Community

I have the portable viewer on my work laptop (Win10 Pro) with Windows Defender. Today, all of a sudden, I couldn't launch the Viewer as it would close and disappear from my System Tray after double-clicking on it.  On a hunch, I checked Windows Defender, and sure enough there was a new detection, of the following virus: Trojan: Win32/Rundas!plock
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aWin32%2fRundas!plock&threatid=2147711527&enterprise=1

So now I'm unable to launch my Viewer, as the process gets killed right away. And for some reason, I'm unable to make an exception for it in Windows Defender, which may be a Group Policy in my corporate Windows 10.

This trojan has been around most of 2016, and most people claim it's a false positive, but being unable to add an exception for the Viewer exe in Defender, I'm stuck with no remote access.

Any suggestions?

Looks like the latest updates for Defender are allowing the Viewer to run in Windows 10.
Below is the current definition info:

And we're back to being blocked. Defender just updated a few minutes ago, and immediately it killed the Viewer process. So looks like whatever MS has done yesterday, they undid it today.

Still doing it after an defender update this morning and a fresh download of RU

:(

It's working for me this morning, with the current definition updates:

Conrad wrote:

Sorry for any inconvenience. By the way, perhaps it would speed up the process if you could submit a request too. It only takes a minute. Here is a link  https://www.microsoft.com/en-us/security/portal/submission/submit.aspx  

The file which is falsely detected is rutview.exe, it's the Viewer executable file. It can be found in C:\Program Files\Remote Utilities - Viewer\. You need to zip the file before uploading - the form doesn't allow files more than 10Mb to be attached.

Thanks.

Report submitted:

Submission ID: MMPC17021010805743
Submitted date: Feb 10, 2017 17:38 PM UTC