SQL Server name>:
Error: The test connection to the database server has failed because of network problems:
mssqlmng failed: plesk_exec_with_response("C:\Program Files (x86)\Plesk\admin\bin\mssqlmng" --check "--server=example.com,1234" "--login=john_doe" "--password=******) failed: Unable to execute plesk_exec_with_response: Unable to start ("C:\Program Files (x86)\Plesk\admin\bin\mssqlmng" --check "--server=example.com,1234" "--login=john_doe" "--password=*")<br> at Plesk impersonation(PipeServer::ServerThread::simpleRunAs line 687)<br> at (zif_plesk_exec_with_response line 1135) -
Unable to perform a migration, the Pre-Migration checks or migrating a subscription might show one of the following errors:
- Failed to import the remote configuration dump from the target server. Not all settings may be migrated.
Error message: Command execution failed on the local server with non-zero exit code.
command: "C:\Program Files (x86)\Plesk\admin\bin\pmmcli.exe" --import-file-as-dump
exit code: 1
stdout: <?xml version="1.0" encoding="UTF-8"?>
<response>
<errcode>1001</errcode>
<errmsg>[Error 2] The system cannot find the file specified</errmsg>
</response>Failed to remap database servers for subscription 'example.com'
Migration for that subscription is considered completely failed. No further actions are performed for it.
Migration tools tried to perform operation in 3 attempts: Failed to execute local command '"C:\Program Files (x86)\Plesk\admin\bin\php" -dauto_prepend_file="" "C:\Program Files (x86)\Plesk\admin\plib\cu\database-registrar.php" --get-credentials localhost:3306 -type mysql': [Error 2] The system cannot find the file specified -
Unable to run CLI commands:
plesk login
'plesk' is not recognized as an internal or external command, operable program or batch file.
Impact
Files can be automatically removed/quarantined by antivirus, preventing the normal functionality of Plesk services.
Call to action
Until the issue is resolved, add the directories containing Plesk executable files to exclusions on Windows Defender:
-
Connect to the server via RDP
-
In the Start menu, open Settings
-
Go to Update & Security > Windows Defender > Exclusions > Click Add an exclusion > Click Exclude a folder > Add the following Plesk folder paths:
-
%plesk_dir%admin\bin -
%plesk_dir%admin\bin64 -
%plesk_dir%bin -
%plesk_dir%ctl -
%plesk_dir%PleskWebSocket -
%plesk_dir%PleskStartup
-
-
Connect to the server via RDP
-
Switch to PowerShell running the following command:
powershell
-
Exclude the Plesk folders with the following commands:
PS C:\> Add-MpPreference -ExclusionPath “C:\Program Files (x86)\Plesk\admin\bin64”
PS C:\> Add-MpPreference -ExclusionPath “C:\Program Files (x86)\Plesk\admin\bin”
PS C:\> Add-MpPreference -ExclusionPath “C:\Program Files (x86)\Plesk\bin”
PS C:\> Add-MpPreference -ExclusionPath “C:\Program Files (x86)\Plesk\ctl”
PS C:\> Add-MpPreference -ExclusionPath “C:\Program Files (x86)\Plesk\PleskWebSocket”
PS C:\> Add-MpPreference -ExclusionPath “C:\Program Files (x86)\Plesk\PleskStartup”
Post-Actions
Recover the quarantined items with the following steps:
-
Connect to the server via RDP
-
Open Windows Defender > History > Quarantined Items > View list > Select the quarantined item containing the Plesk binary > Click on Restore
Comments
Please sign in to leave a comment.