Jump to content
millsys

AMMYY ADMIN False Positive - RiskWare.RAAmmyy

Recommended Posts

Ammyy is a remote control lightweight program similar to TeamViewer and although it can be used maliciously like any other remote control program its not a trojan!  I've been using it for 4 years now and all of a sudden Malwarebytes wants to tag it as a trojan.  Support tickets with AMMYY Support have confirmed this is a false positive and that Malwarebytes needs to fix the detection.

 

RiskWare.RAAmmyy, C:\Users\Brian\Downloads\ammyy\AllenGeeks_QS.exe, No Action By User, [9817336dfc8fa88e6551d749b34eb24e], 

 

This is from http://www.ammyy.com/AA_v3.exe

 

We use a paid license that allows us to customize the executable with some permission specifics but even the original file is identified as RiskWare.RAAmmyy

 

Teamviewer is just as risky.  LogmeIn is just as risky.  Yet we aren't blocking those programs!

 

Being this program is used to help fix customer computers its extremely hard to walk them thru removing from quarantine!  We need Malwarebytes to stop blocking this legitimate program!

 

 

AllenGeeks_QS.zip

6.txt

Share this post


Link to post
Share on other sites

Microsoft Antimalware Submission

========          

Submission ID MMPC15120327789587   

               

  Submitted Files              

  =============================================              

  AllenGeeks_QS.exe [Not Malware]       

              

              

Your submission was scanned using antimalware definition version 1.211.1724.0.               

========           

Share this post


Link to post
Share on other sites

Hi,

 

We are detecting correctly here as RiskWare.RAAmmyy - not as a Trojan, not as a Virus, but as Riskware. One of the main reasons is that we often see this installed by malware as well, so the attacker can get remote access of the victims computer. I am sure you can see that users would like to be aware of this.

This is the same reason why a lot of other AntiVirus detect this as well:

https://www.virustotal.com/en/file/e91159c3c587252d1122b6c73284db6834fd2c1c38efd3c913500331d1c9cef0/analysis/

Share this post


Link to post
Share on other sites

Ok so when will you start blocking TeamViewer, Join.me, and LogMeIn????  Used just as often by scammers/hackers

Share this post


Link to post
Share on other sites

That's also what we do with most customized versions of above, although Join.me and LogMeIn isn't that frequently bundled by malware.

We just want to make the users aware of its presence that it might be a risk.

Share this post


Link to post
Share on other sites

That is not what the Premium version of Malwarebytes is doing.  Its not making anyone aware, it silently quarantines the file and the novice user is unaware of how to reverse the action.  Other virus programs prompt asking the user if they want to trust the program.  For 'riskware' Malwarebytes should be doing the same, creating a popup and making it easy to reverse the automatic action and trust the application.  I still can't understand why you would block AMMYY but not TEAMVIEWER other than the later would sue your company into oblivion if you blocked their software silently like you do AMMYY

Share this post


Link to post
Share on other sites

We will adjust detection to PUP.Optional for this one instead of Riskware.

We however do detect customized versions of Teamviewer as well.

Share this post


Link to post
Share on other sites

Very much appreciated.  Now if we could have Malwarebytes block the bogus Microsoft phone calls that would probably help the most :)  

Share this post


Link to post
Share on other sites

That's probably for a next version, where we should implement a voice recognition module and alert when the words "Microsoft Tech Support" or "Windows Technical Department Support Group" are mentioned from someone with a heavy Indian accent. :P

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.