Just a PSA, Windows Defender with Security Intelligence version 1.411.242.0 from 5/19 started flagging the SimpleHelp Remote Access installer as “Trojan:Script/Wacatac.B!ml.”
This stopped getting flagged with Security Intelligence version 1.411.245.0, also from 5/19.
Yes, we are facing the same experience here with Kaspersky EDR. Why SimpleHelp installer was not digitally signed to prevent this kind of suspect?
The installers are all customized (your logo, your server info), and delivered from your own server, so to sign it would mean your server would have to have access to the private key, and simple-help would never give us that as they would be responsible for everything that is signed with it.
I asked support on this a few weeks back and this was their response
“We can confirm the installers are all correctly signed (and should be forever more)!”