Spyware.Remoteadmin.R

Huji

Attached you will find a copy of r_server.exe file, the server file of Remote Administrator. This is detected as infected with Spyware.Remoteadmin.R however, this is not a spyware for people who are using Remote Administrator intentionally for their remote access issues.

I think we should have a way to exclude this file from BitDefender scans or let BitDefender know that we trust this file.

Hope you will oblige

PS: The file is located in C:\Windows\System 32\ and the attached archive is password protected, the password is: infected

/applications/core/interface/file/attachment.php?id=173" data-fileid="173" rel="">radmin.zip

Cd-MaN

The signature for this file have been removed. However we can not exclude all remote admin tools because we have to account for the scenario when the "malware" is just a SFX archive (or an installer) which drops some pre-configured remote admin tools. This is why we (and many other AV products) detect these tools.

Some ideas on how to make your products less "suspicious" in the eye of virus researchers in general (these are my personal opinion and may or may not represent the opinion of any of my current or former employers):

• Add (correct) version information to your files
• Don't use tricks like in-memory decryption of code

Others which don't necessarily apply to your product:

• Don't pack your executable. Packers can make your program look more suspicious, offer almost no added protection and may impact the performance negatively (both because they consume processor time and because they prevent the memory manager to do an efficient management of the available system resources)
• Don't copy your executable to "privileged" locations like the windows or system directory