The PUP feature BRICKED my £2000 Ismatec Reglo ICC peristaltic pump!

Guys

I am basically posting here a little rant on what the PUPs engine did to my lab equipment this morning.

I was upgrading the firmware of the pump when suddenly a pop-up window from Avast detected that the process being executed by idex_prog.exe could be a Potentially Unwanted Program (PUP).

I flagged the file as trusted however the uploading process cut-off and the firmware of the pump was corrupted during transfer.

All because of a paranoid application that I didn’t even enable myself! Please DISABLE IT BY DEFAULT!!!

I KNOW that I should have disabled the AV protection before the upgrade but I simply didn’t thought of it at that moment.

Please be aware of a feature that could screw you up badly.

AVAST: What can you say on this respect? Now I must try to unbrick a piece of shared equipment from our biotechnology lab or pay for something that YOUR software did. >:(

I am REALLY disappointed of you guys

dzalf

False positives happens to all security programs, no security program have 100% detection or zero false positives

Report a false positive (select file or website)
https://www.avast.com/false-positive-file-form.php

https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

I’m not sure what shield did the detection.

Scanning for PUPs is/was meant to be off by default, it certainly is/was on my systems.
However Off is possibly not the right determination as it would appear to be set to Ask by default (a change from past default settings), which it would appear to have done on your system.

On my XP system with Avast Free 18.5.xxxx that installation still has the old settings were PUP scanning is disabled by default.

Not much joy for you, but I would certainly consider setting PUP scanning to Ignore potentially unwanted programs.

Dear Pondus

Thanks for your reply.

In fact after the file was submitted to Avast for inspection another pop-up emerged (2 minutes after or so) saying that the file was analysed an did not represent a threat. Too late! The transfer had already failed >:(

The main issue is that I was dealing with delicate hardware at the time the PUP function was self-activated. This should NOT happen under any circumstances when upgrading firmware of any type of equipment and PUP should be an optional feature when installing the software

Once again. I admit that I should have disabled all the shields from Avast however PUP should be OPTIONAL in my opinion.

I am seriously considering of quitting Avast for good after this. I usually work with RS232 protocols and “suspicious” software on different equipment and this is the first time that this has ever happened to me.

I am NOT interested on reporting the file as a false positive since I am certain of its authenticity and functionality. The main problem here is that an unsolicited action from the antivirus has bricked an expensive piece of equipment and it’s ME who must assume the responsibility and fix it no matter how long (or how much) it takes/costs (accepting the fact that Avast will not help me in any way, shape or form)

Sad. Really sad :frowning:

dzalf

Dear DavidR

I actually already disabled it and for the record is the FIRST time that I touch the setting on my installation which means it was set as default :frowning:

Indeed. No much joy…if any. I am in touch with the technical support from Ismatech but is highly possible that I will have to send the unit back for factory reprogramming.

A very simple upgrade that was supposed to be done within 2 minutes is gonna cost me and take weeks. You might imagine how my colleagues are looking at me right now in the lab after this, right?

dzalf

So it’s happening RIGHT NOW: I am uninstalling Avast for good and saying goodbye to them for who knows how long.

Perhaps I might reconsider going back if they are serious enough to give me some sort of response but that is NOT likely to happen.

Still technical support from Ismatec are dealing with my case

If you are interested on knowing how this story ends give me some time to sort it out and I’ll post the outcome

Cheers

dzalf

I am NOT interested on reporting the file as a false positive since I am certain of its authenticity and functionality.
Reporting it help the next one with same problem AV vendors cant fix FP problems if no one report it

As I mentioned before the file was indeed analysed by Avast. Two minutes after it was sent I got a message indicating that it was safe :o

Too late. The firmware update had failed already >:(

Are you sure it wasn’t CyberCapture?

Pretty sure it wasn’t Cybercapture :wink:

Quick update:

An amazing technician from Reglo contacted me directly from Germany and gave me preliminary instructions on how to burn the bootloader before re-loading the firmware.

To do so I need an MPLAB ICD3 (or ICD4 https://shortly.cc/32Ui as the ICD3 is not longer manufactured ) a .bin file and the same firmware file I was trying to upgrade.

I just ordered everything for the whopping price of ~£200 + an ICSP adapter (https://shortly.cc/7Va8) (~£30) + shipping.

That’s the cost of my misery right now…Avast!!! :frowning:

Once I have everything sorted I will let you know if I succeeded

Wish me luck!

Cheers

dzalf

*** FINAL UPDATE ***

So as many of you must have figured out, the solution was to ship the pump back to Germany for the manufacturer to burn the firmware again.

I wanna thank you all for the suggestions however, I have to admit that, due to this big issue, I decided to leave Avast for ever.

Peace and love y’all

dzalf

The moral here is to only to use a computer reserved strictly for the function of applying firmware updates, the relevant files to be obtained via internet connected computers and transferred by a portable storage device. I know that this is being wise after the event but such an occurance is foreseeable. Your employer’s managers should have been able to foresee this. To dump blame for this onto a subordinate is very poor and an admission of the inadequacy of management of procedures. What are managers for?