Conrad Sallian's community posts

Hi Rob,

Yes, why? We also publish the false positive report links in this article https://www.remoteutilities.com/support/kb/remote-utilities-is-mistakenly-detected-as-malware/

Pam Kelli wrote:

Yes, Pauline, I have AV software installed on all of my computers but it is not interfering with RU in any way.
This is clearly a host software issue. Both host computers are reporting the same fatal error.

Hi Pam,

Could you provide the antivirus software name, please. Thanks.

Hi Jeff,

You should try the Microsoft tool mentioned in this KB article https://www.remoteutilities.com/support/kb/cannot-uninstall-old-version-and-update-to-new-version/.

Hope that helps.

Hi Rob,

This is from the recent message from Avast:

I'm very sorry that the signed file was blocked. The process is semi automatic based on virus definitions. If a page or file is suspicious, detection is created based on definitions. If this is a false positive detection, you need to report the detection as you did. Subsequently, the detection is reviewed manually by our specialists, who will determine whether the detection is correct or false. Even if it is a false detection, the detection is manually changed (turned off).

It's been 2022. Soon spaceships of earthlings will traverse the vast expanses of the Milky Way, and anti-virus companies will continue to manually add new legit software releases to exceptions, and require emailing a file no larger than 10 mb in an archive with the password "infected". :)

Hello,

Thank you for your message.

I see only some SSL 2.0 connections and lots of unencrypted TCP traffic at all, when remote clients connect to the RU.

All traffic between Viewer and Host uses end-to-end encryption. So the traffic between Viewer <-> Server, and Host <->Server is not encrypted because it has already been encrypted. What you possibly see as the "unencrypted TCP traffic" has in fact been encrypted already.

Hope that helps.

Hi Rob,

It was today that we informed Avast (and by extension AVG) about that the last time :) Frankly, why it is so hard to whitelist at least the digital signature is beyond me.

Hi Rob,

I saw the link and the false positive detections. However, the certificate information is wrong - well, outdated. Even if you use the version 6.10 to build a custom installer there must be another certificate, a valid one issued by DigiCert. Here is a screenshot:



Have you tried to reconfigure your build? That should help.

Hi Rob,

Is it a freshly built installer?

Hello,

One of those rare moments when it's not us who are getting blamed for the false positives, but the antivirus engine that generated them :)

Hello,

This registry location has data >> HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\.

This registry entry contains the Host settings.

Well they do contain a different port number than your documents show, and also include a <server_private_key> and a <server_public_key>. Can these be used to track the attacker?

Neither of the this data can help with tracking the attacker. Only the logs can tell what was the originating IP address that was connecting to the machine. However, even that may not be necessary since it may be an address of a proxy server somewhere in India or Pakistan and knowing it won't help much.

I have blocked known ports on my firewall, but it would seem that an attacker can set their own ports. This is just a game of Whacka-Mole.

I'm sorry, but the software such as Remote Utilities cannot miraculously appear on your computer out of thin air. If it has been found on your computer, it only means that someone had gained unauthorized access to you computer (or network) previously and Remote Utilities being installed on your machine is your least problem. This is fighting with the effect, not the cause.