https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314228#M1368 <P>Hello,</P><P>&nbsp;</P><P>I heard back from our malware team, we have decided to keep this as malware based on their analysis.</P><P>&nbsp;</P><P>Best Regards,</P><P>Himani</P> Tue, 03 Mar 2020 17:56:07 GMT hisingh 2020-03-03T17:56:07Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/313358#M1357 <P>As of 2/27/2020&nbsp; TotalVirus is reporting EZhelp.20.exe as <SPAN class="individual-detection">Generic.ml</SPAN>&nbsp; for Palo Alto Networks</P><P>Please help.</P><P>I updated EZhelp20.exe to include the latest winvnc.exe released this week by ultravnc.com&nbsp; version 1.2.3.0 updated to 1.2.4.0 for security and features update.&nbsp; This small change is triggering a false positive.</P><P>&nbsp;</P><P>EZhelp is not a virus, malware, hacker tool or trojan and is not misleading in any way. Ezhelp does exactly what our users expect it to do and nothing more. It is a private helpdesk support program that uses ultravnc. Ezhelp is a portable program, that when ran by the user, puts its files in the user’s temp folder and it removes them when the user closes the program. The included files are SecureVNCPlugin.dsm, VNChooks.dll and winvnc.exe which can be found at the widely popular <A href="http://www.uvnc.com" target="_blank">www.uvnc.com</A> website. The included ultravnc.ini file increases security by preventing the user from accidentally allowing incoming connections into their own PC and only allows an outgoing secure encrypted connection to our helpdesk upon the user’s request. Those evaluating the software can look in the temp file and verify all of this. I am the author of the program and have been using it for two decades. Occasionally, EZhelp is updated to include the latest winvnc.exe from <A href="http://www.utravnc.com" target="_blank">www.utravnc.com</A> for its feature and security updates.&nbsp; Compiled with the popular Autoit default settings using UPX compression to reduce the file size by 30%</P><P>&nbsp;</P><P>The virustotal link is for this detection is here <A href="https://www.virustotal.com/gui/file/48bb201df975b6b34380a3a1805707b12cf55ee1f4e22a83de3c46c6445cbd4d/detection" target="_blank">https://www.virustotal.com/gui/file/48bb201df975b6b34380a3a1805707b12cf55ee1f4e22a83de3c46c6445cbd4d/detection</A></P><P>&nbsp;</P><P>EZhelp20.exe&nbsp; can be downloaded directly from here <A href="http://ezhelp.github.io/software/EZhelp20.exe" target="_blank">http://ezhelp.github.io/software/EZhelp20.exe</A></P><P>&nbsp;</P><P>Thank you in advance</P><P>CPC</P> Thu, 27 Feb 2020 18:36:48 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/313358#M1357 CantrellPC 2020-02-27T18:36:48Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/313981#M1362 <P>Hello,</P><P>&nbsp;</P><P>I have submitted the re-check request based on the hash. We could not download the file because the file was not zipped by a password, and will be blocked by the firewalls.</P><P>&nbsp;</P><P>Best</P><P>Himani</P> Mon, 02 Mar 2020 18:56:35 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/313981#M1362 hisingh 2020-03-02T18:56:35Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314228#M1368 <P>Hello,</P><P>&nbsp;</P><P>I heard back from our malware team, we have decided to keep this as malware based on their analysis.</P><P>&nbsp;</P><P>Best Regards,</P><P>Himani</P> Tue, 03 Mar 2020 17:56:07 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314228#M1368 hisingh 2020-03-03T17:56:07Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314236#M1370 <P>Thanks for your effort.</P><P>&nbsp;</P><P>Who and how do I contact someone to correct this?</P><P>I can review the source code with them line by line if needed.</P><P>&nbsp;</P><P>The program does exactly what our clients expect it to do and nothing more.&nbsp; It provides a secure reverse connection to only our helpdesk support using the popular winvnc. More secure then winvnc alone.&nbsp; It does nothing more then it should and I not misleading in any way.</P><P>&nbsp;</P><P>Thanks</P><P>CPC</P><P>&nbsp;</P> Tue, 03 Mar 2020 18:05:53 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314236#M1370 CantrellPC 2020-03-03T18:05:53Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314237#M1371 <P>I will also add...&nbsp; I few weeks ago when I submitted this, you did not consider it malware.&nbsp; It then included winvnc version 1.2.3.0.&nbsp; The only change in the program since is then it includes the updated opensoruce. winvnc.exe 1.2.4.0 from <A href="http://www.ultravnc.com" target="_blank">www.ultravnc.com</A> instead of 1.2.3.0</P> Tue, 03 Mar 2020 18:20:37 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314237#M1371 CantrellPC 2020-03-03T18:20:37Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314284#M1372 <P>Hello,</P><P>&nbsp;</P><P>Thank you for the new info, l will check again and update.</P><P>&nbsp;</P><P>Best</P><P>Himani</P> Tue, 03 Mar 2020 23:26:16 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314284#M1372 hisingh 2020-03-03T23:26:16Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314468#M1373 <P>Hello,</P><P>&nbsp;</P><P>Can you zip this file "EZhelp20.exe " with password "infected" and host somewhere we can download? Also, include the previous file that was not considered as malicious.</P><P>&nbsp;</P><P>kind regards</P> Wed, 04 Mar 2020 18:26:12 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314468#M1373 hisingh 2020-03-04T18:26:12Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314518#M1375 <P>Hello</P><P>&nbsp;</P><P>Here is a link for you.&nbsp; This zip includes several other zip files including the current version and previous version and a readme file for more information..</P><P><A href="https://1drv.ms/u/s!AvUqD-bsZBOogaAbHgzQPF2_UBNZEQ?e=UrRa1G" target="_blank">https://1drv.ms/u/s!AvUqD-bsZBOogaAbHgzQPF2_UBNZEQ?e=UrRa1G</A></P><P>&nbsp;</P><P>If this information does not help get the program whitelisted.. please let me know how to escalate this issue ASAP.&nbsp; Again, I can walk someone line by line through the source code step by step as needed. &nbsp; I would think you have my email and phone number already via my profile if needed.&nbsp; It is very important, for us to use this program to support remote workers, especially now with corvid 19 and more workers working remotely from their homes.</P><P>&nbsp;</P><P>Thank you</P><P>CPC</P> Wed, 04 Mar 2020 22:08:05 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314518#M1375 CantrellPC 2020-03-04T22:08:05Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314938#M1377 <P>Hello.</P><P>&nbsp;</P><P>We are rechecking this file on your request and I will update you.&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Fri, 06 Mar 2020 16:05:20 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/314938#M1377 hisingh 2020-03-06T16:05:20Z https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/315221#M1378 <P>Hello,</P><P>&nbsp;</P><P>The file is rechecked based on the information provided by you, we have marked this file as clean. I hope this helps.</P><P>&nbsp;</P><P>Best</P><P>&nbsp;</P> Mon, 09 Mar 2020 07:22:49 GMT https://live.paloaltonetworks.com/t5/virustotal/totalvirus-false-positive-ezhelp/m-p/315221#M1378 hisingh 2020-03-09T07:22:49Z