Hello there everyone,

We recently updated our entire office to KAV BO WinWork v5.0.676 from v5.0.228 (uninstalled all KAV products and reinstalled them).

The settings from the admin console are being applied on each client but our old mask for VNC is not working anymore and we cannot access any computers remotely (KAV is stopping VNC from working).

The mask we are using is as follows:


The full threat is as follows:


This is causing a big problem for us, we are attracting some unwanted attention.

I tried changing the object to a * but that did not work either.

Thank you,

Admin anxious to fix this issue...

Try to exclude as below.

Object : C:\Program Files\RealVNC\VNC4\winvnc4.exe
Threat: not-a-virus:RemoteAdmin.*

Object: C:\Program Files\RealVNC\VNC4\wm_hooks.dll
Threat: not-a-virus:RemoteAdmin.*

Thank you for the reply,

We are using TightVNC so it is a different path. We also have different configurations at different locations due to the rollout configurations.

I want to disable all VNC threats from being detected. I would rather not have to put in a few entries for each separate configuration (would take a long time).

My disappointment lies with the fact that this mask was working with 5.0.228, but not working with 5.0.676. Are the symantecs used to exclude threats changing between versions? If so, then why?

I did try your suggestion and it did work however it requires a lot of maintenence that we did not have to do prior to the update. I have over 50 separate configurations that I have to administrate so having 2 lines per configuration is 100 lines; 99 more than I had to have with the previous version.

Thanks again for your reply, I appreciate the input.

it is, i believe, a known problem that i believe exist in all version of kav5, but it is more visible only in builds after the build 5.0.391, where few things ware changed in the way user interacts with detected objects (detection reporting). see my report #3 at http://forum.kaspersky.com/index.php?act=S...t=0#entry156774 for the latest beta of kav 5.0.712. i don't understand why developers seem to ignore this problem

from my tests kav6 does not have this problem, so it might be smart for you to start beta test it now, for a smooth move to it later when it comes out...

Thank you for the reply.

I am a bit dissappointed that this is not fixed with an application update as it points to an issue with the actual scanning and settings implementation itself. Like a problem with the structure of a building. Give Kaspersky a bad name (don't know how to use their own exclusions correctly).

I searched the forums for this answer many times but did not come by the post you provided a link for. Thanks for the responce, eventhough I cannot fix the issue, this gives me some closure and expectations for the next version.

I am beta testing KAV 6.0 on my personal WinXP x64 workstation with bad results. The service keeps dying an leaving my machine unprotected. This is unfortunet as Symantec, McAfee, AVG, AVAST, and Trend all have anti-virus that works on x64 without these issues. I will be posting this info in the correct forums as well.

Thanks again!

if your using KAV 6.0
object: (try to add the VNC application)
verdicts: not-a-virus:RemoteAdmin.*

He clearly stated he uses 5.0.676 and 6.0 is not out yet.

regardless of what version.
object: (try to add the VNC application)
verdicts/mask: not-a-virus:RemoteAdmin.*

apparently for kav 5 you need to add the exclusion for running process too.
it should popup during the real time protection and an option for excluding should be available. It will probably look like this, except the pid will be a number , this has to be replaced with *:

Object: notepad.exe [pid:*]\notepad.exe
Threat: not-a-virus:notepad.app

I'm having the same (or similar) problem with KAV 6.0.0.33. Every time I boot up it detects vnchooks.dll. Each time I add it to my exclusion list. The list keeps growing with identical listings. Each entry appears as follows:

C:\PROGRAM FILES\TIGHTVNC\VNCHOOKS.DLL not-a-virus:RemoteAdmin.Win32.WinVNC.1370

I have already done all the suggestions listed above with no relief. As an example, I have tried:

C:\PROGRAM FILES\TIGHTVNC\VNCHOOKS.DLL not-a-virus:RemoteAdmin.*

C:\PROGRAM FILES\TIGHTVNC\WinVNC.exe not-a-virus:RemoteAdmin.*

plus many other variations. Any help would be much appreciated.

don't forget to 'lockdown' on all threats and exclusions lists and trusted processes with the little padlock icon. I forgot this one and it was giving me the right hump

Leave the content of the field "object" blank and enter the following mask *WinVNC* in the verdicts/mask field.

In this way, the exclusion will be apply to all drives of the computer.