Forum Discussion

jonathandl's avatar
jonathandl
Active Contributor
5 years ago

GotoMeeting Opener.exe antivirus false positive

Hello.

 

When I was recently invited to a GotoMeeting I was prompted to download a GotoMeeting Opener.exe file.  As part of security best-practices I upload any executable file even from reputable sources to either viruscan.jotti.org or virustotal.com.

 

When I uploaded the GotoMeeting Opener to VirusTotal, 2/72 antivirus engines report the program is infected:  Antiy-AVL reports it is infected by Trojan/Win32.Tiggre, and CyLance reports it is unsafe.

 

Here is a permalink to the VirusTotal results:

https://www.virustotal.com/gui/file/f37bfb2d2a12fbfbce988c1f0a7722e9a20e40d1b8a0a942a57a0490ed353356/detection

 

Assuming this is a false-positive detection, can somebody from the company please report this to the 2 antivirus vendors in question?  You should be able to reproduce this problem by uploading your own software to virustotal.com.

 

Thank you.

  • AshC's avatar
    AshC
    5 years ago

    Hello,

    We believe that Cyclance is using a variation of the Windows executable format that may not be the industry standard, and thus causing this confusion.  The hash of our signed GoTo Opener exe should only change every 6 months or so.

     

    What I would suggest doing is filing a report with Cyclance support to see what can be done from their side of things.

    • Eddie3's avatar
      Eddie3
      Active Contributor
      5 years ago

      Our experience has been the hash changes each time you download the file so it is not possible to take any action due to the poor design of the application.   ANY other application that was flagged as being bad by antivirus could have the hash shared by the vendor and then you could whitelist it.  One would THINK you could install the MSI installer and then use the app installed to join a meeting by ID, but it still insists on shoving the opener program on you.

       

      Options I know about:

      1. You whitelist the software by its certificate in your AV solution if you trust LogMeIn to not be compromised by a bad actor who infects their software to attack you by way of a trojan.  
      2. Use the Chrome option to attend
        1. Locate the confirmation email
        2. Right click on the join webinar button and copy the hyperlink
        3.  Add the parameter ?clientType=html5 to the end of the join URL from Step 2
        4. Copy the entire new URL with the newly added parameter
        5. Paste the new join URL in Chrome to join through the web browser
      • jonathandl's avatar
        jonathandl
        Active Contributor
        5 years ago

        Thank you your reply.  I have no problem opening the app, so there is no need for me to whitelist it... my point was simply to make LogMeIn aware that one of the VirusTotal scanners is detecting their program as suspicious, so they can take appropriate corrective action (either by fixing their software or telling the antivirus vendor to fix the detection).