Community

« Back to Antivirus issues

RU Host Installable 7.0.0.1 detected by AVG

Page:
Go to last message
Links used in this discussion

Conrad Sallian, Support (Posts: 2975)

Mar 26, 2021 5:28:12 am EDT

By the way, the digital signature for the custom builds didn't even change. It's still the same Code Signing certificate issued by Comodo/Sectigo that we used since the last year including for version 6.

Bretislav Duda, User (Posts: 28)

Mar 26, 2021 5:32:01 am EDT

Support level: Free or trial
Yes, I mean MSI online configurator

I wrote and telephoned ESET, waiting for a response

I ask again
Why wasn't version 7.0.0.0 a problem?
Why does the Russian version still have no problem?

Has nothing changed - digital signature?

Conrad Sallian, Support (Posts: 2975)

Mar 26, 2021 5:39:03 am EDT

Yes, I mean MSI online configurator

It is not an issue with the program. Try the "Standard MSI" option and you will see that it is not deleted. Only one-click and agent packages are deleted.

And all three are the same package, only in different file formats. As you can see, the same 7002 package, when MSI, isnt' wiped by Eset. But one-click and agent are.

Why wasn't version 7.0.0.0 a problem?
Why does the Russian version still have no problem?

Ask that Eset, not us.

Conrad Sallian, Support (Posts: 2975)

Mar 26, 2021 5:40:24 am EDT

Has nothing changed - digital signature?

Digital signature for custom builds is the same for all versions, including version 6, 7000, 7001 and 7002. We did NOT change it.

David Silvera, User (Posts: 19)

Mar 26, 2021 5:40:43 am EDT

Support level: Pro

Bretislav Duda wrote:

Yes, I mean MSI online configurator

I wrote and telephoned ESET, waiting for a response

I ask again
Why wasn't version 7.0.0.0 a problem?
Why does the Russian version still have no problem?

Has nothing changed - digital signature?

It sounds like a combination of your options, combined with the new code changes/fixes in the new version, that cause ESET to flag it.

What options are you using for the agent?
Maybe use vanilla version of the agent until ESET can fix the issue.

Bretislav Duda, User (Posts: 28)

Mar 26, 2021 5:58:39 am EDT

Support level: Free or trial
for the agent I only change the server and port
our server
and port 5656

for the host, an authorization password

Conrad Sallian, Support (Posts: 2975)

Mar 26, 2021 5:51:02 pm EDT

Bretislav Duda wrote:

for the agent I only change the server and port
our server
and port 5656

for the host, an authorization password

Hi Bretislav,

As is clear from your report in the neighbouring thread - it is Eset that incorrectly treats our digital signature as being "compromised" and so deletes the files signed with it. This detection has nothing to do with their "unsafe" detection which only warns the user of a potential threat.

Vanilla installers are not deleted because they are signed with another (EV) certificate, also issued to "Remote Utilities LLC".

I'm afraid that in that message you cited Eset techs were confusing a signature being compromised (i.e. stolen and used by someone else to sign files, including malware files) versus a legit and signed file being integrated into a malware package (which is expected - any remote access software is abused that way). These are very different things.

We have already asked Eset for proof. Namely, we asked them to show us a file signed with our digital signature that would have a trojan or other malware inside. No one can "insert" a trojan or malware into a signed file without breaking/invalidating its signature and folks at Eset know that well. We are curious to see at least one such file - after all such bold claims must be supported by firm evidence.

We'll keep you updated on this issue.
Submit a reply
Page:
Go to last message

* Website time zone: America/New_York (UTC -5)

This website uses cookies to improve user experience. By using this website you agree to our Terms of Service and Privacy Policy.