Community

westmindltd wrote:

Because all of the AV programs we use across different networks flag RU as a dangerous software, we gave up on it months ago. License paid, unable to use the software, lesson learnt.

Hello,

I can only agree with you. Many antivirus software today are extremely unreliable. If they cannot distinguish between legitimate software signed with an EV Code Signing certificate from unsigned and patched malware no one can guarantee that they can do their main job of protecting their customers from real viruses and trojans.

Hello David,

This is a false positive detection. According to VirusTotal our signed rwln.dll file is being detected only by Webroot and Eset https://www.virustotal.com/en/file/8a0254dae0ef28ab17baa7bf2954b5df08542fcd7a42e623­731efb06394df46e/analysis/1542078254/

We will send a false positive report to them and ask to remove the detection.

Hello David,

Since putting in this comment, Webroot responded to me that they had seen RU used as a hacking tool, and that's why they were treating it that way.

That was a lazy answer. Just about any remote access tool can be used (and is used) for malicious purposes. Our legitimate and digitally signed files have nothing to do with patched builds or various other malware builds (such as droppers, loaders, etc). Isn't it the job of antivirus software to stop such malware?

Instead, they just found an easy way and decided to block the legitimate files too. You can write them that and ask them to do their job instead of trying to save their time by abusing legitimate software such as Remote Utilities.