Hi guys,

M$ Antivirus has just now decided UCCNC.exe contains a trojan win32/Zpevdo.A


Did anyone else have this problem?

UCCNC setup is 1.2048


https://uploads.tapatalk-cdn.com/20180908/ed181aa3b6198d514dea6a217fd63b4c.jpg

Verstuurd vanaf mijn SM-A320FL met Tapatalk

Upload the "UCCNC.exe" to Virus Total. https://www.virustotal.com/

How many are detecting? Link the result.


The setup.exe is showing 3 now on VT (was previously one) after I just uploaded a fresh copy.
Probably just detecting with new virus signatures.

Typically you should not worry unless a good handful of the VirusTotal detectors come up with positives.
That being said, run a full system scan and keep an eye on the host computer over the next week or so.

Ok so i uploaded UCCNC.exe.

https://www.virustotal.com/nl/file/027822821bc11f92de8badfa17ba5d99211f9d800b95dc1410 f07425d6d76138/analysis/

12/69



eh.


I downloaded from CNCDRIVE, do we need to contact Balasz?


Grtz Bert

It's a bit of a known problem with the MS virus checker.
Anytime a new version of something is released, it can trigger false positives.
Dynomotion's KMotionCNC suffers the same problem until it's been out for a few days, and there's event software I use, which also has the same problem when a new update is released (MS even shut the app downand sandboxed it last month mid-event, which caused me a bit of a problem!).

It's all to do with the virus checker finding features in the software that could indicate it's doing things it shouldn't. In the case of the event software, it has a lot of functionality for replicating data to servers, which I guess gets flagged as potential Malware, and in KMotionCNC I suspect it's due to containing a lot of small example programs and source code, some of which are accessing system files. I'd imagine UCNC is being flagged for similar.

It's a bit of a known problem with the MS virus checker.
Anytime a new version of something is released, it can trigger false positives.
Dynomotion's KMotionCNC suffers the same problem until it's been out for a few days, and there's event software I use, which also has the same problem when a new update is released (MS even shut the app downand sandboxed it last month mid-event, which caused me a bit of a problem!).

It's all to do with the virus checker finding features in the software that could indicate it's doing things it shouldn't. In the case of the event software, it has a lot of functionality for replicating data to servers, which I guess gets flagged as potential Malware, and in KMotionCNC I suspect it's due to containing a lot of small example programs and source code, some of which are accessing system files. I'd imagine UCNC is being flagged for similar.Yes i had the software running a few weeks now...

So why is it a problem now?

So i flagged the UCCNC directory for no scanning for now and i will check in a few days...

Grtz Bert.

Verstuurd vanaf mijn SM-A320FL met Tapatalk

Is it on a computer with good internet access?

In the case of the event software shutting down, I'd installed the latest version the previous evening, at which point I assume a copy had been uploaded to MS for testing. It was the next morning after getting an internet connection setup having dealt with the initial rush, all the software shut down, which I'm guessing is the point the virus checker got details about the software being infected back from MS.

It could be MS have discovered some new virus that matches something in UCNC, so it's only just being flagged. If it is a false positive it should sort itself out in a couple days and stop being flagged.

Are you the same person posting this at the UCCNC forum and CNC Zone?
If not, I'd add an exclusion to Windows Defender for the UCCNC folder. I added the exclusion a long time ago, as it allows UCCNC to start faster. An added benefit is it prevents false positives.

Are you the same person posting this at the UCCNC forum and CNC Zone?
If not, I'd add an exclusion to Windows Defender for the UCCNC folder. I added the exclusion a long time ago, as it allows UCCNC to start faster. An added benefit is it prevents false positives.

Eh no... i try to keep my online identity to driftspin only.

I also don't like to shop arround for info on all different places.

Is someone posting under drifspin elsewhere?

Yes i did throw a exclusion in MS AV.
Ill check in few days if AV still flags UCCNC.exe

Grtz Bert.



Verstuurd vanaf mijn SM-A320FL met Tapatalk

. . . . . . . MS even shut the app down and sandboxed it last month mid-event, which caused me a bit of a problem! . . . . . . . .

Which is why I'm never going back to Windows 10!!!! which I assume you were running?

Is someone posting under driftspin elsewhere?

No, someone else.
Apparently, a lot of people are running into this.
I've had an Exclusion on my UCCNC folder for a long time, and have not had any issues on two PC's running Windows 10.

Apparently it is a false alert generated by some anti virus software. Confirmed by CNC Drive as well. Balázs contacted those companies, including MS. Until further we have to add an exclusion.

Which is why I'm never going back to Windows 10!!!! which I assume you were running?Uh.. no, no windows 10...
Not yet that is...
I dont like the extra layer off user interface windows 10 has. Afraid i cant avoid it in the long run though.

.

Fusion360 is on a desktop machine with a discrete vga card (I5 2500k 8gb ssd+ 4gb1050ti) which is working ok for me for now.

I have not made any designs yet that need better hardware.

I have a windows 7 x64 laptop to run uccnc for now
It is a HP 2nd gen i5 with 8gb memory 1tb sshd.

I want to network them but found uc300eth does not like being networked through a switch to my Fritzbox router for some reason.

I need to do some wiresharking to find out what is going on.
Every time i start uccnc the connection drops.

When i have a direct connection (not on a switch) everything is working great.

Maybe i should not network it and just have it direct connect to the laptop.

The laptop is multifunctional device for now. homework for kids diagnostic tool for my car and so on.

I am moving the kids to their own hardware... trying to claim the laptop for mancave purposes only.

Maybe ill have the laptop wifi connect to the desktop and uc300eth by wired port.


Grtz Bert.

Verstuurd vanaf mijn SM-A320FL met Tapatalk

Uh.. no, no windows 10...
Not yet that is...
I dont like the extra layer off user interface windows 10 has. Afraid i cant avoid it in the long run though.

.

Fusion360 is on a desktop machine with a discrete vga card (I5 2500k 8gb ssd+ 4gb1050ti) which is working ok for me for now.

I have not made any designs yet that need better hardware.

I have a windows 7 x64 laptop to run uccnc for now
It is a HP 2nd gen i5 with 8gb memory 1tb sshd.

I want to network them but found uc300eth does not like being networked through a switch to my Fritzbox router for some reason.

I need to do some wiresharking to find out what is going on.
Every time i start uccnc the connection drops.

When i have a direct connection (not on a switch) everything is working great.

Maybe i should not network it and just have it direct connect to the laptop.

The laptop is multifunctional device for now. homework for kids diagnostic tool for my car and so on.

I am moving the kids to their own hardware... trying to claim the laptop for mancave purposes only.

Maybe ill have the laptop wifi connect to the desktop and uc300eth by wired port.


Grtz Bert.

Verstuurd vanaf mijn SM-A320FL met Tapatalk

I am using laptops in my home LAN and the UC300ETH is connected through a LAN switch and that works fine. W10 is no problem. Have it on all my computers.

I am using laptops in my home LAN and the UC300ETH is connected through a LAN switch and that works fine. W10 is no problem. Have it on all my computers.Ok that is good to know.

When i find out what in my network is making the uc300eth or laptop disconnect UCCNC i will report back on that.


Grtz Bert.



Verstuurd vanaf mijn SM-A320FL met Tapatalk

Which is why I'm never going back to Windows 10!!!! which I assume you were running?

Yes, but I quite like Windows 10 now, and it was the only option when I ordered my new laptop. I did opt for Pro though as it gives you more control over things.

I've got it on my milling machine with a touchscreen, and I find it far better than 7 or 8 with a touchscreen, but that machine only gets internet connection when it really needs connected, which is the same for all my machines.

Yes, but I quite like Windows 10 now, and it was the only option when I ordered my new laptop. I did opt for Pro though as it gives you more control over things.

I've got it on my milling machine with a touchscreen, and I find it far better than 7 or 8 with a touchscreen, but that machine only gets internet connection when it really needs connected, which is the same for all my machines.

That is my BIG gripe with Windows 10, that you have so little control over MS assuming control of your machine effectively whenever they like (even with Pro when I was last on Windows 10), so I suppose the only way to properly assume a semi-decent level of control yourself is as you say "only gets internet connection when it really needs connected"

That is my BIG gripe with Windows 10, that you have so little control over MS assuming control of your machine effectively whenever they like (even with Pro when I was last on Windows 10), so I suppose the only way to properly assume a semi-decent level of control yourself is as you say "only gets internet connection when it really needs connected"Yes i think there is 2 ways to go about this.
Standalone/offline approach or go all in and online allways.

Grtz Bert.

Verstuurd vanaf mijn SM-A320FL met Tapatalk

UCCNC 1.2049 was released. (http://www.forum.cncdrive.com/viewtopic.php?f=12&t=1537#p11654) It seems that the problem is fixed by this new release.

UCCNC 1.2049 was released. (http://www.forum.cncdrive.com/viewtopic.php?f=12&t=1537#p11654) It seems that the problem is fixed by this new release.Ah ok thank you... ill check in for the update soon.

Need to find some time though. :-)

Grtz Bert.






Verstuurd vanaf mijn SM-A320FL met Tapatalk

i had the same problem I acepted the virus ,, Laptop is still working ..
I informed Balasz

Balasz is already informed
I had the same problem and accepted the virus had til now no problems

Why I bother with that, was happily used mach3

https://www.virustotal.com/gui/file/d44f1d3b7b3969448d0f68642ba844f70a8a74bf5a07299ee8 b9855b3bcb9a8f/detection

Balasz is already informed
I had the same problem and accepted the virus had til now no problems

Now we have Feb 2021 and still there are 3 trojan in exe file ?

Now we have Feb 2021 and still there are 3 trojan in exe file.

No that isn't correct and I have the answer to why you are seeing these false Trojan results. However, I can't post the answer until I have permission from Balazs, which I'm sure he will give when he replies to my email.

But in the meantime don't worry there is NO TROJAN or virus in UCCNC.exe

False positives are fairly common from the AV companies which are focussed on mainstream and too lazy to react quickly to reports from smaller software publishers.
Microsoft being less than pro-active here is no surprize at all, they have your money and that's their primary concern!

Ok, when I saw this post it concerned me so I reached out to Balazs who owns CNCDrive to get the official word on this and here is his reply. I did ask his permission to post this which he agreed needed to be published to stop any worries people may have, so here goes.

Hi Dean,


Thank you for the information.


As you can see from the Virustotal report basically all large antivirus softwares report the file negative to viruses and 3 small virus companies reports it malicious and "confused".
Which is true, the UCCNC.exe file is Obfuscated with a software called "Confuser" for anti-cracking protection.
This is why some antivirus softwares sees it suspicious, because they cannot look into the file properly as the code is obfuscated.


And earlier it was worse, because we packaged the motion control native dll API into the UCCNC exe file which is also suspicious to antivirus softwares.
Then there were about 20-25 false positive reports on the Virustotal site, the worst was that the largest companies also reported false positive including The Windows Defender.
Funny thing is that it was not suspicious for any antivirus for years and with a blink of an eye the same became suspicious to them. :)
It is false positive (we even sent the file to the Microsoft antivirus team and they checked and confirmed that it is false positive), but as it caused issues to customers we unpackaged the native API dll from the UCCNC.exe in the next UCCNC release and made changes in the file structure.
So, now only some small not important virus companies report it false positive and the large ones like Avast and Windows Defender etc. see that the file is clean.


What we could do to make the file look fully clean to all antivirus softwares is if we would not obfuscate it, but we will not do that, because then the software would become very vurnable to crackers. :(
We think that it is good enough that 99% of the antivirus companies report it nagative and that 1% whos software reports it false positive are small antivirus companies with very small market share, so...


Thank you.


Best Regards, Balazs

False positives are fairly common from the AV companies which are focussed on mainstream and too lazy to react quickly to reports from smaller software publishers.
Microsoft being less than pro-active here is no surprize at all, they have your money and that's their primary concern!

Agree! I've had some excellent virus free software, that simulates mainframe editing on PC for dinosaurs, incurring false positives from on these sites.