simon

4 hours ago, heath row said:

got a very reasonable personal crossgrade/upgrade price on the bundle

how much was the crossgrade on the bundle ?

that's a massive drop in price from $499 when launched a week ago !

8 minutes ago, antler said:

Is this one still flagged as malware?

looks ok so far

I think they've changed the way they've packaged the installer so it's harder to scan - still not signed however

ditto....took about 4 attempts.

The release notes for 3.6.2 specifically say that this update is to fix this multiple installation error.

I dunno what is going on at NI HQ but Native Access V2 is turning into a bigger and bigger mess with every release -  running all kinds of buggy background services.

NA v1 worked great for so many years as well.....sigh

When Izotope (and PA?) migrate over to this it's going to be even worse I suspect.

7 minutes ago, heath row said:

Ahhh, just proves you've lost the argument

Sorry,  I wasn't aware we were arguing ? 

Of course if it's important to you then you most certainly win.  Well done sir.

That's the third time you've posted your family photo - and it just gets funnier every time.

Just wondering, which one is you and did you make that hat yourself ?     

2 hours ago, locrian said:

I looked in both %APPDATA\Local and %APPDATA\Roaming

it's %APPDATA% (percentage signs before and after - just cut and paste that into an explorer window) - which takes you to  \appdata\roaming

the .ddl (!) file is in the root of that directory - might be set to hidden by default ?

msregsvv.dll

Part of the IKM authorisation system clumsily masquerading as a MS ddl.

There are others too, spread around your PC.

2 minutes ago, locrian said:

Just curious, which IKM files do you think have incorrect extensions?

I think there are several

take a look in %APPDATA% and sort by 'date' - launch amplitube or tonex - and look at the .dll that gets modified, and starts msxxxx.dll 

that's not a .dll and that's not from microsoft - there are more examples in various other (system?) folders too.  

18 minutes ago, antler said:

My guess is that Availability.exe is for the new subscriptions.

100% agree with that entire post 

IKM have some very ugly coding practices (IMO) like using incorrect file extension in an attempt to hide the purpose of the file etc.

It's this kind of nonsense that encourages AI/ML virus scanners to view these applications as suspicious (which it is!).  I suspect their subscription coding is just as ugly.

The 'unsigned' aspect is pretty unforgivable in 2023 too  - it indicates IKM attitude to security - and their response to customer concerns....well not very impressive.

it's just my 2cents but as a general rule I think it's worth having Windows Defender enabled, especially if you don't have any other antivirus software installed. 

On Windows 10 there is very little (more or less zero) CPU overhead although it can just slow down some things like opening Kontakt or big libraries.

just my opinion

3 minutes ago, locrian said:

Any suggestions for the safest course of action

It's most likely to be just a false positive so no need to stress unnecessarily, but this is what I would do.

1. I'm assuming you are using Windows (?) - in that case make sure you update your virus definitions for Windows Defender (a Windows Update check will sort that). If you are on a mac then nothing to do, that was flagged as clean.

2. Do a full system scan with Windows Defender.

3. I can't imagine any reason why anyone would need to 'emergency update' any IKM products ? so no need to run the product manager for the time being.

4. It seems to be one very specific file in the "program folder" that I mentioned in a previous reply that is causing the problem - I'd be tempted to rename (or delete it).  Or you could uninstall the product manager - again I don't think that affects any current installations or authorisations (unless you have a subscription?). Easy enough to re-install when the dust settles.

IMO It's very good news if Windows Defender flags it - even if it's a false positive.  This means that most Windows users are getting protected and might force IKM to do something about it.  I haven't got it installed anywhere to be able to check it - might spin up a VM at some point and take a look,

Hope that all makes sense and as I say I suspect that it's far more likely a false positive.

Let us know what happens after you scan with windows defender.

1 minute ago, User 905133 said:

That can't be what they are saying, can it?

seems like it !

I noticed that somebody is reporting over on Gearspace that Windows Defender is now flagging the installer as containing a trojan.

the saga continues ...sigh

4 minutes ago, Bruno de Souza Lino said:

why can't you make it update automatically?

in this case I'm really glad they didn't

1 hour ago, Promidi said:

IKM Product manager 1.0.8 Is fine here, with latest Malwarebytes Premium and latest defs.

yes, it currently comes up clean with Malwarebytes .......but.....

Google
F-Secure
McAfee (2 versions)
Fortinet
etc 

All showing positive.  

Upload 'availability.exe' from the \program files\ik multimedia\ik product manager\resources\ to Virustotal to see  

If you look at the results of an "actual-real-life-guaranteed Trojan" such as the 'similar' Trojan:W32/Lokibot (file hash is on the f-secure site) - this has a keylogger and a password stealer and you'll see lots of scanners say 'fine' - including Clam-AV, Acronis, Palo-Alto for example. 

A 'negative' is no guarantee of safety - just as a 'positive' is no guarantee of malware.

Seeing 12 scanners, including some generally reliable ones, give a positive result raises lots of red flags for me.   I really hope they are 'false positives' but it's entirely possible that a computer at IKM was infected and this found it's way into the installer package ?  This situation is made even worse as IKM refuse to sign their Windows installers (saving approx $10!).

Everybody needs to make their own mind up if it's safe to install, but it's important people know about it (IMO)  so they can make the choice.....and that's why I'm posting about it on this forum.   I would suggest that IKM should clarify what is going on.

Also a bit odd they quietly deleted the virus warnings that other users had posted on their own website forum.....

edit - can't be bothered to engage

just to update

no change - IKM claim to have submitted the files and had them verified as a 'false positive' - but the virus scanners still show as infected.

15 hours ago, Peter - IK Multimedia said:

False positive for the previous, was submitted and cleared and the 1.0.8 should not trigger any AV.

Edit - from what I'm hearing, since I have only updated on macOS so far today.

nope - this only affects the windows installer - the mac installer is clean

and the  Windows version HAS NOT been cleared - and v1.08 also shows as infected 

16 hours ago, Peter - IK Multimedia said:

Yes, a previous version had a false positive (submitted and verified as a non-threat) and the new one shouldn't trigger anything at all.  What a scandal!

I'm glad you find it amusing ! Unfortunately what you say is not correct.

The previous version (v1.07) still shows a virus and HAS NOT been verified as a non-threat.

The new version (v1.08) also gets flagged by Virustotal as a virus - the file 'availability.exe' is flagged by 12 different scanners as infected so it's not just a 'rogue' false positive

There was a thread on the IKM forums with other users reporting the issue - that thread has been quietly deleted.

What a scandal!

note:

I don't want to spoil the party but can I point out this....

1 hour ago, Bruno de Souza Lino said:

It's probably a tracker of sorts.

who knows ? but 12 scanners are currently showing the file as malicious and containing a specific trojan not just reporting 'random phone home' behaviour - which lots of software does.  The scanners that are flagging it are some of the biggest and most reliable scanners too.

If they have submitted the file for a 'false positive' assessment as @Peter - IK Multimedia says then we should see it come up as clean.  This hasn't happened as yet.   

IKM are not immune to viruses - nobody is.   There is zero reason to believe it's NOT been infected unless the files is cleared by a 'false positive' assessment or IKM give us more information.

Personally, I would recommend anyone who installed it on Windows to remove it and to do a full system scan with their preferred virus scanner.  I would also hold off on installing v1.08 until we know what happened.  Obviously anyone is free to trust or install whatever they like.

EDIT

v1.08 is now showing as infected by multiple virus scanners - currently 7 positives but increasing......

7 hours ago, Peter - IK Multimedia said:

The file was submitted, it usually doesn't take long to get processed as a false positive.

v1.07 is still showing as infected.  What leads you to  say it's a 'false positive' ?

Looks like it's a file within the installer/manager - "availability.exe" that is now being flagged by 12 different malware scanners as malicious on virustotal.

it would be good to get an update as it's likely many will have installed this version.

10 minutes ago, Peter - IK Multimedia said:

The file was submitted, it usually doesn't take long to get processed as a false positive.

rest assured I'm keeping an eye on this. As mentioned above 1.07 is still being flagged as malicious.

why do you say it's a false positive - IKM have refused to sign their installers so trivial to modify them.

8 minutes ago, Brian Walton said:

Some real BS is going on

classic bait and switch