So they are detecting the same file with the same hash and signature all over again :) We can only hope that they are much better at detecting viruses and trojans than at not detecting legitimate software.
Since putting in this comment, Webroot responded to me that they had seen RU used as a hacking tool, and that's why they were treating it that way.
That was a lazy answer. Just about any remote access tool can be used (and is used) for malicious purposes. Our legitimate and digitally signed files have nothing to do with patched builds or various other malware builds (such as droppers, loaders, etc). Isn't it the job of antivirus software to stop such malware?
Instead, they just found an easy way and decided to block the legitimate files too. You can write them that and ask them to do their job instead of trying to save their time by abusing legitimate software such as Remote Utilities.
what i have noticed though is i have upgraded my older hosts but the viewer still show that they are running an older version until i log in
This is because the Viewer only knows that the Host version changed after it logs in on the Host. The online status just shows if the Host is available - other information, such as Host version number etc. isn't transferred in this mode.
Unfortunately, we couldn't reproduce the issue. Just downloaded and ran Microsoft MRT on a Windows 10 machine with all Remote Utilities modules installed, including RU Server , but neither was deleted or marked as infected. They are working normally.
Here is the scan result:
Perhaps, the removal tool signature base was updated since the time you ran it?