Jump to content

AMMYY ADMIN False Positive - RiskWare.RAAmmyy


Recommended Posts

Ammyy is a remote control lightweight program similar to TeamViewer and although it can be used maliciously like any other remote control program its not a trojan!  I've been using it for 4 years now and all of a sudden Malwarebytes wants to tag it as a trojan.  Support tickets with AMMYY Support have confirmed this is a false positive and that Malwarebytes needs to fix the detection.

 

RiskWare.RAAmmyy, C:\Users\Brian\Downloads\ammyy\AllenGeeks_QS.exe, No Action By User, [9817336dfc8fa88e6551d749b34eb24e], 

 

This is from http://www.ammyy.com/AA_v3.exe

 

We use a paid license that allows us to customize the executable with some permission specifics but even the original file is identified as RiskWare.RAAmmyy

 

Teamviewer is just as risky.  LogmeIn is just as risky.  Yet we aren't blocking those programs!

 

Being this program is used to help fix customer computers its extremely hard to walk them thru removing from quarantine!  We need Malwarebytes to stop blocking this legitimate program!

 

 

AllenGeeks_QS.zip

6.txt

Link to post
Share on other sites

Microsoft Antimalware Submission

========          

Submission ID MMPC15120327789587   

               

  Submitted Files              

  =============================================              

  AllenGeeks_QS.exe [Not Malware]       

              

              

Your submission was scanned using antimalware definition version 1.211.1724.0.               

========           

Link to post
Share on other sites

Hi,

 

We are detecting correctly here as RiskWare.RAAmmyy - not as a Trojan, not as a Virus, but as Riskware. One of the main reasons is that we often see this installed by malware as well, so the attacker can get remote access of the victims computer. I am sure you can see that users would like to be aware of this.

This is the same reason why a lot of other AntiVirus detect this as well:

https://www.virustotal.com/en/file/e91159c3c587252d1122b6c73284db6834fd2c1c38efd3c913500331d1c9cef0/analysis/

Link to post
Share on other sites

That is not what the Premium version of Malwarebytes is doing.  Its not making anyone aware, it silently quarantines the file and the novice user is unaware of how to reverse the action.  Other virus programs prompt asking the user if they want to trust the program.  For 'riskware' Malwarebytes should be doing the same, creating a popup and making it easy to reverse the automatic action and trust the application.  I still can't understand why you would block AMMYY but not TEAMVIEWER other than the later would sue your company into oblivion if you blocked their software silently like you do AMMYY

Link to post
Share on other sites

That's probably for a next version, where we should implement a voice recognition module and alert when the words "Microsoft Tech Support" or "Windows Technical Department Support Group" are mentioned from someone with a heavy Indian accent. :P

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.