Our security software is not happen with what might be legitimate GotoMeeting updates. I am unable to find a web page here that lists the current file hashes (SHA256) in order to verify these files are legitimate???
Firewall information can be found here: https://support.logmeininc.com/gotowebinar/help/optimal-firewall-configuration-g2w060025
Release notes and updates will be found here: https://community.logmein.com/t5/GoToMeeting-News/bg-p/GoToMeeting-Release-Notes
Thanks, but none of those links have hashes of the executables. SHA256 hashes are what most antivirus tools are using and these need to be published for .EXE files that GotoMeeting pushes out. At this point your files are being flagged as malware/ransomware and being deleted by our security software -- or someone naming their malware similar to names used by GotoMeeting.
Other vendors publish hashes for their files... often they publish SHA1 and SHA256 so a receiver can verify the file was transmitted completely and has not been modified by a hacker on a mirror site.
We use Cylance, a next generation antivirus product that looks at the make up of the file to determine it is dangerous vs. relying on lists of bad things after a virus has run amuck on the internet. We do see occasional issues with the product flagging what is considered okay software, even though the code uses similar techniques as hackers who want to ransom our data.
Yes, the hashes are not static. Each time code is promoted to production the hashes should be created and posted for every program the company provides. Just about every other vendor who provides downloads for programs provides this so a person can verify the authenticity of a download as well as the integrity in case the download didn't complete successfully.
LogMeIn needs to provide the hashed values for all of its software as released. LogMeIn should have a software development process and part of that process should include updating a web page with filenames of programs and the SHA256 hash so customers can verify a file is legit.
LogMeIn continues to distribute new versions of their GotoWebinar software that causes the same issue...most likely a false positive, but without published SHA256 hashes our security stack will not allow these to run. I opened a ticket and got nowhere with vendor...is anyone listening here? Please, publish your programs with their SHA256 hashes so we can verify the software is actually from you!
We also use Cylance and as Eddie3 points out, we cannot whitelist this app. We have multiple terminal server farms running Cylance and we are stuck with using Chrome for the web-based GoToMeeting,
I engaged support by telephone and didn't make any progress with getting in touch with anyone who seems to understand the reasons why they should publish this information or even publish any info on their updates where I can find it. Oddly the issue may just impact whatever binaries they are sending to IE users -- I have seen this first hand this week. IE is the preferred browser based on our user community so the impact is large.
I agree, we also have the same problem with GoToWebinar and Cylance Antivirus. Cylance is blocking GoToWebinar in any form, even as a partial download it is analyzed and blocked as a malicious remote access tool, and whitelisting it is useless because the SHA256 hash constantly changes. Whitelisting the application for one user works and literally a day later, it will be blocked again for someone else.
LogMeIn, this problem is on you to resolve. YOU need to provide a method that Cylance can verify the application consistently and flag it as safe if necessary.