Conrad Sallian's community posts

Hello Marco,

Have you tried contacting Watchguard with this?

Hello Bretislav,

It's not about hash. Eset blocks any file that comes out of our MSI configurator despite the files are signed. As you understand, each file with different settings will have a unique hash. Yet, Eset blocks them all just because someone somewhere used one of those file to 'social engineer' into someone's computer.

When we asked them what was the logic behind this they asked that we (!) should "convince malware actors to not use our software". :) Yes, this is what they say today in an email reply.

Even more so - the file that they claimed was "malicious' was actually a legit customized Host file (signed with our signature) only used for malicious purpose. I.e. someone was distributing this file within a malware package. And Eset decided that if our legit file is used by a malware actor then the file was malicious. And by extension they decided that all other configured installers should also be malicuous.

We can only feel sorry for Eset customers.

Hello Darryl,

Could you locate the Host log and see what it says. The Host keeps its logs in C:\Program Files(x86)\Remote Utilities - Host\Logs.

We're thinking our Watchguard firewall maybe blocking RU?

Yes, you should check that id.remoteutilities.com is allowed by the firewall.

Hello Bretislav,

We sent our last message to Eset a week ago, and then a reminder. There is still no answer.

But you can send a message to them yourself using this email samples@eset.sk .

Hello Frank,

Dragging the key in to the License key storage is only needed if you have Viewer ver. 7. In version 6 you can just paste the key as before.

As for the address book, you might want to restore your address book from a backup. This guide explains how to do that https://www.remoteutilities.com/support/docs/backing-up-address-books/#Restoring_an_address_book_from_a_backup

Hope that helps.

Hi Nijel ,

Unfortunately, couldn't reproduce it however I tried. Could be some glitch maybe. If this issue occurs in the future please let us know.

Hi Nijel,

One question - did you update your Viewer installation (i.e. you were running Viewer on that machine previously) or was it a new installation to which you imported/added your XML address book?

Hello,

Could you please be more specific as to what doesn't work, specifically? Do you see the prompt for entering admin credentials when you invoke the "Restart agent as..." command?

Hello H E,

Thank you for your message.

When an email message is sent a 'flag' is set in Agent settings in the Windows registry. Re-sending a message each time you run Agent on that machine doesn't make sense because the Internet-ID code and authentication settings do not change.

If you wipe the Agent registry entry and run Agent anew - the settings will change and email message will be sent again because no 'sent' flag is set yet.

Hope that helps.

Bretislav Duda wrote:

Hello,
any news?

There is a chance for a solution and further use?

v7.0.0.3 identical problem

Hello,

Eset finally provided the file. It was a legit one-click installer file of the previous version which was blocked because someone extensively used (dropped, planted) that file onto victims computers. Antivirus engines block that file by hash (which is expected). Unfortunately, for some reason Eset decided to block it by signature which is incorrect. We have already explained that to Eset .

Besides, the file was not even signed with our current signature, but with a previous one. Still, what Eset is doing is blocking our current signature. That is weird. There will always be someone who builds an RU installer and uses it for malicious purposes but that doesn't mean a signature is compromised and should be blocked.  

We are currently talking with them to resolve this situation. Blocking signatures and/or entire software manufacturers based on assumptions is no way to go.