Jump to content

False positives and exceptions: mitigation/better handling from console?

Recommended Posts

We have purchased Remote Utilities and installed it for IT support purposes. Some days ago due to our ESET license expiring and till the renewal taking place we decided to enforce the antivirus-maximum protection policy.

Today around 100 Remote Utilities installations were eradicated. Upon investigation it seems that the specific ESET policy switches potentially unsafe application handling (reporting and protection) from off to balanced.

This action had us running around, trying to restore connectivity for teleworkers. Until I found out that the policy to change was the one written above, I was trying to find how to effectively add exceptions for Win32/RemoteAdmin.RemoteUtilities.W (as well as .X and .H variants). What is strange enough is that some Teamviewer installations we have were not harmed at all, whereas all Remote Utilities installations were damaged to the bone!

1) What's the fastest way to add an exception to ESET Protect? From the KB, it seems as though this feature has been crippled on ESET Protect, whereas on ERA/ESMC worked just fine (IIRC)

2) Granted, Remote utilities is a remote control (hence potentially unsafe) app, but why on earth is it a "bad" remote access package and Teamviewer a "good" one?

We switched to ESET upon my recommendation, mainly for the quality of the signatures, was I wrong in making such a decision?

I'm off trying to salvage what I can from the broken installations...

Link to post
Share on other sites
  • Administrators

The RU configurator creates  a custom encrypted sfx with RU and settings pre-configured by the user. It supports silent installation with an option to inform possible attacker about successful installation.

An example of such RU-based malware is https://www.virustotal.com/gui/file/89bbc2f17098224b315c84003ee828959cd1e2155b3415cff861dd0c8a43d875/detection

The app is detected as potentially unsafe, ie. it's not detected with default settings.

If you want to use it and create an exclusion for any version of the detected file(s), add the file(s) to performance exclusions via a policy.

Link to post
Share on other sites
2 hours ago, Marcos said:

If you want to use it and create an exclusion for any version of the detected file(s), add the file(s) to performance exclusions via a policy.

How can I do that in ESET protect 8?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...