Hi all,
Had a 4 servers (2 x 2008 & 2 x 2012) where ESET Endpoint Antivirus quarantined rAdmin on all the servers.
Below is the sample of the quaritne log from one of these servers + the sys-info.
Please advise on how best resolve this issue.
Hash Occurred first Occurred last Object
name Size Reason Hits Filef8401a325dd540135237aa74f14a8c4e6cbd81d8 5
days ago 5 days ago C:\Users\admin_swf\AppData\Local\Downloaded
Installations\{ECF6FE39-A8B0-411B-83AC-75A17875FE6F}\rserv34.msi 4
MByte Win32/RemoteAdmin.RAdmin.AC potentially unsafe
application 1 No
Dataf8401a325dd540135237aa74f14a8c4e6cbd81d8 5 days ago 5 days
ago C:\Windows\Installer\abcddcf3.msi 4
MByte Win32/RemoteAdmin.RAdmin.AC potentially unsafe
application 1 No
Data81d62f525ca7ba1c765e15d08bd17d13f12b1457 5 days ago 5 days
ago C:\Windows\SysWOW64\rserver30\rserver3.exe 1
MByte Win32/RemoteAdmin.RAdmin.AC potentially unsafe
application 1 No Data
Information on operating system
Operating system: Windows Server 2012
StandardOperating system version: 6.2.9200
Operating system type: 64-bit
Version of common control components: 5.82.9200
Processor: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz (2500 MHz)
System memory (RAM): 4096 MB
Computer description:
Time zone name: GMT Daylight Time
Time zone offset: 60 min
Information about executive parts
Virus signature database: 8889 (20131008)
Update module: 1043 (20130415)
Antivirus and antispyware scanner module: 1410 (20130926)
Advanced heuristics module: 1143 (20130909)
Archive support module: 1180 (20130930)
Cleaner module: 1077 (20130924)
Anti-Stealth support module: 1053 (20130906)
ESET SysInspector module: 1237 (20130701)Self-defense
support module: 1018 (20100812)
Real-time file system protection module: 1006 (20110921)
Translation support module: 1109 (20130611)
HIPS support module: 1096 (20130923)Internet protection
module: 1067 (20130624)
Database module: 1040 (20130822)
Information about installed product
Product version: 5.0.2122.1
Product name: ESET Endpoint
AntivirusProduct language: 1033
Current user information
User: ------------