False Positive DameWare

The software detects Dameware as a threat. On a corporate
network, dameware is a valid tool used by us
administrators.

Thanks - this IS the group to report false positives in. A bit more detail
would be useful, if possible, product versions, or what it is detected as,
perhaps?

In this case, I'm guessing that this is a remote control package which is,
of course, a two-edged sword. Is the description you see of the threat
appropriate? Feedback about those descriptions is likely to be helpful, I'd
think.

"Jay G." <Jgetz@intralinkinc.com> wrote in message
news:101a01c4f42b$7e418250$a601280a@phx.gbl...
> The software detects Dameware as a threat. On a corporate
> network, dameware is a valid tool used by us
> administrators.
>

it is set at default to ignore. and if u read the
description it says that it detected that it may have
been installed by an administrator and should be left on
the computer. its good to read things before u start
deleteing them or anything.
>-----Original Message-----
>Thanks - this IS the group to report false positives
in. A bit more detail
>would be useful, if possible, product versions, or what
it is detected as,
>perhaps?
>
>In this case, I'm guessing that this is a remote control
package which is,
>of course, a two-edged sword. Is the description you
see of the threat
>appropriate? Feedback about those descriptions is
likely to be helpful, I'd
>think.
>
>"Jay G." <Jgetz@intralinkinc.com> wrote in message
>news:101a01c4f42b$7e418250$a601280a@phx.gbl...
>> The software detects Dameware as a threat. On a
corporate
>> network, dameware is a valid tool used by us
>> administrators.
>>
>
>
>.
>

It sounds like the default is appropriate.

I'm pleased that any RAT (Remote Administration Tool) is detected, since
these things historically have been abused.

I'm sure that if/when these tools are packaged for enterprise use, the admin
will have control of how such tools are listed.

<anonymous@discussions.microsoft.com> wrote in message
news:0bfd01c4f451$3bf1fee0$a401280a@phx.gbl...
> it is set at default to ignore. and if u read the
> description it says that it detected that it may have
> been installed by an administrator and should be left on
> the computer. its good to read things before u start
> deleteing them or anything.
>>-----Original Message-----
>>Thanks - this IS the group to report false positives
> in. A bit more detail
>>would be useful, if possible, product versions, or what
> it is detected as,
>>perhaps?
>>
>>In this case, I'm guessing that this is a remote control
> package which is,
>>of course, a two-edged sword. Is the description you
> see of the threat
>>appropriate? Feedback about those descriptions is
> likely to be helpful, I'd
>>think.
>>
>>"Jay G." <Jgetz@intralinkinc.com> wrote in message
>>news:101a01c4f42b$7e418250$a601280a@phx.gbl...
>>> The software detects Dameware as a threat. On a
> corporate
>>> network, dameware is a valid tool used by us
>>> administrators.
>>>
>>
>>
>>.
>>

Every antitrojan or antispyware I know of detects dameware as a "Possible"
risk

It is well known as being capable of being used as a bad tool in the open
rather than as intended as a corporate tool


"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:t%23tpN5F9EHA.1584@cpmsftngsa06.privatenews.microsoft.com...
> It sounds like the default is appropriate.
>
> I'm pleased that any RAT (Remote Administration Tool) is detected, since
> these things historically have been abused.
>
> I'm sure that if/when these tools are packaged for enterprise use, the
> admin will have control of how such tools are listed.
>
> <anonymous@discussions.microsoft.com> wrote in message
> news:0bfd01c4f451$3bf1fee0$a401280a@phx.gbl...
>> it is set at default to ignore. and if u read the
>> description it says that it detected that it may have
>> been installed by an administrator and should be left on
>> the computer. its good to read things before u start
>> deleteing them or anything.
>>>-----Original Message-----
>>>Thanks - this IS the group to report false positives
>> in. A bit more detail
>>>would be useful, if possible, product versions, or what
>> it is detected as,
>>>perhaps?
>>>
>>>In this case, I'm guessing that this is a remote control
>> package which is,
>>>of course, a two-edged sword. Is the description you
>> see of the threat
>>>appropriate? Feedback about those descriptions is
>> likely to be helpful, I'd
>>>think.
>>>
>>>"Jay G." <Jgetz@intralinkinc.com> wrote in message
>>>news:101a01c4f42b$7e418250$a601280a@phx.gbl...
>>>> The software detects Dameware as a threat. On a
>> corporate
>>>> network, dameware is a valid tool used by us
>>>> administrators.
>>>>
>>>
>>>
>>>.
>>>
>
>

I agree with most of the comments about Remote Controls.
However, not all Remote Controls are detected. Since all
remote controls can be misused shouldn't they all be
detected?

It is very suspicious that a few escape the detection. In
particular when many of the detected Remote Controls are
either free or have a reasonable fee and license
agreement and in most cases work better.

Microsoft should not try to control the market place by
being selective on detection when offering a service such
as an Anti-Spyware service.



>-----Original Message-----
>Every antitrojan or antispyware I know of detects
dameware as a "Possible"
>risk
>
>It is well known as being capable of being used as a bad
tool in the open
>rather than as intended as a corporate tool
>
>
>"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org>
wrote in message
>news:t%
23tpN5F9EHA.1584@cpmsftngsa06.privatenews.microsoft.com...
>> It sounds like the default is appropriate.
>>
>> I'm pleased that any RAT (Remote Administration Tool)
is detected, since
>> these things historically have been abused.
>>
>> I'm sure that if/when these tools are packaged for
enterprise use, the
>> admin will have control of how such tools are listed.
>>
>> <anonymous@discussions.microsoft.com> wrote in message
>> news:0bfd01c4f451$3bf1fee0$a401280a@phx.gbl...
>>> it is set at default to ignore. and if u read the
>>> description it says that it detected that it may have
>>> been installed by an administrator and should be left
on
>>> the computer. its good to read things before u start
>>> deleteing them or anything.
>>>>-----Original Message-----
>>>>Thanks - this IS the group to report false positives
>>> in. A bit more detail
>>>>would be useful, if possible, product versions, or
what
>>> it is detected as,
>>>>perhaps?
>>>>
>>>>In this case, I'm guessing that this is a remote
control
>>> package which is,
>>>>of course, a two-edged sword. Is the description you
>>> see of the threat
>>>>appropriate? Feedback about those descriptions is
>>> likely to be helpful, I'd
>>>>think.
>>>>
>>>>"Jay G." <Jgetz@intralinkinc.com> wrote in message
>>>>news:101a01c4f42b$7e418250$a601280a@phx.gbl...
>>>>> The software detects Dameware as a threat. On a
>>> corporate
>>>>> network, dameware is a valid tool used by us
>>>>> administrators.
>>>>>
>>>>
>>>>
>>>>.
>>>>
>>
>>
>
>
>.
>

Specifics? What remote controls aren't detected and should be?

Submit a suspected spyware report from a machine with such a remote control
installed and tell them about it.


<anonymous@discussions.microsoft.com> wrote in message
news:114b01c4f5b7$9a033be0$a301280a@phx.gbl...
>I agree with most of the comments about Remote Controls.
> However, not all Remote Controls are detected. Since all
> remote controls can be misused shouldn't they all be
> detected?
>
> It is very suspicious that a few escape the detection. In
> particular when many of the detected Remote Controls are
> either free or have a reasonable fee and license
> agreement and in most cases work better.
>
> Microsoft should not try to control the market place by
> being selective on detection when offering a service such
> as an Anti-Spyware service.
>
>
>
>>-----Original Message-----
>>Every antitrojan or antispyware I know of detects
> dameware as a "Possible"
>>risk
>>
>>It is well known as being capable of being used as a bad
> tool in the open
>>rather than as intended as a corporate tool
>>
>>
>>"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org>
> wrote in message
>>news:t%
> 23tpN5F9EHA.1584@cpmsftngsa06.privatenews.microsoft.com...
>>> It sounds like the default is appropriate.
>>>
>>> I'm pleased that any RAT (Remote Administration Tool)
> is detected, since
>>> these things historically have been abused.
>>>
>>> I'm sure that if/when these tools are packaged for
> enterprise use, the
>>> admin will have control of how such tools are listed.
>>>
>>> <anonymous@discussions.microsoft.com> wrote in message
>>> news:0bfd01c4f451$3bf1fee0$a401280a@phx.gbl...
>>>> it is set at default to ignore. and if u read the
>>>> description it says that it detected that it may have
>>>> been installed by an administrator and should be left
> on
>>>> the computer. its good to read things before u start
>>>> deleteing them or anything.
>>>>>-----Original Message-----
>>>>>Thanks - this IS the group to report false positives
>>>> in. A bit more detail
>>>>>would be useful, if possible, product versions, or
> what
>>>> it is detected as,
>>>>>perhaps?
>>>>>
>>>>>In this case, I'm guessing that this is a remote
> control
>>>> package which is,
>>>>>of course, a two-edged sword. Is the description you
>>>> see of the threat
>>>>>appropriate? Feedback about those descriptions is
>>>> likely to be helpful, I'd
>>>>>think.
>>>>>
>>>>>"Jay G." <Jgetz@intralinkinc.com> wrote in message
>>>>>news:101a01c4f42b$7e418250$a601280a@phx.gbl...
>>>>>> The software detects Dameware as a threat. On a
>>>> corporate
>>>>>> network, dameware is a valid tool used by us
>>>>>> administrators.
>>>>>>
>>>>>
>>>>>
>>>>>.
>>>>>
>>>
>>>
>>
>>
>>.
>>

>>Specifics?

Microsoft SMS Remote Control
Symantec pcAnywhere both light and normal install.

>>What remote controls aren't detected and should be?

You should read Microsoft's "Criteria for detection as
spyware"
http://support.microsoft.com/kb/892340
all remote controls falls within these criterias.


>>Submit a suspected spyware report
>>from a machine with such a remote
>>control installed and tell them about it.

No report is needed, they are simply NOT detected.



>-----Original Message-----
>Specifics? What remote controls aren't detected and
should be?
>
>Submit a suspected spyware report from a machine with
such a remote control
>installed and tell them about it.
>
>
><anonymous@discussions.microsoft.com> wrote in message
>news:114b01c4f5b7$9a033be0$a301280a@phx.gbl...
>>I agree with most of the comments about Remote Controls.
>> However, not all Remote Controls are detected. Since
all
>> remote controls can be misused shouldn't they all be
>> detected?
>>
>> It is very suspicious that a few escape the detection.
In
>> particular when many of the detected Remote Controls
are
>> either free or have a reasonable fee and license
>> agreement and in most cases work better.
>>
>> Microsoft should not try to control the market place by
>> being selective on detection when offering a service
such
>> as an Anti-Spyware service.
>>
>>
>>
>>>-----Original Message-----
>>>Every antitrojan or antispyware I know of detects
>> dameware as a "Possible"
>>>risk
>>>
>>>It is well known as being capable of being used as a
bad
>> tool in the open
>>>rather than as intended as a corporate tool
>>>
>>>
>>>"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org>
>> wrote in message
>>>news:t%
>>
23tpN5F9EHA.1584@cpmsftngsa06.privatenews.microsoft.com...
>>>> It sounds like the default is appropriate.
>>>>
>>>> I'm pleased that any RAT (Remote Administration Tool)
>> is detected, since
>>>> these things historically have been abused.
>>>>
>>>> I'm sure that if/when these tools are packaged for
>> enterprise use, the
>>>> admin will have control of how such tools are listed.
>>>>
>>>> <anonymous@discussions.microsoft.com> wrote in
message
>>>> news:0bfd01c4f451$3bf1fee0$a401280a@phx.gbl...
>>>>> it is set at default to ignore. and if u read the
>>>>> description it says that it detected that it may
have
>>>>> been installed by an administrator and should be
left
>> on
>>>>> the computer. its good to read things before u
start
>>>>> deleteing them or anything.
>>>>>>-----Original Message-----
>>>>>>Thanks - this IS the group to report false positives
>>>>> in. A bit more detail
>>>>>>would be useful, if possible, product versions, or
>> what
>>>>> it is detected as,
>>>>>>perhaps?
>>>>>>
>>>>>>In this case, I'm guessing that this is a remote
>> control
>>>>> package which is,
>>>>>>of course, a two-edged sword. Is the description
you
>>>>> see of the threat
>>>>>>appropriate? Feedback about those descriptions is
>>>>> likely to be helpful, I'd
>>>>>>think.
>>>>>>
>>>>>>"Jay G." <Jgetz@intralinkinc.com> wrote in message
>>>>>>news:101a01c4f42b$7e418250$a601280a@phx.gbl...
>>>>>>> The software detects Dameware as a threat. On a
>>>>> corporate
>>>>>>> network, dameware is a valid tool used by us
>>>>>>> administrators.
>>>>>>>
>>>>>>
>>>>>>
>>>>>>.
>>>>>>
>>>>
>>>>
>>>
>>>
>>>.
>>>
>
>
>.
>

I agree that they should be reported.

It would help if folks with machines with these installed would submit
suspected spyware reports and describe the issue.

Thats one way to bring the issue to Microsoft's attention.


<anonymous@discussions.microsoft.com> wrote in message
news:14da01c4f6c9$4d67bc80$a301280a@phx.gbl...
>
>>>Specifics?
>
> Microsoft SMS Remote Control
> Symantec pcAnywhere both light and normal install.
>
>>>What remote controls aren't detected and should be?
>
> You should read Microsoft's "Criteria for detection as
> spyware"
> http://support.microsoft.com/kb/892340
> all remote controls falls within these criterias.
>
>
>>>Submit a suspected spyware report
>>>from a machine with such a remote
>>>control installed and tell them about it.
>
> No report is needed, they are simply NOT detected.
>
>
>
>>-----Original Message-----
>>Specifics? What remote controls aren't detected and
> should be?
>>
>>Submit a suspected spyware report from a machine with
> such a remote control
>>installed and tell them about it.
>>
>>
>><anonymous@discussions.microsoft.com> wrote in message
>>news:114b01c4f5b7$9a033be0$a301280a@phx.gbl...
>>>I agree with most of the comments about Remote Controls.
>>> However, not all Remote Controls are detected. Since
> all
>>> remote controls can be misused shouldn't they all be
>>> detected?
>>>
>>> It is very suspicious that a few escape the detection.
> In
>>> particular when many of the detected Remote Controls
> are
>>> either free or have a reasonable fee and license
>>> agreement and in most cases work better.
>>>
>>> Microsoft should not try to control the market place by
>>> being selective on detection when offering a service
> such
>>> as an Anti-Spyware service.
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>Every antitrojan or antispyware I know of detects
>>> dameware as a "Possible"
>>>>risk
>>>>
>>>>It is well known as being capable of being used as a
> bad
>>> tool in the open
>>>>rather than as intended as a corporate tool
>>>>
>>>>
>>>>"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org>
>>> wrote in message
>>>>news:t%
>>>
> 23tpN5F9EHA.1584@cpmsftngsa06.privatenews.microsoft.com...
>>>>> It sounds like the default is appropriate.
>>>>>
>>>>> I'm pleased that any RAT (Remote Administration Tool)
>>> is detected, since
>>>>> these things historically have been abused.
>>>>>
>>>>> I'm sure that if/when these tools are packaged for
>>> enterprise use, the
>>>>> admin will have control of how such tools are listed.
>>>>>
>>>>> <anonymous@discussions.microsoft.com> wrote in
> message
>>>>> news:0bfd01c4f451$3bf1fee0$a401280a@phx.gbl...
>>>>>> it is set at default to ignore. and if u read the
>>>>>> description it says that it detected that it may
> have
>>>>>> been installed by an administrator and should be
> left
>>> on
>>>>>> the computer. its good to read things before u
> start
>>>>>> deleteing them or anything.
>>>>>>>-----Original Message-----
>>>>>>>Thanks - this IS the group to report false positives
>>>>>> in. A bit more detail
>>>>>>>would be useful, if possible, product versions, or
>>> what
>>>>>> it is detected as,
>>>>>>>perhaps?
>>>>>>>
>>>>>>>In this case, I'm guessing that this is a remote
>>> control
>>>>>> package which is,
>>>>>>>of course, a two-edged sword. Is the description
> you
>>>>>> see of the threat
>>>>>>>appropriate? Feedback about those descriptions is
>>>>>> likely to be helpful, I'd
>>>>>>>think.
>>>>>>>
>>>>>>>"Jay G." <Jgetz@intralinkinc.com> wrote in message
>>>>>>>news:101a01c4f42b$7e418250$a601280a@phx.gbl...
>>>>>>>> The software detects Dameware as a threat. On a
>>>>>> corporate
>>>>>>>> network, dameware is a valid tool used by us
>>>>>>>> administrators.
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>.
>>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>.
>>>>
>>
>>
>>.
>>