Jump to content

False positives and exceptions: mitigation/better handling from console?


Recommended Posts

We have purchased Remote Utilities and installed it for IT support purposes. Some days ago due to our ESET license expiring and till the renewal taking place we decided to enforce the antivirus-maximum protection policy.

Today around 100 Remote Utilities installations were eradicated. Upon investigation it seems that the specific ESET policy switches potentially unsafe application handling (reporting and protection) from off to balanced.

This action had us running around, trying to restore connectivity for teleworkers. Until I found out that the policy to change was the one written above, I was trying to find how to effectively add exceptions for Win32/RemoteAdmin.RemoteUtilities.W (as well as .X and .H variants). What is strange enough is that some Teamviewer installations we have were not harmed at all, whereas all Remote Utilities installations were damaged to the bone!

1) What's the fastest way to add an exception to ESET Protect? From the KB, it seems as though this feature has been crippled on ESET Protect, whereas on ERA/ESMC worked just fine (IIRC)

2) Granted, Remote utilities is a remote control (hence potentially unsafe) app, but why on earth is it a "bad" remote access package and Teamviewer a "good" one?

We switched to ESET upon my recommendation, mainly for the quality of the signatures, was I wrong in making such a decision?

I'm off trying to salvage what I can from the broken installations...

Link to comment
Share on other sites

  • Administrators

The RU configurator creates  a custom encrypted sfx with RU and settings pre-configured by the user. It supports silent installation with an option to inform possible attacker about successful installation.

An example of such RU-based malware is https://www.virustotal.com/gui/file/89bbc2f17098224b315c84003ee828959cd1e2155b3415cff861dd0c8a43d875/detection

The app is detected as potentially unsafe, ie. it's not detected with default settings.

If you want to use it and create an exclusion for any version of the detected file(s), add the file(s) to performance exclusions via a policy.

Link to comment
Share on other sites

2 hours ago, Marcos said:

If you want to use it and create an exclusion for any version of the detected file(s), add the file(s) to performance exclusions via a policy.

How can I do that in ESET protect 8?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...