Community


False Positive on Avira

Links used in this discussion
Jean-Marc Schroot, User (Posts: 4)
Dec 04, 2014 8:24:07 am EST
Support level: Free or trial
Hello,

I have installed Remote Utilities some time ago on my computer. Unfortunately, RUTViewer.exe has been added as malware to Avira Antivirus. I uploaded the file to them a few days ago and this is what I got back as a result:

The file 'rutview.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Rogue.149760.1. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. Detection is added to our virus definition file (VDF) starting with version 7.11.186.164.

On Virustotal, which I checked yesterday, only 7 AV programs mark RUTviewer.exe as malware (which is quite nice, considering the files are tested with many more AV programs.

I read the forum so I know software like RUT can be threated as malware because of the type of program, but every time I start my computer, Avirus tries to remove/quarantaine the viewer and so, I'll never be able to use Viewer as long as Avira is on. I wish you'll be able better than me to convince Avira RUTViewer is not worth marking as malware and exclude it from the VDF. I don't need to use RUT very much at the moment but I like the program when I use it, so I wish Avira will remove the malware mark soon!

Thanks for this nice program!

jms319
Conrad Sallian, Support (Posts: 3074)
Dec 04, 2014 2:59:30 pm EST
Hello Jean-Marc,

Thank you for your report.

We will certainly send a false positive report to Avira. Meanwhile, you can try to add the program folder (C:\Program Files\Remote Utilities - Viewer\) to Avira exceptions list.

Hope that helps.
Jean-Marc Schroot, User (Posts: 4)
Dec 05, 2014 10:35:46 am EST
Support level: Free or trial
Hello Conrad,

Thanks for the quick reply. I'll try to add the folder to the Avira exceptions list. Until now, I only tried adding Viewer to be always ignored but without success. I always got that option after a scan and discovery from Avira of this false positive. Next scan, next false positive... So, I'll add the directory to be excluded and see what happens.

Best regards,

Jean-Marc
Edited:Jean-Marc Schroot - Dec 05, 2014 10:37:00 am EST
Conrad Sallian, Support (Posts: 3074)
Dec 05, 2014 10:39:04 am EST
Yes, adding directory with an asterisk at the end should help. I.e. "C:\Program Files\Remote Utilities - Viewer\*".

Please, note that if you have 64-bit operating system, the Viewer folder will be located in "Program Files (x86)"
Jean-Marc Schroot, User (Posts: 4)
Dec 22, 2014 10:49:15 am EST
Support level: Free or trial
Hello Conrad,

Thanks for the new info - and especially for the new version 6 of Remote Utilities!

I solved the problem with Avira another way this time (which doesn't solve the original problem with Avira and RUT Viewer 5.6.0.6). I simply installed version 6.0 and that solved the problem with Avira false positive. Maybe version 6 has the 'trojan' more hidden and Avira doesn't recognizes it anymore. I wish they'll keep it that way.

A small translation correction in Viewer 6.0: under 'File --> Options', the Dutch version says "Other" on the tab next to "Sneltoetsen", but that should be "Overig". It simply isn't translated into Dutch. I assume that has slipped through while translating and it's not a critical update worth. Somewhere in a next version, priority somewhere-at-the-bottom-of-the-list is OK for this.

Best regards,

Jean-Marc
Conrad Sallian, Support (Posts: 3074)
Dec 22, 2014 11:08:19 am EST
Hi Jean-Marc,

I solved the problem with Avira another way this time (which doesn't solve the original problem with Avira and RUT Viewer 5.6.0.6). I simply installed version 6.0 and that solved the problem with Avira false positive. Maybe version 6 has the 'trojan' more hidden and Avira doesn't recognizes it anymore. I wish they'll keep it that way.

Yes, we are getting better at hiding trojans, no doubt    [sarcasm] Seriously, I think Avira have just reconsidered the detection and updated its signature databases.


A small translation correction in Viewer 6.0: under 'File --> Options', the Dutch version says "Other" on the tab next to "Sneltoetsen", but that should be "Overig". It simply isn't translated into Dutch. I assume that has slipped through while translating and it's not a critical update worth. Somewhere in a next version, priority somewhere-at-the-bottom-of-the-list is OK for this.

Thanks for the info. Actually, the localized interface files are not yet fully updated. Usually, the English version is our first priority and within a month since a big release we also update everything else including the translations.
Jean-Marc Schroot, User (Posts: 4)
Feb 06, 2015 4:22:22 am EST
Support level: Free or trial
Hello Conrad,

Yesterday, after an update from the Avira virus database, I discovered that Avira again treats Rutview.exe (now version 6.0) again as a malware since they found a trojan (again) in the program. The 'trojan' stayed hidden for a long time . I wish the programmers at Avira will add Rutview.exe again to the exceptions. I don't see why they mark the viewer from Remote Utilities as malware but exclude  [censored] .

However, I found the solution to exclude RutView.exe from being detected:

  • Select Menu Extra's --> Configuration (F8)
  • Browse to Real-Time Protection --> Scan --> Exceptions
  • Add "C:\Program Files\Remote Utilities - Viewer\rutview.exe" to "File objects to be omitted by the Real-Time Protection" (the second box in the menu)

That worked for me (so probably I can help someone else by this post).

Best regards,

Jean-Marc
Conrad Sallian, Support (Posts: 3074)
Feb 06, 2015 11:35:59 am EST
Hello Jean-Marc

We are currently discussing this issue with Avira. We do not understand why Avira keeps treating a legitimate and digitally signed software as a trojan. We only hope that this is my mistake.

This is how to add the program to the exceptions list in Avira https://www.avira.com/en/blog/exceptions-avira-antivirus-3-steps

* Website time zone: America/New_York (UTC -5)