FALSE POSITIVE: UltraVNC detected as 3 different malwares

CIS version 3.8.65951.477, signature version 1037, heuristics turned off.
UltraVNC version (a release candidate, but widely in use) falsely detected as malware. I emailed the files in question to malwaresubmit@avlab.comodo.com in a 7-zip archive with password ‘infected’. (Have to use 7-zip because of email policy restrictions – hopefully that’s not a problem.)

Files are:

UltraVNC-100-RC18-Setup.zip, which can be downloaded from:

This zip file contains UltraVNC-100-RC18-Setup.exe (installation program), detected as ApplicUnsaf.Win32.RemoteAdmin.WinVNC.c@5792461

After installation, these two files are falsely identified as malware:

winvnc.exe (installed executable) detected as Unclassified Malware@9245226
vnchooks.dll (installed dll) dected as Unclassified Malware@5807402

This is remote admin software, but it is not malicious. It is very commonly used for helpdesk remote admin tasks.

Screenshot attached.

[attachment deleted by admin]

Hi helixpip,

ApplicUnsaf/Application are detection are keywords used to term files as potentailly dangerous/unwanted application for which samples can been used by user withe their own risk.

We will modify the detection name for the samples you specified.
Thanks for your notification.

Thanks and Regards,

It’s understandable that some users would want to be alerted of remote admin software, and labeling theses correctly instead of simply as “unknown malware” is a good start. However, because the behavior of CIS antivirus is the same for known (or unknown) malware and useful utilities marked ApplicUnsaf, it doesn’t help my situation – I still get bugged. I can mark the file location as an exclusion, but that doesn’t help if I move it, copy it, rename it, have a copy in a zip file somewhere, encounter it over a network share, or on my USB thumb drive, which doesn’t always mount as the same drive letter.

Anyway, this is getting offtopic for false positives, so I’ve posted about it in the wish list:

Thanks for your help.