Avast WEBforum
Business Products => Archive (Legacy) => Avast Business => Avast Distributed Network Manager => Topic started by: [QEH]Nick on May 23, 2006, 11:49:19 AM
-
Just recently (since yesterday I think) Avast has been deleting VNCHOOKS.DLL and calling it WIN32-Radmin[Tool].
This is causing us some headaches as we use VNC in our support duties.
I've marked up an exception in the meantime, but it will take a couple of days for that to deseminate and take effect.
Is this a deliberated detection or a false positive?
-
same here--- headache!
-
It is an intentional detection (VNC - remote admin). It's marked as [Tool] - ie. potentially dangerous application...
However, given the feedback we've got from this, we've decided to remove the detection for now.
Hopefully, the headaches were not TOO hard - I mean, I hope you don't have VNC installed on a large number of machines...
I apologize for this trouble. Seems that before we can add these remote admin tools into the database, we'll have to provide you with a way to ignore them.
-
We do have it on all our machines, but it's been modified to not be active unless we initiate a connection.
Just a thought, why target the DLL instead of the EXE in that case?
-
And the exe itself is not being detected?
It might be that the code that matters (i.e. the "backdoor" handling code) really resides in the DLL - hence the DLL is what gets detected...
-
only the dll - on all our pcs... 80 seats...
-
it shows up also as I am downloading opensuse 12.1