Community


Host Upgrade Blocked by Bitdefender

Links used in this discussion
snk-nick, User (Posts: 59)
Jan 19, 2022 8:59:51 pm EST
Performing a simple upgrade on multiple Windows Servers from host 7.1.1.0 to 7.1.2.0, upgrade was blocked by Bitdefender with the following:

Advanced Threat Control has blocked a process that has been detected as malicious.Process path: C:\Windows\Temp\host_upgrade_{8CECBA23-E6C4-4B16-859A-0B45E9BA486A}.exe. Threat name: ATC.SuspiciousBehavior.D4B82CC334736729.

On most servers the upgrade does seem to have still gone through, but on a couple the RU host program is effectively deleted and required a reinstall.
Pauline, Support (Posts: 2863)
Jan 20, 2022 11:52:40 am EST
Hello,

Thank you for letting us know.

We will submit a False Positive report to Bitdefender as soon as possible. In addition, we recommend that you submit a false positive report as well, since they're most likely to listen to their own customer and, therefore, to resolve the issue faster. You can submit a False Positive report and also add the Host installation folder C:\Program Files (x86)\Remote Utilities - Host\ to the exception list as described here. Sorry for the inconvenience.

Please let us know you have other questions.
Olivier Meynard, User (Posts: 4)
Jan 27, 2022 9:59:14 am EST
Support level: Free or trial
Hello,

I just bought 2 Pro licences of RemoteUtilites for my park of computers and servers , and I want to share my experience :

I created a personnalized Host with the version 7.1.2.0 (signed version).
On the computers (Win 10) and servers (Win 2019 Datacenter), protected by Bitdefender GravityZone (cloud version v7.4.2.142, last update), no problem, the Host is running fine.

However, on other servers (Win 2019 Datacenter), protected by AVG File Server (v21.11.3215, last update), AVG blocks my personnalized Host (download and copy are impossible)...
I just have the same situation with a teleworker user using AVG too : impossible to give assistance...
So, I submited AVG a false positive ticket, with my personnalized Host .exe.

I read the forum messages, and I understand that RemoteUtilities and their clients were bored about this situation...
it's really a pity because RemoteUtilites possibilities are great !

Now, my fear is that after an update, all the Host installations of my computer park could be deleted...
So, in my opinion, the exception folder is the first thing to create after an installation !!!
But in the case of AVG, I can't do anything, because the Host program is blocked as soon as it is copied on the computer.

Best regards,
Olivier from France.
Pauline, Support (Posts: 2863)
Jan 27, 2022 1:07:30 pm EST
Hello Olivier,

Thank you for your message.

Unfortunately, this is a pretty common practice for the new releases since modern a/v software detections are almost entirely based on statistics, AI and heuristics - it will take some time, perhaps, a couple of months before the dust with the false positive detects settles.
However, please note that we send false positive reports to the antivirus software vendors on a regular basis, so that they can remove the false positives. In this case, you've already submitted a false positive report, so hopefully the AVG team will resolve the issue as soon as possible, since it's coming fr om their own customer.  

Unfortunately, our assistance with the antivirus-related issues is very limited since we have no control over their software or detects - in this case, we can suggest temporarily disabling the antivirus when installing Host and adding the Host installation folder C:\Program Files (x86)\Remote Utilities - Host\ to the exception list as described here before turning the a/v back on.
In case if AVG only removes your custom Host installation package, as a temporary workaround please try installing vanilla Host from our Download page first, then adding the installation folder C:\Program Files (x86)\Remote Utilities - Host\ to the AVG exception list (I also suggest adding the folder wh ere you want to store the custom installation package to the exception list as well). Then you can run your custom Host installer over the existing installation - this will update the default Host settings and overwrite them with your custom ones.

Please let us know if you have more questions.
snk-nick, User (Posts: 59)
Jan 27, 2022 8:40:58 pm EST
Sorry to be clear, I have C:\Program Files (x86)\Remote Utilities - Host\ as well as the specific application whitelisted on all my clients. As mentioned in my original post the "infection" was picked up in the temp folder with a random string.

This actually caused me a significant amount of work to resolve, far more clients failed than I anticipated so I had to roll out a new RU package to recover them all. Not exactly ideal.
snk-nick, User (Posts: 59)
Jan 27, 2022 9:20:07 pm EST
Also it's been over a week and the upgrade is still being blocked, same message. I've obviously submitted it to BitDefender myself but don't you guys have a relationship with the major AV guys to prevent this stuff?
Olivier Meynard, User (Posts: 4)
Jan 28, 2022 8:48:59 am EST
Support level: Free or trial
Hello,

Good news for AVG / Avast : after my false positive submission, they did the work, and they sent me a confirmation email.
I checked : Now, I can download/copy and install the Host on my servers protected with "AVG antivirus file server".

@snk-nick :
it's strange for Bitdefender... As I wrote, I never had a problem with my "Bitdefender GravityZone" product... but I trust you !

If something happens, I will post here the problem.

Best regards,
Olivier from France
Pauline, Support (Posts: 2863)
Jan 28, 2022 1:09:12 pm EST
Hello snk-nick,

Thank you for your feedback.

Unfortunately, we do not have any special relationship with a/v software vendors, this is why we always asking our users to submit a false positive report as well, since the a/v vendors are more likely to actually pay attention in case if the report comes from their own customer and resolve the issue faster. In addition, as I mentioned earlier, we submit false positive reports ourselves on a regular basis as well, but, unfortunately, sometimes it might take a while to even reach some vendors.
We're sorry to hear about BitDefender, we will definitely try contacting them once again. We apologize for the inconvenience.

I'll let you know once we get a reply from BitDefender.
Pauline, Support (Posts: 2863)
Jan 28, 2022 1:10:12 pm EST
Hello Olivier,

I'm glad to hear that AVG removed the detect and it works for you now!

Please feel free to post another message if you have any questions.
Mikael Berglund, User (Posts: 1)
Feb 01, 2022 9:20:15 am EST
Simple update also being blocked by Windows 10 inbuilt Security, detected as PUA:Win32/Puamson.A!ml
Version I have tried to update to is 7.1.2.0 (70210). Manually updated for now.

* Website time zone: America/New_York (UTC -5)