Replies: 16 comments 13 replies
-
Thanks, how to contact them for above? |
Beta Was this translation helpful? Give feedback.
-
Bitdefender false positive report: |
Beta Was this translation helpful? Give feedback.
-
AVG and Avast are complete "bottom" and not antiviruses, Kaspersky probably went to github :) |
Beta Was this translation helpful? Give feedback.
-
https://www.reddit.com/r/MeshCentral/comments/13fv0uy/bitdefender_removing_meshcentral/ |
Beta Was this translation helpful? Give feedback.
-
@rustdesk I maintain the Chocolatey package for installing Rustdesk on Windows, and the most recent releases have been flagged by the virus scanners. They would like a statement or documentation indicating that the package is not malicious and that you're working to resolve false positives with the antivirus providers (see their request on https://community.chocolatey.org/packages/rustdesk.portable/1.2.1). Once that's provided they can publish the more recent packages. Thanks for anything you are able to provide. |
Beta Was this translation helpful? Give feedback.
-
This has been covered quite afew times. The nature of rustdesk means it’s categorised as greyware by AVs, the codes there anyone can check. AV companies don’t like it cause bad actors have been using rustdesk recently. |
Beta Was this translation helpful? Give feedback.
-
FWIW, version 1.2.1 was flagged by 9 security vendors, and version 1.2.2 was only flagged by 3. Not sure if something changed between versions, or if the other security vendors just haven't seen the new binary enough to flag it yet. |
Beta Was this translation helpful? Give feedback.
-
Still a problem with BitDefender today. I have reported it via their reporting tool (both the files and the URL). Annoyingly if you whitelist it in BitDefender it still fails to load (stupid anti-virus). |
Beta Was this translation helpful? Give feedback.
-
I have just reported the false positive to them also and am opening dialog with alot of the AV companies |
Beta Was this translation helpful? Give feedback.
-
JFTR, rustdesk 1.2.3 does not seem to be flagged as malicious anymore: (Only ArcSight Threat Intelligence flags it as 'suspicious'). |
Beta Was this translation helpful? Give feedback.
-
he is suspicious because he provides remote access |
Beta Was this translation helpful? Give feedback.
-
Just checked the situation again and I noticed that VirusTotal shows two different results.
The URL is marked as "No security vendors flagged this URL as malicious", while the file ( Looking at the "Security vendors' analysis", one can see that the "malicious" flags are named something like "RiskWare", "not-a-virus" / "RemoteAdmin". Not sure, why something like TeamViewer is not flagged the same. However, we should try to report "false positives" to each vendor (search for "$AV-VENDOR false positive report" with your favorite search engine. I.e. I just submitted the object for reanalysis at Kaspersky: https://opentip.kaspersky.com/23B661D7BC171CD500D5096456905283FFE06479582B62D3BD5066633935D43E/results?tab=upload and wrote:
We should do the same with the other vendors (feel free to improve the text). FYI, Chocolatey rejects files automatically if more than 6 vendors flag a file as malicious: https://community.chocolatey.org/packages/rustdesk.portable/1.2.3#files. @bdukes: You might point the Reviewer/Moderator to this discussion and ask the Moderator for approval. And: Please change the title from "RestDesk and Antiviruses" to "RustDesk: False Positives from Antivirus Vendors" (or at least change "RestDesk" to "RustDesk"). |
Beta Was this translation helpful? Give feedback.
-
Kaspersky will remove the false positive from RustDesk 1.2.4 version. |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
I noticed that RustDesk 1.2.0 triggers antivirus programs.
I reported false positive to Kaspersky, AVG and Avast.
Kaspersky promptly responded that they will fix false positive.
AVG and Avast also responded quickly but they said they will not fix it as they are sure it is malicious and they require author to contact them for further proceedings in order to make sure it is not malicious.
https://www.virustotal.com/gui/file/223b04c60c21e23cf5fb2d484572de2f98bff4697a5869dc34854bba3e873262/detection
Beta Was this translation helpful? Give feedback.
All reactions