HI all,

Any way to avoid this from happening.

{QUOTE-> 3/7/2007 10:12:18 AM - AMON - File system monitor Program Virus Alert triggered on PC1: C:\WINDOWS\SYSTEM32\R_SERVER.EXE infected with Win32/RAdmin.22 application. <-QUOTE}

This is a false positive, rAdmin is used on the PC to remote onto servers.

Exclude that application in AMON

or

AMON> Setup> Options

Remove the tick from "Potentially unsafe applications".

Cheers ;D

{QUOTE-> HI all,

Any way to avoid this from happening.



This is a false positive, rAdmin is used on the PC to remote onto servers. <-QUOTE}

This is not a false positive. In these days, antiviruses protect you from a lot more than just viruses (file-infectors). Antiviruses may protection from the following (including viruses/file-infectors): trojans, worms, spyware, adware and potentially harmful applications or applications that may be used in a harmful way (such as rAdmin in your case), which NOD32 is telling you that it is an application and not a virus or trojan or anything like that.

Potentially unsafe applications are commercial programs which might be exploited for malicious purposes, etc. (e.g. tools for remote access and administration). It could be legitimate applications with dual use capability.

Ok,

I have tried everything I know of to keep Radmin from being deleted. I have r_server.exe in \Windows\system32 I have added it to the exclusion list in Amon, pushed that out, still it catches it and removes it ever time. So I added the filename without he path, same thing. Potentially unsafe is unchecked in Amon.

How can I stop NOD32 from removing r_server.exe???

Just used Remote Administrator Console to check it one last time, it's set right, but it continually removes that file.

Thanks,
RushB

Hi RushB, what version are you using, and do you have "potentially unsafe applications" ticked in the profile, as this needs to be unticked.

Cheers ;D

Nope, it's not ticked. I am running 2.70.32 throughout our school district.

We have the same problem. Radmin is excluded but I get the following detected:

C:\WINDOWS\SYSTEM32\r_server.exe::$DATA
C:\WINDOWS\SYSTEM32\admdll.dll::$DATA

Sounds like the NTFS alternate stream to me.

I tried to add it to the exclude list but it didnt like it. :)

I really do not want to disable the "Potentially unsafe apps" option and we use RADMIN throughout our business.

Any ideas?

Greg.

Potentially unsafe applications cover ONLY commercial programs (mostly remote administration tools) that might be exploited. Theoretically we should also detect ftp.exe which is a part of Windows :) Potentially unsafe app should remain disabled in a network environment.