Read this article in: Chinese | French | German | Japanese | Spanish

What can I do, if TeamViewer Endpoint Protection detects legitimate applications or files

We’re constantly working in reducing false-positive reports to a minimum. However, some applications or files are reported as malware due to bad programming practices (e. g. applications that change the Master Boot Record, add registry entries, change system files without the user’s confirmation, or execute custom macros in office applications).

To identify and white-list such applications or files, we ask you to send us the detected file(s) as described below:

Note: These files will be used for malware analysis only and will be treated accordingly.

  1. Open the Policies tab under Remote Management --> Endpoint Protection board --> Manage Policies tab within the TeamViewer Management Console.
  2. Click on the policy that is assigned to the computer which sent the false-positive report and deactivate Real-time protection.
  3. Locate the file(s) on your drive.
    • Open the View Threat tab under Endpoint Protection board.
    • Click on the Threat name from the list.
    • Copy the path of the detected file(s).
    • Click the Restore from quarantine button.
  4. Add the detected file(s) to a zip file using a file compression software of your choice.
    • Password protect the zip file with the password "infected".
  5.  Create a ticket here and attach the zip file.
    1. Scroll down and click on "Submit a Ticket"
    2. Select "TeamViewer Remote Management" from the drop-down.
    3. Enter your e-mail address.
    4. Make sure to write “FALSE POSITIVE” in the subject field.
  6. Reactivate real-time protection.

After the analysis, we will inform you, if the file was declared clean and white-listed, or if it was used in a malicious manner.