Logmein Rescue

Nod32 is detecting a FP of NewHeur_PEvirus against my users trying to run the remote access component of Logmein Rescue.

Please fix this urgently!

 

Hello Biscuit, please follow these steps: http://kb.eset.com/esetkb/index?page=content&id=SOLN141

Remember to include as much information as possible in the email.

 

Thanks for your reply.

I don't actually have the file as it is something run by users at the time of remote control. I therefore have nothing to send to Eset & by the time I realised the problem I could not ring them as they go home at 5:30pm on the dot.

With regular false positives for Prevx & now my being unable to use Logmein rescue, Nod32 is fast becoming a difficult product to use.

 

Well is there somewhere they can access the file in question?

Also, it's not ESET's fault Prevx design their product as they do, changing the heuristics would mean leaving users more vulnerable, the only solution is whitelisting the app.

 

I see the Prevx FP issue as more Nod32 trying not to help. I wonder what users would think if Nod32 ran a FP against every other security app?

 

Update

FP fixed as of 3908 defs.

 

Good to hear.

But they don't FP against every other security app, just this one because of the way it's designed.

 

(I'm jumping into this thread because it popped up on a Google Alert.)

I don't see what aspect of our designing would be causing these false positives. We digitally sign every component of our software and do not use any obfuscation in the installation so I'm really not sure what would be triggering the heuristics.

This is a recurring problem which does affect a number of our users and causes quite a hassle in customer support every time we release a new version. Non-technical customers frequently complain that we are sending them viruses, which presents a difficult situation when they don't understand the concept of a false positive.

If a representative from ESET could give us more details as to what we're doing that causes them to detect every new version heuristically, we would be more than happy to consider changes to make our products work better with their signatures, if it isn't possible for them to modify their heuristics without degrading their protection.

No other security product has this level of false positives against our software so I don't think there is anything inherently suspicious about the design which is triggering it.

Feel free to send me a PM if you're interested in resolving this problem and I will give you my email address so we can discuss this directly.