Community


RU removed by Bitdefender

Links used in this discussion
Artur Kmita, User (Posts: 9)
Jun 21, 2018 1:50:54 pm EDT
Support level: Starter
Hi all

All of our 20 remote systems are now unavailable after RU was automatically removed by Bitdefender Client Security. We use our own server. Here's the message.

"Advanced Threat Control has blocked the launch of a process that has been detected as malicious.C:\Program Files (x86)\Remote Utilities - Viewer\Server\rutserv.exe"

Malware type: Application.RemoteAdmin.RIA

Already reported to Bitdefender as a False Positive but it didn't help. They think it is a type of a malware. Any help please?

Folders are excluded from scanning. We can't even run the RU installer.
Edited:Artur Kmita - Jun 21, 2018 1:51:37 pm EDT
Conrad, Support (Posts: 3034)
Jun 21, 2018 2:03:35 pm EDT
Hello Artur,

Thank you for your message.

Already reported to Bitdefender as a False Positive but it didn't help.

Do you mean you reported to BitDefender that they blocked legitimate software on your computers and they refused to help? That is, they can simply "think" that you shouldn't use certain legitimate software because they say so.

Unfortunately, I don't know how we can help in this situation. How can an antivirus software vendor that cannot distinguish between good and bad software even be trusted? What if they are similarly incapable of detecting real malware when time comes and thus jeopardize security of your systems?
westmindltd, User (Posts: 9)
Jun 21, 2018 2:18:33 pm EDT
Support level: Starter
Hi Conrad

And the funny part is that the Home [free] edition of BD ignores RU installer and the software itself.
Conrad, Support (Posts: 3034)
Jun 21, 2018 2:56:55 pm EDT

westmindltd wrote:

Hi Conrad

And the funny part is that the Home [free] edition of BD ignores RU installer and the software itself.

Hello,

Thanks for the details. Yes, apparently there is some inconsistency about this detection. Even more unusual is the fact that this version has been around for almost a year now (the last 6.8.0.1 build was released in August 2017) and only now BitDefender decided, all of a sudden, that it's "malware".

Remote Utilities beta 6.9 has been released today, by the way:
https://www.remoteutilities.com/download/beta.php
westmindltd, User (Posts: 9)
Jun 21, 2018 5:02:06 pm EDT
Support level: Starter
It's getting worse. Just ran BD scan on 6.9 New software, new malware detected.
-----------------------
D:\downloads\RU Beta\viewer6.9.portable.b.zip=>ru.viewer.portable=>rutview.exe=>(Embedded EXE 4r)
Gen:Trojan.Heur.DP.ZT0@aqKIFxni
Infected

D:\downloads\RU Beta\viewer6.9.portable.b.zip=>ru.viewer.portable=>rutview.exe=>(Embedded EXE 5r)
Gen:Trojan.Heur.DP.ZT0@aKk6QAji
Infected

----------------------
Attached Files
RU removed by Bitdefender
westmindltd, User (Posts: 9)
Jun 21, 2018 5:03:39 pm EDT
Support level: Starter
Virus total thinks the same. Not good.
viewer6.9.portable.b.zip
westmindltd, User (Posts: 9)
Jun 21, 2018 5:06:17 pm EDT
Support level: Starter
Conrad, Support (Posts: 3034)
Jun 21, 2018 7:16:03 pm EDT
Hello,

Gen:Trojan.Heur.DP.ZT0@aqKIFxni
Infected

Note the "heur" part that means "heuristic". The file is new, the antivirus program just doesn't know about it yet and classifies it as malware using heuristics algorithms.  This is true about all other links that you provided below - take a closer look at detection names. Most of them either say "heuristic" or "riskware" (potentially unwanted program/application, PUA).

Besides, for any new release antivirus programs start to immediately classify the software as riskware or even malware. This time there are very few actually. It used to be much worse with previous releases where we could easily get 20+ false positive detections on new build.

This is how antivirus software works these days - they prefer to be on the safe side and block just everything that might be dangerous (remote software is usually in this category). It usually takes a couple of weeks of sending false positive requests before the detections are removed.
westmindltd, User (Posts: 9)
Jun 21, 2018 8:17:22 pm EDT
Support level: Starter
Regardless of the terminology and intentions, we need a solution please. Currently, we can't connect to 17 machines. Unable to reinstall [BD stops it]. We would have to travel to 9 remote locations to get things to work as users don't have admin rights on the affected remote machines. RU was purchased not so long ago, our own server set up and so much time spent. For some reason, similar [competitors] software isn't stopped by BD. We just tried 4 different ones on our machines. All good. There must be something not right within the code of RU what triggers alarm.
Conrad, Support (Posts: 3034)
Jun 22, 2018 3:20:24 am EDT
Hello,

Regardless of the terminology and intentions, we need a solution please.

I understand. But what kind of solution can we provide? As I mentioned, this 6.8.0.1 installer has been around for almost a year and clear of all a/v detections except just a couple of benign "riskware" classifications. There are hundreds of thousands of users who downloaded and use this very build. Also neither Symantec nor McAfee and TrendMicro treated this file as dangerous.  

For some reason, similar [competitors] software isn't stopped by BD. We just tried 4 different ones on our machines. All good. There must be something not right within the code of RU what triggers alarm.

The code didn't change, it's the same code as it has been since August 2017.

We are in constant contact with major antivirus software vendors (e.g. Kaspersky, Webroot etc.) and all of them are very helpful and responsive when it comes to fixing the detection issues. However, some antivirus vendors are not as good in this respect. Still, we will try contacting them today and figure out the issue. In fact, we will be asking them to treat their own customers better and not to block legitimate software on their computers, however strange that may sound. Well, if they cannot take care about their own customers (who paid them money for their "antivirus solution"), we will.

* Website time zone: America/New_York (UTC -5)