Community


RUT Download Failure

Links used in this discussion
Allan Knox, User (Posts: 4)
Jun 26, 2015 10:14:01 am EDT
Support level: Free or trial
I have just tried to download the latest RUT (v6.0.4) and just before completion, Google advises that the download has been blocked because RUT6.zip will "harm my browsing experience".  The same thing happened with a separate host download.  (My background Virus Checker is Kaspersky, but the report specified a Google blockage.)  Any advice?
Edited:Allan Knox - Jun 26, 2015 10:14:50 am EDT (Mistype)
Conrad Sallian, Support (Posts: 3049)
Jun 26, 2015 11:45:15 am EDT
Hello Allan,

Yes, thank you for reporting this. It's all the more strange to see such a false positive given the fact that we removed the "hide tray icon" feature in the last version just because antivirus programs used to frown upon that.

Anyway, we have just submitted a request to Google to reconsider their "detection".
Allan Knox, User (Posts: 4)
Jun 26, 2015 11:53:26 am EDT
Support level: Free or trial
Just for the record, Kaspersky itself reported the various RUT files during a full scan as "genuine software which could be misused by intruders".   However, it did at least give the option of clearing it for use, and clicking a checkbox to apply the same rule to all similar discoveries (as in backups etc.).
Allan Knox, User (Posts: 4)
Jun 26, 2015 12:00:29 pm EDT
Support level: Free or trial
By way of an update, I have just successfully downloaded the zip file on Internet Explorer and it not only downloaded without a qualm, but also passed an inbound file security scan.
Conrad Sallian, Support (Posts: 3049)
Jun 26, 2015 12:01:18 pm EDT
Allan,

Yes, this is a so-called "not-a-virus" category. The file is not necessarily deleted, Kaspersky is only warning the user that the software is "potentially dangerous" meaning that it can be dangerous if misused.
Conrad Sallian, Support (Posts: 3049)
Jun 26, 2015 12:05:21 pm EDT

Allan Knox wrote:
By way of an update, I have just successfully downloaded the zip file on Internet Explorer and it not only downloaded without a qualm, but also passed an inbound file security scan.

The last time when Google/Chrome detected our zip archive as "malware" , a couple of months ago, they responded to our request very quickly and removed the false positive within hours. So we hope they will be as quick this time.

Strangely enough, they don't detect Viewer and Host as such , although the zip archive is nothing more than just the same Viewer and Host msi files zipped.  It seems like they don't even look at the contents, and simply "detect by name".
Allan Knox, User (Posts: 4)
Jun 26, 2015 2:06:15 pm EDT
Support level: Free or trial
In fact, Google also rejected the host msi as a separate download this time.
Conrad Sallian, Support (Posts: 3049)
Jun 26, 2015 5:54:25 pm EDT
Hello Allan,

We received a response from them just now. They say that's it's still "malware". Funny thing is - they call the threat "Undetermined malware" and they don't even give any details as for what type/class of "malware" it is.

We will keep sending the requests though.
john kumpf, User (Posts: 85)
Jun 30, 2015 7:02:38 pm EDT
Support level: Free or trial
I just downloaded agent.exe v6.3 in Firefox 38.0.5 from https://www.remoteutilities.com/download/
(direct link to file: https://www.remoteutilities.com/download/agent/ )
sha256 = 1b71e579af7c138736de3dce6fcfa1c3a173be66be0e8bf5a8ffbd70a4a1­1296

And it downloaded without incident. A previous failure downloading in firefox was reported in this form: Downloading agent.exe in Firefox results in: blocked may contain a virus or spyware--but now it appears to work.  In that older post it suggests to workaround by setting 'browser.safebrowsing.malware.enabled' to false. But i did not need that this time; mine was set to true.

I also just tried in Chrome Browser "Version 43.0.2357.130 m" and it resulted in "agent.exe may harm your browsing experience, so Chrome has blocked it." There used to be a drop-down menu choice "Keep" but that's gone now. But you can go into "Show all downloads" and click "Recover malicious file" then you get another popup and have to click "Keep anyway" altho these exact details of what to click and what the exact text says will probably change over time.

Of course this is just to download it in the browser. Then you have to get thru your antivirus perhaps once when downloading and perhaps again when invoking.
Conrad Sallian, Support (Posts: 3049)
Jun 30, 2015 7:37:30 pm EDT
Thanks, John.

Update on this issue. It seems like the root cause for the Chrome issue is Symantec falsely detecting our program as risky/potentially dangerous. Which in itself is very strange given the fact that our digital certificate is issued by VeriSign and there haven't been any false positive issues with Symantec for very long. We assume that Chrome somehow uses the data from Symantec and aggregates them with data from other vendors, but we are not sure. We have already reported this to Symantec and hopefully the issue will be resolved soon.

It should be noted though that Google Chrome is very quick in going from a mere assumption to a final verdict. That is from the subtle "may harm your browsing experience" to calling the file as being outright malicious.  

UPD: sorry, just noticed that you have already provided the instruction in your message. So I've deleted mine

* Website time zone: America/New_York (UTC -5)