Endpoint Protection

 View Only
  • 1.  Why is Remote Administrator (Remacc.Radmin) considered a "Risk"?

    Posted Dec 03, 2009 05:45 PM
    We know that it's a risk, but what was the justification for defining Remote Administrator as a risk?

    This is extremely frustrating for us, as we use Radmin for a lot of our day-to-day work, and people get frustrated when SEP quarantines it and they have to unquarantine it, or have to re-install it.

    Can it be REMOVED as a risk?

    Thank you


  • 2.  RE: Why is Remote Administrator (Remacc.Radmin) considered a "Risk"?

    Posted Dec 03, 2009 06:47 PM
    All you have to do is add it as an exception in the SEPM. Here is the guide to do so http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/2e47fa3acc0706c6882573b5005b4458?OpenDocument. Feel free to write back or PM with any questions.

    Hope this helps,
    Grant


  • 3.  RE: Why is Remote Administrator (Remacc.Radmin) considered a "Risk"?

    Posted Dec 03, 2009 06:53 PM
    I know how to add it as a Risk Exception, and I've already done that, but what I need to know is "why" it was designated as a Risk Exception by Symantec?


  • 4.  RE: Why is Remote Administrator (Remacc.Radmin) considered a "Risk"?
    Best Answer

    Posted Dec 03, 2009 07:00 PM
    Oh sorry well you said that you were frustrated when SEP quarantines it so I assumed you didn't have it added as an exception. Anyway it makes sense that a program like Radmin might get flagged as a risk. Literally Radmin is letting one person completely take control of another computer so since SEP (and almost every other modern anti-virus) use heuristic detection you are bound to get some false positives. Just to be clear heuristic detection is detecting threats based off of their behavior. Since the behavior of this program is to control another computer then it might be hard from some anti-virus programs to distinguish it from a virus. But this is why we have exceptions so if you add it as an exception you should never have to think about it again.

    Sorry about the false positive,
    Grant



  • 5.  RE: Why is Remote Administrator (Remacc.Radmin) considered a "Risk"?

    Posted Dec 03, 2009 07:03 PM
    Sorry I forgot to add that you should check out this guide http://seer.entsupport.symantec.com/docs/331071.htm. It talks more abotu heuristic dectection and how to set the sensitivity level higher so you don't get as many false positives (keep in mind you don't get as good of protection, there is always this trade-off).

    Grant-


  • 6.  RE: Why is Remote Administrator (Remacc.Radmin) considered a "Risk"?

    Posted Dec 03, 2009 07:36 PM
    Thank you, that explains it.

    Dan