ConradS

Noted, thanks.

Just as I predicted, Malwarebytes started to falsely detect our newly released version (with newly released EV Code Signing signature) as dangerous. host-7.2.1.0.exe RiskWare.RemoteAdmin b0e60c543da4dbcbbf75aa18a2146dc9e6215a6708593f73121e88fac08ce4fa This is the installer file of the Remote Utilities Host module . The file can be downloaded from here: https://www.remoteutilities.com/download/host-7.2.1.0.exe Please, remove the detection. Thank you.

Hello, Remote Utilities 7.2.10 has just been released. Because we know that modern antivirus software are totally ignorant to any EV Code signing certificates and that they immediately flag as malicious just about any new file they get their hands on, I'm sending this message. Please, have your virus analysts review the new version files, namely rutserv.exe and rfusclient.exe and leave them alone. Consider that I'm writing this message pro-actively from the future. File hashes (you can find the detections on VirusTotal): 02278e9785dedc7bc505913db635a0b085df1c03765d7d80b9490bf3cbc27b66 7d89f8a4ecb91f9df1b5c73c36cad4433de274e6f4c0e1269483dc62331a4362 Thank you very much.

Hello, No, it's via the VirusTotal report that we found it out. I understand that the results shown by Malwarebytes in VT may differ from what is shown by the product version, at least at default settings. Here is the VT report https://tinyurl.com/nhhwyjfu Thanks.

Hello, According to VT MalwareBytes detects the file of Portable Viewer as malware. File hash: e9f14336b28e34b74976a9d15b1b61d966b18f7e99186e98317a6ae5b1862f77 Please, remove the detection. Thanks.

This.

Forgot to share a link with the customer request. Here it is. For your convenience I've also attached a zipped file in question. The archive password is 'infected'. Well, the file is not infected, of course. It's just a stupid tradition among antivirus software vendors to demand "zip file with the password 'infected'" :) rutserv.zip

Hello Malwarebytes, Our customer reports here that Remote Utilities Host main executable file rutserv.exe is being flagged as malicious by MalwareBytes. Could you please check this? File details Name: rutserv.exe Hash: ce5ba1e5d70d95d52b89a1b8278ff8dd4d1e25c38c90ca202b43bdc014795d78 Signature: yes, EV Code Signing issued to Remote Utilities LLC by Digicert Inc. P.S. VirusTotal reports doesn't show anything but we are reporting this anyway. Perhaps, the VT Malwarebytes engine shows different results than the one in the software. Thanks.

Hi Mieke, That's good to know. Unfortunately, we cannot test each and every engine of 60+ out there, that's why we use VirusTotal. Thank you.

Hello, New version of Remote Utilities has been released. According to VirusTotal Malwarebytes heuristics detects the following files as malware: https://www.virustotal.com/gui/file/76de0734b74659ca76e9fc5462fe125e17cd65790da255738c5a018cea9b7dac/detection/f-76de0734b74659ca76e9fc5462fe125e17cd65790da255738c5a018cea9b7dac-1616638194 Please, remove the detection. Thanks.

Hello, So you never whitelist remote access software based on digital signature? What about TeamViewer? Tech support scam has nothing to do with malware. It is social engineering.

According to VirusTotal report Malwarebytes detects the Host file again. https://www.virustotal.com/gui/file/d4d3ef9196b5dac53d1e06d738eb3e529578752bf9e8cfd2900a600d5f10a7e5/detection

Sorry for bothering you again, but here is a log our customer sent to us right now (I removed some personally identifiable information from the log): One question to you, sorry if that sounds a bit sarcastic. Are Malware virus analysts aware of the existing of digital certificates? I mean, that would really helped them a lot in their work if they were. For example, they could simply exclude the files digitally signed by Remote Utilities LLC (EV Code Signing issued by Digicert and Comodo) from the detection. That would save us all time and effort. What's the point detecting the same version/file over and over again if it's signed and not altered?

Yes, indeed. ) Thanks!

Hi Mieke, Here is the VIrusTotal report https://www.virustotal.com/gui/file/d4d3ef9196b5dac53d1e06d738eb3e529578752bf9e8cfd2900a600d5f10a7e5/detection . It shows the detection. However, the VirusTotal report on the Agent file (which I initially reported in this thread) no longer shows a detection. Thanks.

Hello, There is still the same detection on another similar file (Host), here is the VirusTotal report: https://www.virustotal.com/gui/file/d4d3ef9196b5dac53d1e06d738eb3e529578752bf9e8cfd2900a600d5f10a7e5/detection Thanks.

Thank you very much!

Additional information - this is a new version which was only released a few days ago. Quite expectedly there are a number of false positves. Any Remote Utilities files including this one are signed with either an EV Code Signing certificate (Digicert) or Code Signing certificate (Comodo) issued to Remote Utilities LLC.

Here is the VirusTotal report: https://www.virustotal.com/gui/file/53da1a16c1cd90fa7dd43e4e6d4bfb8b36ce8eb1d8918dda7aef01e9befbd1ff/detection/f-53da1a16c1cd90fa7dd43e4e6d4bfb8b36ce8eb1d8918dda7aef01e9befbd1ff-1615173008

Sorry, forgot to provide the file information: SHA=256: 53da1a16c1cd90fa7dd43e4e6d4bfb8b36ce8eb1d8918dda7aef01e9befbd1ff

Hello, According to VirusTotal.com Remote Utilities Agent 7.0.0.1 is mistakenly detected as Malware.AI.4277518362 . Please, remove the detection.