New AI Incident Response, Multi-Region Agents, and Custom-Domain Status Pages — May 2026
Monitor Features overview Vendor status Uptime & synthetic checks Certificate lifecycle Operate Incident management Live demo
By goal Replace your stack Why ServiceAlert Competitor comparisons Alternatives directory By signal Reliability hub   · Uptime rankings   · SLA compliance Outage map
Services
Check & scan SSL security grader Status checker DNS lookup Response time WHOIS lookup Calculators SLA calculator Downtime calculator Embed Status badges All tools →
Pricing
Guides Help center Uptime monitoring RUM & analytics Teams & shared monitors Developer API reference Status badges Learn Blog Outage reports FAQ Changelog
Dashboard
Kaseya Inc

Datto RMM - Cagservice.exe being flagged as malicious by Antivirus Software due to a Microsoft Defender Definition update misclassifying the executable

Major Impact Monitoring Ongoing May 20, 2026

Incident Lifecycle

Investigating Investigating Investigating Identified Monitoring

Incident Timeline

Monitoring
The Kaseya R&D team confirmed with Microsoft counterparts that the issue was caused by misclassification of the 15.0 Datto RMM version's cagservice.exe in a recent security intelligence update for Microsoft Defender Antivirus and other Microsoft antimalware.

This issue was fixed in the security intelligence update version 1.451.15.0, and the issue should no longer occur as long as the device is on this definition version or later.

Microsoft currently does not offer an automated way to rev...
May 21, 2026 at 3:40 PM UTC
Identified
The R&D team continues to work with Microsoft counterparts on a path to restore the erroneously quarantined assets, and restore RMM connectivity to affected devices.
May 21, 2026 at 9:35 AM UTC
Investigating
In collaboration with Microsoft, an update has been made to Microsoft Defender Antivirus and other Microsoft antimalware's security intelligence to prevent these false positive alerts on the cagservice.exe for devices running Microsoft antimalware solutions.

Devices running security intelligence version 1.451.15.0 and above have the updated detection logic. If you receive an alert for the cagservice.exe and your device is on version 1.451.15.0 and above, please reach out to our support team...
May 20, 2026 at 10:51 PM UTC
Investigating
The RMM agent underwent an update, causing some devices with antivirus software, mainly Microsoft Defender for Endpoint, to alert on the update behavior and quarantine "cagservice.exe". This alert has been identified as a false positive.

To prevent these alerts on Microsoft Defender for Endpoint for this new RMM agent, please follow these steps:

1. Go to the Security Portal
2. Go to Settings
3. Go to Endpoints
4. Under "Rules" click on "Indicators"
5. Under the file hashes, add the indicat...
May 20, 2026 at 7:05 PM UTC
Investigating
We are aware of a problem where the Datto RMM's "cagservice.exe" is being flagged as malicious by some antivirus software, causing it to be quarantined.

The Kaseya R&D Team are investigating the issue.

Subscribe to the Kaseya Status Page for up-to-date information at https://status.kaseya.com/
May 20, 2026 at 4:28 PM UTC
Was your business affected by this Kaseya Inc outage?
Set up instant alerts for Kaseya Inc, be the first to know about outages via email, Slack, Teams, or Discord.
Set Up Alerts → View Kaseya Inc History

Similar Kaseya Inc Incidents

[Networking] - [DSE] - [DSE Safe Check Preventing users Access] Major May 23, 2026 Issues with payment provider – KaseyaOne & Kaseya Store Major May 22, 2026 [Datto Workplace & Datto File Protection] Users are unable to login Major May 21, 2026 Datto Workplace - AU5 - Some files are unable to be accessed through local agents and the Workplace Online Major May 15, 2026 Datto SaaS Protection - Service disruption for customers hosted on pod 'usw3-saas-p0' Major May 11, 2026