Eddie3
Active Contributor
Joined 8 years ago
User Profile
User Widgets
Contributions
Re: GotoMeeting Opener.exe antivirus false positive
Um, you are incorrect on the hash not changing for 6 months. The hash changes every time you download the file. As a paying customer for your products, I spent HOURS on the phone with various persons trying to get LogMeIn's attention LAST YEAR. I was told the product was designed to change the hash each time it was downloaded, but no one seemed to know WHY. I was told someone would call me back, but days, weeks, months later no one did. I resolved our drama by whitelisting programs signed by your company, but I held my nose doing it. Don't just take my word for it: Build a virtual machine running Windows and leave off any security software. Schedule a webinar on your regular PC and start the webinar on your regular PC. On the VM without ANY security softare, visit gotowebinar.com and join the webinar using the 9 digit code. Download the Goto Opener. Download the Goto Opener a second time. Calculate the hash for each file...you will see they are DIFFERENT each time you download. certutil -hashfile "GoToWebinar Opener-1.exe" SHA1 SHA1 hash of GoToWebinar Opener-1.exe: 8c8697d3a2b7a4676df065040992bcfa5ed9670f certutil -hashfile "GoToWebinar Opener-2.exe" SHA1 SHA1 hash of GoToWebinar Opener -2.exe: 753328e7eb829df3a99b7d20f378882e73f3b9f1 CertUtil: -hashfile command completed successfully.7.2KViews0likes1CommentRe: GotoMeeting Opener.exe antivirus false positive
Our experience has been the hash changes each time you download the file so it is not possible to take any action due to the poor design of the application. ANY other application that was flagged as being bad by antivirus could have the hash shared by the vendor and then you could whitelist it. One would THINK you could install the MSI installer and then use the app installed to join a meeting by ID, but it still insists on shoving the opener program on you. Options I know about: You whitelist the software by its certificate in your AV solution if you trust LogMeIn to not be compromised by a bad actor who infects their software to attack you by way of a trojan. Use the Chrome option to attend Locate the confirmation email Right click on the join webinar button and copy the hyperlink Add the parameter ?clientType=html5 to the end of the join URL from Step 2 Copy the entire new URL with the newly added parameter Paste the new join URL in Chrome to join through the web browser7.5KViews0likes9CommentsRe: MSI Documentation Clarification "...locked down environments..."
Support confirmed this verbiage references antivirus or firewall rules that might be configured in such as a way to control execution of their software. What I thought it might mean, but they do not offer the info in the documentation.704Views0likes0CommentsMSI Documentation Clarification "...locked down environments..."
I am looking clarification on what LogMeIn means by the statement "...locked down enviroments..." in the MSI documentation.At first glance you might think this refers to "administrative rights" on the Windows platform, but the documentgoes on to say the G2MPERFORMAVC setting only applies to per-user automatic updates. The way GotoMeeting installs on the per user side, it does not need admin rights...Solved759Views0likes1CommentSPF Record Incorrect
I tried to reach someone at LogMeIn, but have given up...maybe someone here has the ability to let their IT team know their SPF setup is not correct.Not only is the SPF record incorrect, the person setting up the SPF record has used the "-all" syntax that tells the world that LogMeIn is REALLY SURE it is right. So these are "hard" fails...the worst to have. The IP address of one of their servers is missing from SPF...this needs to be fixed if they want emails to be delivered to those of us who take security seriously... Server Missing from SPF: Received: from o27.logmeininc.com (o27.logmeininc.com [168.245.49.54]) SPF Record as of 4/20/2020 at 10AM v=spf1 mx:3amlabs.com ip4:69.25.20.1 ip4:74.201.74.1 ip4:64.74.18.1 ip4:64.94.46.1 ip4:63.251.47.1 ip4:111.221.57.0/24 ip4:64.95.128.1 ip4:63.254.155.123 ip4:74.112.65.204 ip4:74.112.65.210 ip4:167.89.58.109 ip4:173.199.30.10 ip4:91.82.95.146 ip4:207.106.191.64/26 ip4:216.219.114.10 ip4:168.245.77.74 ip4:167.89.58.180 include:_spf.salesforce.com include:spf-001a0901.pphosted.com include:spf.protection.outlook.com include:stspg-customer.com include:mailsenders.netsuite.com -all693Views0likes0Comments