dst-ap 0 Posted October 8, 2013 Share Posted October 8, 2013 (edited) Hi all, Had a 4 servers (2 x 2008 & 2 x 2012) where ESET Endpoint Antivirus quarantined rAdmin on all the servers. Below is the sample of the quaritne log from one of these servers + the sys-info. Please advise on how best resolve this issue. Hash Occurred first Occurred last Object name Size Reason Hits Filef8401a325dd540135237aa74f14a8c4e6cbd81d8 5 days ago 5 days ago C:\Users\admin_swf\AppData\Local\Downloaded Installations\{ECF6FE39-A8B0-411B-83AC-75A17875FE6F}\rserv34.msi 4 MByte Win32/RemoteAdmin.RAdmin.AC potentially unsafe application 1 No Dataf8401a325dd540135237aa74f14a8c4e6cbd81d8 5 days ago 5 days ago C:\Windows\Installer\abcddcf3.msi 4 MByte Win32/RemoteAdmin.RAdmin.AC potentially unsafe application 1 No Data81d62f525ca7ba1c765e15d08bd17d13f12b1457 5 days ago 5 days ago C:\Windows\SysWOW64\rserver30\rserver3.exe 1 MByte Win32/RemoteAdmin.RAdmin.AC potentially unsafe application 1 No Data Information on operating system Operating system: Windows Server 2012 StandardOperating system version: 6.2.9200 Operating system type: 64-bit Version of common control components: 5.82.9200 Processor: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz (2500 MHz) System memory (RAM): 4096 MB Computer description: Time zone name: GMT Daylight Time Time zone offset: 60 min Information about executive parts Virus signature database: 8889 (20131008) Update module: 1043 (20130415) Antivirus and antispyware scanner module: 1410 (20130926) Advanced heuristics module: 1143 (20130909) Archive support module: 1180 (20130930) Cleaner module: 1077 (20130924) Anti-Stealth support module: 1053 (20130906) ESET SysInspector module: 1237 (20130701)Self-defense support module: 1018 (20100812) Real-time file system protection module: 1006 (20110921) Translation support module: 1109 (20130611) HIPS support module: 1096 (20130923)Internet protection module: 1067 (20130624) Database module: 1040 (20130822) Information about installed product Product version: 5.0.2122.1 Product name: ESET Endpoint AntivirusProduct language: 1033 Current user information User: ------------ Edited October 8, 2013 by dst-ap Link to comment Share on other sites More sharing options...
Administrators Marcos 5,394 Posted October 8, 2013 Administrators Share Posted October 8, 2013 Since disabling memory scans is not safe, I'd suggest disabling detection of potentially unsafe applications so that the remote admin tool is not detected. Link to comment Share on other sites More sharing options...
ESET Insiders PodrskaNORT 17 Posted October 9, 2013 ESET Insiders Share Posted October 9, 2013 @dst-ap There should be ESET File Security on servers. What version of Endpoint Antivirus you have installed on servers? Tomo Link to comment Share on other sites More sharing options...
7alvoo 0 Posted October 22, 2013 Share Posted October 22, 2013 (edited) This problen inexplicably after one monat (09.25) left and the radmin in eset stil fals pozitive in virustotal. This is the original radmin installer from radmin server. Edited October 22, 2013 by 7alvoo Link to comment Share on other sites More sharing options...
Recommended Posts