RailMaster Setup file - HackTool:Win32/RemoteAdmin!MTB concerns

[gilbo2]

Over the holidays I decided to switch to Microsoft Defender. Immediately it has taken a dislike to the RailMaster setup file for 1.74 Rev 5 and flags up a threat "HackTool:Win32/RemoteAdmin!MTB" which I've had to "allow", (also touched on in This thread ).

Defender now nags me every day that a Hack threat still exists even though its "allowed". I could just delete the setup file although I do like to keep copies to return to if problems with a future update.

Is it just me, but I feel quite uncomfortable in this day and age that the RM Setup file has had this added to it in the first place. It's not right is it?

[Britannia Builder]

I completely agree with you, I had the same problem with Defender and the 'hacktool' in the thread that you linked to. Defender is absolutely right to keep objecting to it. RM should at the very least offer the option of an installation without this component. They should also host their downloads on an HTTPS server. Even I now have a secure server for my personal britanniabuilder.com website - it came as part of the hosting package.

Regards, John

[P-Henny]

The RM software includes code that allows HRMS to login remotely (with users permission). This legitimate code triggers the "Hack Tool" detection in AV software as the code is, of course, also in the installer. To the best of my knowledge, the remote access code has been included in RM for years and is not a recent addition.

96RAF has previously stated after he consulted with HRMS that HRMS told him that they have approached Microsoft (MS) to get Railmaster approved by MS, but got nowhere going down that road.

The "Hack Tool" AV trigger is a "False Positive" and with the current version of RM a 'fact of life' that we are expected to work around.

I too keep historic version files. I just add an exception to my AV software to ignore the folder they are saved in. I don't use 'Win Defender', but I would assume a similar ignore settings option exists to stop it keep niggling you. My RM Installer Archive Folder is completely ignored by my AV on a permanent basis.

[gilbo2]

My preference though is for the Hacktool code element to be removed from the distribution file and only made available via a download link if ever remote access is needed. I seem to recall from years back that's how it worked, but maybe wrong. Currently, if I believe Defender, my system is exposed as I've allowed it so others could now exploit it. All too uncomfortable, yet the distribution files from years back didn't get flagged up, but yes, we've always had the separate "Publisher Unknown" flag which I believe is what 96RAF refers to.

[96RAF]

I read on another forum that if the PC is operating in S mode it will block such downloads. To disable this block simply follow the instructions found by googling the S mode question. One of my Win 10 PCs has no problem downloading RM updates, but the other does lead me a merry dance to fetch it. The easy one has S mode disabled according to the guide, but I have yet to try the disable on the other PC, as I keep forgetting to do it - old age.

From google it was ....

Switching out of S mode in Windows 10:

1. On your PC running Windows 10 in S mode, open Settings  > Update & Security  > Activation.
2. Find the Switch to Windows 10 Home or Switch to Windows 10 Pro section, then select the Go to the Store link.
3. Note: Don't select the link under Upgrade your edition of Windows. That's a different process that will keep you in S mode.
4. On the page that appears in Microsoft Store (Switch out of S mode or a similar page), select the Get button. After you confirm this action, you'll be able to install apps from outside Microsoft Store.

[gilbo2]

Thanks @96RAF, in my case I'm not in S Mode as you would be restricted to only downloading Microsoft store programs I believe. No good for RailMaster wink

[96RAF]

That is the whole idea of disabling S mode so that other apps like RM can be downloaded without having to jump thru' impossible hoops.

[Augustus Caesar]

A slightly late response but something worth adding maybe to Windows S Mode for the curious...

A lot of PC's or laptops are being sold these days with Windows S Mode activated from the off. Microsoft say this version of Windows is for those with security in mind. In my mind this is purely a small gimmick from Micorsoft as the mode, as already stated above, only allows apps to be downloaded and installed from the Microsoft Store. The second point is that S mode will only allow you to use Microsoft Edge as your browser. You cannot install and run the likes of Firefox, Safari, Opera or any other commercial or free browser product.

A further point is that once you decide to come out of S mode, say to download and install Firefox for example, then you CANNOT go back to S mode. Once you are out of it you are out of it. The only way back is to reinstall Windows.

If you are running this mode in Windows 10 and want to upgrade to Windows 11 you can in S mode and then into Standard Windows mode afterward. Again, there is no going back. This can only be done in the Home version too as the Pro version does not allow the change.