Hello Guest it is May 06, 2021, 06:50:48 AM

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - difalkner

Pages: 1
1
Mach4 General Discussion / Re: Mach4 build files infected?
« on: February 14, 2019, 08:46:17 PM »
That would be awesome if it works.  I may try it tomorrow.

David

2
Mach4 General Discussion / Re: Mach4 build files infected?
« on: February 10, 2019, 09:10:49 PM »
Yes, it would be nice if they would address their AV engine rather than having to put the Mach files in exclusion.  That means something 'real' can creep into that excluded folder and go undetected and that's not a good thing.

David

3
Mach4 General Discussion / Re: Mach4 build files infected?
« on: February 04, 2019, 06:03:17 PM »
Can't disagree with that, not at all.  But when it hits the immediate thought is 'my AV software is doing its job'.

Ah, well, Mach4 is in the exclusion list now so we'll just rock on!

David

4
Mach4 General Discussion / Re: Mach4 build files infected?
« on: February 02, 2019, 02:29:20 PM »
Sure - see below

I just have a hard time believing that no other user's AV hasn't flagged the files given that mine did and the Sandbox did.

But here's an update: my IT friend dove into the files and commented back to me this morning - "A couple of AV reference sources marked the file "lua52.exe" as malicious. Classified it as “Trojan.WisdomEyes.16070401.9500”. Since it’s checked against 50+ reference sources, my gut tells me it’s OK and is a false positive." Since Lua is the scripting language I would think this is ok, as well.

So we're back to where we started - false positive. Still odd that nobody else has seen this and that it has worked without a hitch for over two years, then all of a sudden everything associated with Mach4 shows as being Trojan and suspect.

Oh, well, it's working now so I'll leave it alone.

David

5
Mach4 General Discussion / Mach4 build files infected?
« on: February 01, 2019, 12:14:26 PM »
First post here though I visit for answers when I need them.  Here is a problem I just ran into -

Mach4 has been running fine ever since I built the CNC router a little over 2 years ago. A couple of days ago, at the end of running a short job, Mach4 froze on the very last line. I didn't think much of it, just figured it was a Windows 7 thing although it hasn't done this before.

I can't tell you which build I was running on Mach4 but it was probably way back around 4.2.0.3188, possibly 3196. It was working so I didn't see any reason to update it. I am running Windows 7 Home Premium and using Kaspersky Total Security, neither of which has given me any issue.

So I shut the CNC down, restarted the computer, and then restarted the CNC. When I tried to launch Mach4 I got trojan warnings from Kaspersky and it proceeded to delete the 'offending malware'. I went to the FTP site and downloaded several of the updates and tried to install one. Each one I downloaded came with a malware warning but I downloaded them anyway, figuring that Kaspersky and Mach4 have all of a sudden decided not to play nicely together.

I tried the install and it goes about 5% and then Kaspersky finds the Mach4 core dll file to be bad and deletes it. I tried several versions of the updates. I can disable Kaspersky and the install goes just fine and Mach4 starts and runs the CNC without issue. If I enable Kaspersky again and try to run Mach4 then errors and warnings start popping up again. Once that happens Mach4 will no longer run even if I disable Kaspersky again, I have to do the process over.

Kaspersky is updated with the latest database and is set to pretty much default settings except that I have auto updates disabled on it and on the computer. Windows Defender is disabled, as well. I use Dropbox for my files so this computer is connected to the Internet and will stay that way. I realize a lot of folks don't like the controller computer to be connected to the Internet but using Dropbox is the way I transfer files, don't want to use a thumb drive. I have the ability to disable Wi-Fi on this computer and it is often NOT connected when I'm running larger files with longer run times. For short jobs that only take a few minutes I leave it connected.

Well, now it gets interesting... I had an IT guru friend download one of the Hobby files from the Mach4 FTP site and run that file through a Sandbox to see what came back. He is in a different location than me and used his own gear to do this test so it wasn't connected or related to anything I gave him. The file was a 100% hit for a known malicious hash. Since two separate AV engines flagged the files I'm guessing the ArtSoft site has been compromised, at least the FTP page for the downloads.

Right now everything is working because I added the files and folders to the exclusion list in Kaspersky. But that's not very reassuring so I hope they know about it and do something about this.

David

Pages: 1