False positive ? Win32/RAdmin.22 application

HI all,

Any way to avoid this from happening.

This is a false positive, rAdmin is used on the PC to remote onto servers.

 

Exclude that application in AMON

or

AMON> Setup> Options

Remove the tick from "Potentially unsafe applications".

Cheers

 

This is not a false positive. In these days, antiviruses protect you from a lot more than just viruses (file-infectors). Antiviruses may protection from the following (including viruses/file-infectors): trojans, worms, spyware, adware and potentially harmful applications or applications that may be used in a harmful way (such as rAdmin in your case), which NOD32 is telling you that it is an application and not a virus or trojan or anything like that.

 

Potentially unsafe applications are commercial programs which might be exploited for malicious purposes, etc. (e.g. tools for remote access and administration). It could be legitimate applications with dual use capability.

 

Ok,

I have tried everything I know of to keep Radmin from being deleted. I have r_server.exe in \Windows\system32 I have added it to the exclusion list in Amon, pushed that out, still it catches it and removes it ever time. So I added the filename without he path, same thing. Potentially unsafe is unchecked in Amon.

How can I stop NOD32 from removing r_server.exe

Just used Remote Administrator Console to check it one last time, it's set right, but it continually removes that file.

Thanks,
RushB

 

Hi RushB, what version are you using, and do you have "potentially unsafe applications" ticked in the profile, as this needs to be unticked.

Cheers

 

Nope, it's not ticked. I am running 2.70.32 throughout our school district.

 

We have the same problem. Radmin is excluded but I get the following detected:

C:\WINDOWS\SYSTEM32\r_server.exe::$DATA
C:\WINDOWS\SYSTEM32\admdll.dll::$DATA

Sounds like the NTFS alternate stream to me.

I tried to add it to the exclude list but it didnt like it.

I really do not want to disable the "Potentially unsafe apps" option and we use RADMIN throughout our business.

Any ideas?

Greg.

 

Potentially unsafe applications cover ONLY commercial programs (mostly remote administration tools) that might be exploited. Theoretically we should also detect ftp.exe which is a part of Windows Potentially unsafe app should remain disabled in a network environment.