Community


RU removed by Bitdefender

Links used in this discussion
westmindltd, User (Posts: 9)
Oct 28, 2018 4:57:08 pm EDT
Support level: Starter
Because all of the AV programs we use across different networks flag RU as a dangerous software, we gave up on it months ago. License paid, unable to use the software, lesson learnt.
Conrad, Support (Posts: 3074)
Oct 28, 2018 5:38:32 pm EDT

westmindltd wrote:

Because all of the AV programs we use across different networks flag RU as a dangerous software, we gave up on it months ago. License paid, unable to use the software, lesson learnt.

Hello,

I can only agree with you. Many antivirus software today are extremely unreliable. If they cannot distinguish between legitimate software signed with an EV Code Signing certificate from unsigned and patched malware no one can guarantee that they can do their main job of protecting their customers from real viruses and trojans.
David Roudebush, User (Posts: 8)
Nov 12, 2018 8:34:33 pm EST
Support level: Free or trial
I've got Webroot SecureAnywhere trying to remove rwln.dll (the RU host) on our machines as a remote access hacker tool. Is there any third-party validation of the security of these program components?
Conrad Sallian, Support (Posts: 3074)
Nov 13, 2018 1:13:35 am EST
Hello David,

This is a false positive detection. According to VirusTotal our signed rwln.dll file is being detected only by Webroot and Eset https://www.virustotal.com/en/file/8a0254dae0ef28ab17baa7bf2954b5df08542fcd7a42e623­731efb06394df46e/analysis/1542078254/

We will send a false positive report to them and ask to remove the detection.
David Roudebush, User (Posts: 8)
Nov 13, 2018 1:36:32 am EST
Support level: Free or trial
Thank you. That was a fast and useful response.
Since putting in this comment, Webroot responded to me that they had seen RU used as a hacking tool, and that's why they were treating it that way. They advised me to white-list it on each machine. (!)
Conrad Sallian, Support (Posts: 3074)
Nov 13, 2018 1:41:58 am EST
Hello David,

Since putting in this comment, Webroot responded to me that they had seen RU used as a hacking tool, and that's why they were treating it that way.

That was a lazy answer. Just about any remote access tool can be used (and is used) for malicious purposes. Our legitimate and digitally signed files have nothing to do with patched builds or various other malware builds (such as droppers, loaders, etc). Isn't it the job of antivirus software to stop such malware?

Instead, they just found an easy way and decided to block the legitimate files too. You can write them that and ask them to do their job instead of trying to save their time by abusing legitimate software such as Remote Utilities.

* Website time zone: America/New_York (UTC -5)