Jump to content

Getting nowhere on Ticket ID: 138059 please help


Jeroen1000
Go to solution Solved by Marcos,

Recommended Posts

Dear Marcos

Dear support,

 

Since we are going around in circles with the ticket, I was wondering whether you could offer a more in depth explanation / analysis on the matter and also a solution.

 

I'm using Radmin (hxxp://www.radmin.com/), a remote control utility, that NOD32 keeps detecting as a potentially unwanted program. It states the threat is in the Operating Memory (which is correct, the executable is loaded as a service on start-up).

I've excluded the detected exe at disk level but that does not help as it keeps detecting it in memory. Support is suggesting disabling detection for unwanted programs as a whole and even adding the system folder to the exclusions list. Neither is satisfactory and bluntly put just bad advice from a security perspective. There has been a time the manufacturer got Eset to remove this false detection but apparently it is back.

 

I've been a paying customer for a very long time. Surely, you can remove this "threat" from being detected or fix the virus defintions?

 

Many thanks,

Jeroen

Edited by Jeroen1000
Link to comment
Share on other sites

Hi Jeroen,

 

I am taking a look at your software as a courtesy. :)

 

First thing i have noticed up to bat ! This application was just flagged as a Potentially Unsafe Application, not a Potentially Unwanted Application, while i was downloading.

 

From security perspective, un-checking 'unsafe' applications is not that much of a risk factor as you may think.

Unsafe applications database contains a plethora of IT tools and Admin tools, that are not necessarily a threat , but possibly unsafe to the inexperienced user, if they do not understand what they are doing.

I would agree with not disabling unwanted apps, because they are classified as toolbars, advertisements, and bloatware; but i can understand removing unsafe.

 

Unsafe is not enabled by default and the user is not asked to use it at all, however a user is prompted for unwanted at the time of install, also not on by default.

 

After disabling unsafe applications, i was able to download the file with no errors, prompts, or flags from ESET at all, NO exclusions set by web on domain etc.

I will analyze installation and operation from my perspective.

Link to comment
Share on other sites

I just installed the client in a sandbox, and i see NO true malicious activity.

I will take a look at the server side later on. :)

ESET gave no warnings or issues during client install.

 

I have potentially unsafe applications allowed in ESET software.

Link to comment
Share on other sites

Thank you Arakasi. I'll check what exactly it is being flagged as, as I thought it was being flagged as "unwanted" rather than as "unsafe". Do note it is flagged in Operating Memory and not whilst downloading although I can easily try downloading it again and see what happens. The application is quite safe, I've been using it for many years.

 

The offending executable is called "rserver3.exe" with the file path in the "SysWOW64/rserver30/" folder (don't know why there is a path when the exe is in operating memory). So you need radmin server and not the client application.

 

It might, and I say might, be flagged because I have a version that does NOT display a tray icon (not for the wrong reasons:-))

 

edit: flagged as unsafe indeed, not unwanted! You were right

Edited by Jeroen1000
Link to comment
Share on other sites

I think it is properly excluded however, I cannot exclude things from operating memory. I can give you remote access to check for yourself in case I missed something. 

Link to comment
Share on other sites

Hi Marcos,

 

I've excluded a whole bunch:-) see the 2nd screenshot. But the startup-scanner keeps complaining (see the 1st screenshot).

post-2862-0-94145900-1391025549_thumb.jpg

post-2862-0-26166400-1391025556_thumb.jpg

Edited by Jeroen1000
Link to comment
Share on other sites

  • Administrators
  • Solution

Excluding "C:\Windows\SysWOW64\rserver30\rserver3.exe" without the detection name should do the trick. We're investigating why it doesn't work with the detection name specified.

Link to comment
Share on other sites

  • 2 weeks later...
  • Administrators

I have already provided a solution to your issue. Don't wait for a fix as this will take some time but remove the exclusions with the detection name and add them manually, ie. not from the yellow window shown when a potentially unwanted / unsafe application is detected.

Link to comment
Share on other sites

  • 3 weeks later...

Sorry, I had missed that solution! I've tried it and gave it a test run and it looks like the dectections are no longer happening.

 

Many thanks!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...