TDR does not like Zoho Assist and keeps containing computers

Has anyone else been experiencing issues with TDR and Zoho Assist unatteneded agent?

I have a client who has had two computers so far get contained because TDR flags Zoho Assist executables as threats. This problem started last July. One of the computers was a rarely-user training computer, so it being offline for months was not unusual. I repurposed it a month ago, and it would not connect, and that is when I found the Zoho Assist problem and added all of the exclusions below the one that happened today as noted below. The latest one was today and it was:

C:\Program Files (x86)\ZohoMeeting\UnAttended\ZohoMeeting\agent.exe

I already had the following in the exception list and I just added the one above to the list. I am tempted to just allow the whole "C:\Program Files (x86)\ZohoMeeting\UnAttended\ZohoMeeting" folder and subfolders to stop this false positive, but that's not the best solution.

C:\Program Files (x86)\ZohoMeeting\UnAttended\ZohoMeeting\Temp\ZA_Delta\agent_ui.exe

C:\Program Files (x86)\ZohoMeeting\UnAttended\ZohoMeeting\agent_ui.exe

C:\Program Files (x86)\ZohoMeeting\UnAttended\ZohoMeeting\ZMAgent.exe

C:\Program Files (x86)\ZohoMeeting\UnAttended\ZohoMeeting\ZohoURS.exe

C:\Program Files (x86)\ZohoMeeting\UnAttended\ZohoMeeting\ZohoURSService.exe

What is really strange is that there are three computers that have Zoho Assist on them, but only two that ever get contained.


Gregg Hill


  • No, but last week i had TDR killing OneDrive process as a thread :)

  • james.carsonjames.carson Moderator, WatchGuard Representative

    I took a look around and I don't see any reported issues for ZOHO via TDR. There are a few cases where the HTTPS proxy picks it up as INVALID LINE FORMAT (because it's not actually HTTPS) -- in both cases making a packet filter to handle that traffic fixed it.

    If you're running into a problem specific to TDR and ZOHO, I'd suggest opening a support case if you haven't done so already so that our team can help look into it, and look at your logs.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.