Symantec Dameware False Positive

“Symantec Security Response will post another set of LiveUpdate virus definitions today, 09/16/2009 at approximately 3PM Pacific. This posting is in response to a false positive (FP) on the ‘Dameware Remote Administration’ application. This FP was first released in definitions with version 20090915 rev.038 (Sequence 100395) IU. The detection has been corrected starting 20090916 rev.025 (Sequence 100419).”


  1. I have seen other remote administration tools detected previously as “hacker tools” or similar. e.g. psexec. How does an AV vendor decide which tools to include/ignore? It seems many tools can potentially be used for different purposes. Obviously doesn’t make the vendor of the included tool happy.

  2. I work for a huge OEM, and we ship a lot of software with our unit, especially for the end-user market.
    Every few months we are hit by some sort of False Positive like this, and it generates support calls like you would not believe.
    D’you think Symantec (or whatever AV vendor) pics up that tab? Me neither.

Comments are closed.