TM Connect Agent is flagged and quarantined by antivirus
Antivirus software such as Microsoft Defender, Crowdstrike, ... can flag the TrendMiner Connect Agent as malicious and put the file(s) in quarantine. If this happens the TrendMiner appliance will no longer be able to connect to the on-prem data sources and no new data will come in anymore in TrendMiner.
Why is TM Connect Agent marked as malicious?
The TM Connect Agent uses internally a component called FRP (Fast Reverse Proxy). FRP is a legitimate open source tool used for port forwarding and tunneling. It is hosted on GitHub with a strong reputation and an active community. It is not malware and not a virus.
Some antivirus programs improperly flag frpc.exe due to frp being a networking tool capable of creating reverse proxies. Antiviruses sometimes flag reverse proxies due to their ability to bypass firewall port restrictions. For more details see here.
How can we be sure TM Connect Agent is secure?
When running FRP in a TM-Connect agent:
it runs in a controlled environment (the server that runs the TM-Connect agent)
it is used from a trusted source (TrendMiner)
and the use of the component has a legitimate use case: establishing a safe and secure connection from the customer network to the TrendMiner platform.
TrendMiner affirms it is safe because of the following reasons:
FRP is an open source component with an active community that fixes known vulnerabilities in new versions.
TrendMiner downloads the distribution from the official source.
TrendMiner signs the TM-connect component to make sure you can verify the distributable is from a trusted source.
3rd Party security experts assess the configuration/component for TrendMiner, our code and use of TM-Connect. Those security experts also pentest the TM-Connect agent and will regularly re-assess the TM-Connect agent in our periodical pentests and security assessments.
TrendMiner scans the TM-Connect agent with JFrog Xray to do a SCA (Software Composition Analysis) to check for vulnerabilities in the used component.
Make sure to always upgrade to the latest version available to make sure the latest patches are applied. To upgrade to the latest version uninstall the current agent and install the new one, following our (un)installation instructions: Agents
How can we make sure TM Connect Agent is not flagged and deleted?
If you are using antivirus, then you may need to whitelist/exclude frpc in your antivirus settings, on the servers where the TM-connect agent is deployed, to avoid accidental quarantine/deletion.