Author Topic: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!  (Read 1640 times)

0 Members and 1 Guest are viewing this topic.

Offline dzalf

  • Newbie
  • *
  • Posts: 8
Guys

I am basically posting here a little rant on what the PUPs engine did to my lab equipment this morning.

I was upgrading the firmware of the pump when suddenly a pop-up window from Avast detected that the process being executed by idex_prog.exe could be a Potentially Unwanted Program (PUP).

I flagged the file as trusted however the uploading process cut-off and the firmware of the pump was corrupted during transfer.

All because of a paranoid application that I didn't even enable myself! Please DISABLE IT BY DEFAULT!!!!

I KNOW that I should have disabled the AV protection before the upgrade but I simply didn't thought of it at that moment.

Please be aware of a feature that could screw you up badly.

AVAST: What can you say on this respect? Now I must try to unbrick a piece of shared equipment from our biotechnology lab or pay for something that YOUR software did.  >:(

I am REALLY disappointed of you guys

dzalf

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36728
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #1 on: August 05, 2019, 07:06:48 PM »
False positives happens to all security programs, no security program have 100% detection or zero false positives


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438


« Last Edit: August 05, 2019, 07:08:24 PM by Pondus »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83521
  • No support PMs thanks
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #2 on: August 05, 2019, 07:31:21 PM »
I'm not sure what shield did the detection.

Scanning for PUPs is/was meant to be off by default, it certainly is/was on my systems.
However Off is possibly not the right determination as it would appear to be set to Ask by default (a change from past default settings), which it would appear to have done on your system. 

On my XP system with Avast Free 18.5.xxxx that installation still has the old settings were PUP scanning is disabled by default.

Not much joy for you, but I would certainly consider setting PUP scanning to Ignore potentially unwanted programs.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.541/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline dzalf

  • Newbie
  • *
  • Posts: 8
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #3 on: August 05, 2019, 07:36:32 PM »
False positives happens to all security programs, no security program have 100% detection or zero false positives


Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

Dear Pondus

Thanks for your reply.

In fact after the file was submitted to Avast for inspection another pop-up emerged (2 minutes after or so) saying that the file was analysed an did not represent a threat. Too late! The transfer had already failed  >:(

The main issue is that I was dealing with delicate hardware at the time the PUP function was self-activated. This should NOT happen under any circumstances when upgrading firmware of any type of equipment and PUP should be an optional feature when installing the software

Once again. I admit that I should have disabled all the shields from Avast however PUP should be OPTIONAL in my opinion.

I am seriously considering of quitting Avast for good after this. I usually work with RS232 protocols and "suspicious" software on different equipment and this is the first time that this has ever happened to me.

I am NOT interested on reporting the file as a false positive since I am certain of its authenticity and functionality. The main problem here is that an unsolicited action from the antivirus has bricked an expensive piece of equipment and it's ME who must assume the responsibility and fix it no matter how long (or how much) it takes/costs (accepting the fact that Avast will not help me in any way, shape or form)

Sad. Really sad :(

dzalf

Offline dzalf

  • Newbie
  • *
  • Posts: 8
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #4 on: August 05, 2019, 07:56:02 PM »
I'm not sure what shield did the detection.

Scanning for PUPs is/was meant to be off by default, it certainly is/was on my systems.
However Off is possibly not the right determination as it would appear to be set to Ask by default (a change from past default settings), which it would appear to have done on your system. 

On my XP system with Avast Free 18.5.xxxx that installation still has the old settings were PUP scanning is disabled by default.

Not much joy for you, but I would certainly consider setting PUP scanning to Ignore potentially unwanted programs.

Dear DavidR

I actually already disabled it and for the record is the FIRST time that I touch the setting on my installation which means it was set as default  :(

Indeed. No much joy...if any. I am in touch with the technical support from Ismatech but is highly possible that I will have to send the unit back for factory reprogramming.

A very simple upgrade that was supposed to be done within 2 minutes is gonna cost me and take weeks. You might imagine how my colleagues are looking at me right now in the lab after this, right?

dzalf

Offline dzalf

  • Newbie
  • *
  • Posts: 8
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #5 on: August 07, 2019, 04:22:59 PM »
So it's happening RIGHT NOW: I am uninstalling Avast for good and saying goodbye to them for who knows how long.

Perhaps I might reconsider going back if they are serious enough to give me some sort of response but that is NOT likely to happen.

Still technical support from Ismatec are dealing with my case

If you are interested on knowing how this story ends give me some time to sort it out and I'll post the outcome

Cheers

dzalf

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36728
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #6 on: August 07, 2019, 04:57:54 PM »
Quote
I am NOT interested on reporting the file as a false positive since I am certain of its authenticity and functionality.
Reporting it help the next one with same problem
AV vendors cant fix FP problems if no one report it



Offline dzalf

  • Newbie
  • *
  • Posts: 8
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #7 on: August 07, 2019, 06:25:09 PM »
Quote
I am NOT interested on reporting the file as a false positive since I am certain of its authenticity and functionality.
Reporting it help the next one with same problem
AV vendors cant fix FP problems if no one report it

As I mentioned before the file was indeed analysed by Avast. Two minutes after it was sent I got a message indicating that it was safe  :o

Too late. The firmware update had failed already  >:(

Offline Alikhan

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2234
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #8 on: August 08, 2019, 01:50:27 PM »
Quote
I am NOT interested on reporting the file as a false positive since I am certain of its authenticity and functionality.
Reporting it help the next one with same problem
AV vendors cant fix FP problems if no one report it

As I mentioned before the file was indeed analysed by Avast. Two minutes after it was sent I got a message indicating that it was safe  :o

Too late. The firmware update had failed already  >:(

Are you sure it wasn't CyberCapture?
Windows 10 Home 64-bit • Avast Free (latest stable version) •  Malwarebytes 4 Premium (On-Demand) • Windows Firewall Control • Google Chrome • LastPass • CCleaner • O&O ShutUp10 •

Offline dzalf

  • Newbie
  • *
  • Posts: 8
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #9 on: August 12, 2019, 07:08:23 PM »
Pretty sure it wasn't Cybercapture ;)

Quote
I am NOT interested on reporting the file as a false positive since I am certain of its authenticity and functionality.
Reporting it help the next one with same problem
AV vendors cant fix FP problems if no one report it

As I mentioned before the file was indeed analysed by Avast. Two minutes after it was sent I got a message indicating that it was safe  :o

Too late. The firmware update had failed already  >:(

Are you sure it wasn't CyberCapture?

Offline dzalf

  • Newbie
  • *
  • Posts: 8
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #10 on: August 12, 2019, 07:18:47 PM »
Quick update:

An amazing technician from Reglo contacted me directly from Germany and gave me preliminary instructions on how to burn the bootloader before re-loading the firmware.

To do so I need an MPLAB ICD3 (or ICD4 https://shortly.cc/32Ui as the ICD3 is not longer manufactured ) a .bin file and the same firmware file I was trying to upgrade.

I just ordered everything  for the whopping price of ~£200 + an ICSP adapter (https://shortly.cc/7Va8) (~£30) + shipping.

That's the cost of my misery right now...Avast!!!  :(

Once I have everything sorted I will let you know if I succeeded

Wish me luck!

Cheers

dzalf

Offline dzalf

  • Newbie
  • *
  • Posts: 8
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #11 on: February 04, 2020, 07:48:14 PM »
*** FINAL UPDATE ***

So as many of you must have figured out, the solution was to ship the pump back to Germany for the manufacturer to burn the firmware again.

I wanna thank you all for the suggestions however, I have to admit that, due to this big issue, I decided to leave Avast for ever.

Peace and love y'all

dzalf


Offline loungehake

  • Dummy Half
  • Sr. Member
  • ****
  • Posts: 216
  • Come on lad! You've only got 70 yards to go.
Re: The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!
« Reply #12 on: February 06, 2020, 03:20:01 PM »
The moral here is to only to use a computer reserved strictly for the function of applying firmware updates, the relevant files to be obtained via internet connected computers and transferred by a portable storage device.  I know that this is being wise after the event but such an occurance is foreseeable.  Your employer's managers should have been able to foresee this.  To dump blame for this onto a subordinate is very poor and an admission of the inadequacy of management of procedures.  What are managers for?
Windows XP SP3, Avast Free 10.4.2233, Agnitum Outpost Firewall Pro 9.3, Malwarebytes Anti-Exploit, OSArmor, Comodo Memory Firewall
Windows 7 Ultimate x64, Avast Free 20.6.2420, Malwarebytes Anti-Exploit, OSArmor, EMET 5.52 (to ensure that ASLR is always ON)
Windows 8.1 Pro x64, Avast Free 20.6.2420, Malwarebytes Anti-Exploit, OSArmor
Windows 10 Pro x64, Avast Free 20.6.2420, Malwarebytes Anti-Exploit, OSArmor