Jump to content

Recommended Posts

Hello there!

1) Our company deploys a utility for remote support, based on VNC (RFB protocol).

2) The utility can be found here: www.suportedireto.com.br/demo , and there are a plenty of versions, one for each customer.

3) Each customer has their .EXE version, with branding and support contact info (see attached image gallery)

4) Each app has it's own DDNS built in, pointing to <SOMEHOST>.suportedireto.com   (this time without .BR)

5) When a customer uses our APP with MalwareBytes active, it detects the app as a Trojan, during connection to HTTP, as we can see on attached screenshot.

6) Since we use DDNS, there is no fixed IP we can provide to try to whitelist.

7) there is also attached one txt log 

8) there is no specific TCP port, some users have 443 port available, other 4020, 4021, 6001, 6002 and others.

 

Currently we ask users to deactivate MalwareBytes temporarily, but this is not a good practice.

Please let us know how can we solve this issue!

ddns-blocked-ultravnc-trojan-false-positive.png

example-of-apps.png

demo_suportedireto_com_false_positive.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.