Community

[ Closed ] Version 6.9 Beta - main discussion

Page:
Links used in this discussion

jackk, User (Posts: 23)

Jul 27, 2018 4:33:55 pm EDT

You are correct, it goes back to the prefilled simple password instead of going back to the one time password.  It's confusing because the simple password is saved with the address and it doesn't prompt for it initially because of that, but then it goes to it if the one time password is wrong or close to expiration.

jackk, User (Posts: 23)

Jul 27, 2018 9:47:35 pm EDT

One more thing I've found:  If you remotely update, and include a new password in the msi, and the previous version is 6.3.0.6, you cannot login because the old settings are still on the client.  Even if you go to the client, and uninstall first, the remote install still cannot be logged into with the simple password from the msi because the old settings are still in the registry.  I found that if I delete HKEY_LOCAL_MACHINE\SOFTWARE\Usoris, then the remote installation will work properly after that.  Perhaps the installer msi should check for that and remove it.  I have reproduced this on several computers.  I always have to delete HKEY_LOCAL_MACHINE\SOFTWARE\Usoris for the remote install to work properly.

Conrad, Support (Posts: 2406)

Jul 28, 2018 4:44:39 am EDT

Hello Jack,

You are correct, it goes back to the prefilled simple password instead of going back to the one time password. It's confusing because the simple password is saved with the address and it doesn't prompt for it initially because of that, but then it goes to it if the one time password is wrong or close to expiration.

Yes, this makes sense. We are currently considering this issue and how to better address it in the next beta.

One more thing I've found: If you remotely update, and include a new password in the msi, and the previous version is 6.3.0.6, you cannot login because the old settings are still on the client.

Sure, we will test that and see how we can fix it. Thanks!

Hilton Travis, User (Posts: 2)

Jul 29, 2018 6:15:46 pm EDT

Any idea why Windows Defender is seeing the Beta as a severe malware app with remote command execution?

Alex Coombs, User (Posts: 15)

Jul 29, 2018 8:44:04 pm EDT

Hilton Travis wrote:

Any idea why Windows Defender is seeing the Beta as a severe malware app with remote command execution?    

Yeah, it's heuristics. The software (code) is new, so it'll take time for the antivirus companies to mark it as safe.

Hilton Travis, User (Posts: 2)

Jul 29, 2018 10:20:39 pm EDT

Alex Coombs wrote:

Hilton Travis wrote:

Any idea why Windows Defender is seeing the Beta as a severe malware app with remote command execution?      

Yeah, it's heuristics. The software (code) is new, so it'll take time for the antivirus companies to mark it as safe.

That's not how heuristics works.  Heuristics looks at the construction of the code, such as the calls used and the jumps made, instead of using signatures.  Heuristic scanning of code generally only reports a false positive if there is something seriously funky being done in the code, and rarely reports it as a known malicious piece of code - which is what happened here.

Now, admittedly, any app that allows remote access to a computer by definition has some "seriously funky code", but with it being recognised as a particular piece of malicious code, that's the issue.

And as to scanners not seeing it yet, therefore not building signatures in their databases, the app has been out for a week and I'm sure I'm not in the first handful of people who have downloaded it who are running Windows Defender - so that isn't really a valid reason for this detection.

jackk, User (Posts: 23)

Jul 30, 2018 12:08:18 am EDT

Hilton Travis wrote:

Alex Coombs wrote:

Hilton Travis wrote:

Any idea why Windows Defender is seeing the Beta as a severe malware app with remote command execution?      

Yeah, it's heuristics. The software (code) is new, so it'll take time for the antivirus companies to mark it as safe.

That's not how heuristics works. Heuristics looks at the construction of the code, such as the calls used and the jumps made, instead of using signatures. Heuristic scanning of code generally only reports a false positive if there is something seriously funky being done in the code, and rarely reports it as a known malicious piece of code - which is what happened here.

Now, admittedly, any app that allows remote access to a computer by definition has some "seriously funky code", but with it being recognised as a particular piece of malicious code, that's the issue.

And as to scanners not seeing it yet, therefore not building signatures in their databases, the app has been out for a week and I'm sure I'm not in the first handful of people who have downloaded it who are running Windows Defender - so that isn't really a valid reason for this detection.

Windows Defender is awful about this.  I have custom programs that I run in a business.  About once or twice a year, without any changes have been made to my software, Windows Defender calls them a virus and deletes them, can't reinstall because they are immediately flagged again.  Wait a few days, install, and everything is good again... for 6-12 months.  I've gotten where I always add exceptions now, because at any moment in the future, all of the computers I have my software installed on is going to delete it at the same time.

Conrad, Support (Posts: 2406)

Jul 30, 2018 5:05:31 am EDT

Unfortunately, this is not the first time Windows Defender marks our software not only as mere riskware, but as a serious threat, like a trojan. This happened in the past. It is all the more strange to see that it's the Viewer that is marked as malware. Viewer cannot "give" remove access by definition, it's a client not a server (as in "client-server" architecture).

We do our best to report false positive detections though.

Conrad, Support (Posts: 2406)

Jul 30, 2018 5:54:23 am EDT

jackk wrote:

One more thing I've found:  If you remotely update, and include a new password in the msi, and the previous version is 6.3.0.6, you cannot login because the old settings are still on the client.  Even if you go to the client, and uninstall first, the remote install still cannot be logged into with the simple password from the msi because the old settings are still in the registry.  I found that if I delete HKEY_LOCAL_MACHINE\SOFTWARE\Usoris, then the remote installation will work properly after that.  Perhaps the installer msi should check for that and remove it.  I have reproduced this on several computers.  I always have to delete HKEY_LOCAL_MACHINE\SOFTWARE\Usoris for the remote install to work properly.

Hello Jack,

Could you please build an installer with all the settings that you think you need and send us for testing. We will take a look at this issue.

You can upload the installer on a file sharing service and send us a download link at support@remote-utilities.com

Thank you.

Conrad, Support (Posts: 2406)

Jul 30, 2018 6:01:57 am EDT

Update on the Windows Defender issue: the false positive detection has been reported to Microsoft. So far it looks like the online scanner detects rutview as malware, not the desktop client:

Page:

* Website time zone: America/New_York (UTC -5)

This website uses cookies to improve user experience. By using this website you agree to our Terms of Service and Privacy Policy.