Community

RU Host Installable 7.0.0.1 detected by AVG

Page:

Links used in this discussion

Trent, User (Posts: 50)

Mar 15, 2021 1:34:39 pm EDT

Good afternoon! I noticed while attempting to update the RU Host running on an older machine with Windows Vista and AVG Free that the Simple Update was failing and leaving 6.10.10.0 in place.

I did a remote session into the machine and attempted to manually download the new 7.0.0.1 installable host, but AVG was quarantining it.

Unfortunately, during the process, I lost access to the machine so I am not able to give any further information at this point, but thought it might be worth reporting.

I did choose the option in AVG to submit it as a false positive.

Pauline, Support (Posts: 2524)

Mar 15, 2021 4:42:16 pm EDT

Hello Trent,

Thank you for your message.

Please try updating your AVG signature database. AVG replied to us today that detection is removed. In case if you still keep seeing the detection please let us know.

Let us know if you have other questions.

Bretislav Duda, User (Posts: 28)

Mar 25, 2021 4:07:42 am EDT

Support level: Free or trial

From 7.0.0.1 including 7.0.0.2
!!! ESET detects as a virus !!!

C:\Viewer\Remote Utilities\Package\One-click.RUT.7.0.0.2.exe;Win32/RemoteUtilities.D.gen trojan

Not applicable for remote support!!!

Problem not soved after month

Conrad Sallian, Support (Posts: 2923)

Mar 25, 2021 6:57:34 am EDT

Hello Bretislav,

Bretislav Duda wrote:

From 7.0.0.1 including 7.0.0.2
!!! ESET detects as a virus !!!

C:\Viewer\Remote Utilities\Package\One-click.RUT.7.0.0.2.exe;Win32/RemoteUtilities.D.gen trojan

Not applicable for remote support!!!
Problem not soved after month

And what can we do if Eset cannot distinguish between a trojan and legitimate software? :) Have you tried contacting Eset and asking them why they block legitimate and digitally signed software?

Bretislav Duda, User (Posts: 28)

Mar 25, 2021 5:08:53 pm EDT

Support level: Free or trial

I think the error is in your code or digital signature
Did something changed
versions 6.10.10.0 and 7.0.0.0 were ok

7.0.0.1 and 7.0.0.2 digital signed trojan detected
but
7.0.0.1 and 7.0.0.2 from server https://rmansys.ru/ is ok - signed
It would be good to solve it, the system is unusable

Try it, generate agent version 7.0.0.0 and later
You changed something

Conrad Sallian, Support (Posts: 2923)

Mar 25, 2021 5:48:50 pm EDT

Hello Bretislav,

I think the error is in your code or digital signature

What about other a/v software vendors then? I mean Kaspersky, Symantec, TrendMicro, Vipre, Webroot. They are NOT detecting or blocking RU. How could they miss "error in the code" or corrupted digital signature.

Besides, the digital signing process is standardized, there is nothing really to be corrupted. If the certificate is not revoked (and it isn't) and your Windows operating system shows the digital signature - then it is OK.

I understand your frustration but you direct it the wrong way. Please, try asking Eset about the false detection. You can use their email samples@eset.sk.

Here is a VirusTotal report on the Host installation file:
https://www.virustotal.com/gui/file/6c0ed93746fe1380662c706598edad029152fe20188b5741453992508e799632/detection

Where are all the big a/v names that somehow miss the 'trojan'? :)

David Silvera, User (Posts: 18)

Mar 26, 2021 4:41:31 am EDT

Support level: Pro

Hi Bretislav,

Conrad is correct here. You should submit to ESET that the program they are detecting as Trojan is a false positive and they should correct and flag it as safe. It's not uncommon for AV software to falsely detect legitimate files/programs that were recently updated.

Here are some instructions on their forum on how you can do so from within ESET: https://forum.eset.com/topic/18734-how-do-i-report-a-false-positive-or-whitelist-my-software-with-eset/
Instructions on their support site: https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab#esetproduct

Hope this helps.

Bretislav Duda, User (Posts: 28)

Mar 26, 2021 4:54:31 am EDT

Support level: Free or trial

Why is your version 7.0.0.0 not detected, but 7.0.0.1 and 7.0.0.2 are?
Why is the Russian version not detected?

Why is the agent and guest not detected downloaded from you, but online customized from you = trojan?

ESET whitelist is NOT a solution!!!
Not for remote support !!!

David Silvera, User (Posts: 18)

Mar 26, 2021 5:03:38 am EDT

Support level: Pro

Hi Bretislav,

Those are answers only ESET can answer as it is their database signature that is flagging the program as an issue.

You can submit your file to the online virus detection tool to see if any other AV software detects it as a trojan. https://www.virustotal.com/gui/

Conrad Sallian, Support (Posts: 2923)

Mar 26, 2021 5:26:59 am EDT

Hi Bretislav,

Just to clarify - do you mean a custom built prepared using the MSI Configurator and not the vanilla installer? Indeed, currently when you build a one-click installer or an agent executable it is immediately wiped from the system by Eset even with "unsafe detection" turned off completely.

But again, this is not something that we can fix. It's Eset that must fix it. Have you tried sending an email to them? If they care about their customers they should help.

Submit a reply

Page:

^* Website time zone: America/New_York (UTC -4)