Hi - I’m trying to get started with this program, and the Win 64 install file is being flagged as containing Gen:Trojan.Heur.FU.UH3@aaWyeSgi. I see from other topics that this is a recurring issue.
Is this program based on a trojan? Is it functional on a regular basis? As it is, I can’t install it on my own system, much less think about installing it on my clients’ computers.
Thanks!
Hi @Hmcdaniel -
Keep in mind that this software allows remote control/viewing, scripts to be run, file access at an admin level, and many other things that would possibly also be found in a malicious app.
Compounding this is that it is not a program used by 10’s of millions of people, so a lot of AV (and even Microsoft) can sometimes be like “hey what’s this little software that we don’t really see at all on our client’s computers” and so they will sometimes flag.
Simple-Help also releases updates fairly regularly which means it’s a whole new executable with a different hash and a different reputation for all of the security vendors to see and figure out.
If you look through this forum you’ll see that many of us have been using the software successfully for many many years (I’m coming up on 10 years of use) to manage and support thousands of machines.
Lately we’ve seen AV getting more and more finicky about unknown software, so we (last month) set an exception in the policy for clients that allows the Simple-Help folder and executable as we saw some people get it quarantined by bitdefender.
The software works very well and has been very reliable for us.
I agree with your statement and we’ve used Simple-Help for years and we love it.
That being said it is critically important the developers find a way to make sure Simple-Help doesn’t present as malicious software. They need to make every effort to test new versions to make sure if they have an issue it is addressed before pushing an update and shutting down perfectly accessible client machines.
In our case we support clients all over the world and having a remote machine at a non-manned remote location disappear after an update can take thousands of dollars and many days to get back online.
Compliance sometimes restricts our ability to override or force policies. The one thing they normally will do is allow/restrict S-Help from communicating with anything other than our servers IP blocks.
I hear you, the issue is that a new executable is a new file. Even if it has the same certificate signing the software. Any way that they could find a way to keep it not present as malicious are exactly the same things that malware developers would do as well. So it’s a hard nut to crack (for developers and for companies trying to secure computers)
Security companies seem to go based on activity (and simple-help certainly acts suspicious), known software (they manually whitelist things like word/steam/chrome, but simple-help will never be that popular), and reputation (everytime you update it’s a brand new executable that there’s no history on, not to mention that it’s specific to you (different hash) because it has your server URLs baked into it)
Best you can do is lag behind in updates by a month or more, and roll out to test machines, or machines that are close by to see how it gets treated.
In almost 10 years we only had issues just in the last month of something quarantining Simple-Help
To add my sauce to this, i can also say that the recent months, the first time the past 6 years, Palo Alto Cortex or even their Firewalls dont like the .exe files.
Thankfully i can let the hash get whitelisted, just need to do this for ever patch 
Remote Support
Remote Access
Monitoring and Management
Presentation
Remote Work
Standard
Business
Enterprise