Jump to content

IK Product Manager downgraded to 0.0.0

Fleer

By Fleer
in Deals

 Share

Recommended Posts

  • Replies 40
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Fleer
Fleer
simon
simon

yes, it currently comes up clean with Malwarebytes .......but..... Google F-Secure McAfee (2 versions) Fortinet etc  All showing positive.   Upload 'availability.exe' from the \

simon
simon

100% agree with that entire post  IKM have some very ugly coding practices (IMO) like using incorrect file extension in an attempt to hide the purpose of the file etc. It's this kind of nons

simon

simon

Posted
Posted (edited)
1 hour ago, Promidi said:

IKM Product manager 1.0.8 Is fine here, with latest Malwarebytes Premium and latest defs.

yes, it currently comes up clean with Malwarebytes .......but.....

Google
F-Secure
McAfee (2 versions)
Fortinet
etc 

All showing positive.  

Upload 'availability.exe' from the \program files\ik multimedia\ik product manager\resources\ to Virustotal to see :) 

If you look at the results of an "actual-real-life-guaranteed Trojan" such as the 'similar' Trojan:W32/Lokibot (file hash is on the f-secure site) - this has a keylogger and a password stealer and you'll see lots of scanners say 'fine' - including Clam-AV, Acronis, Palo-Alto for example. 

A 'negative' is no guarantee of safety - just as a 'positive' is no guarantee of malware.

Seeing 12 scanners, including some generally reliable ones, give a positive result raises lots of red flags for me.   I really hope they are 'false positives' but it's entirely possible that a computer at IKM was infected and this found it's way into the installer package ?  This situation is made even worse as IKM refuse to sign their Windows installers (saving approx $10!).

Everybody needs to make their own mind up if it's safe to install, but it's important people know about it (IMO)  so they can make the choice.....and that's why I'm posting about it on this forum.   I would suggest that IKM should clarify what is going on.

Also a bit odd they quietly deleted the virus warnings that other users had posted on their own website forum.....

 

Edited by simon
  • Like 5
  • Thanks 2
  • Great Idea 1
Link to comment
Share on other sites
locrian

locrian

Posted
Posted
5 minutes ago, ralfrobert said:

Abandon their hot mess and never turn back. 

Actually I haven't used any IKM software for quite a while but thought I'd update what I had and give them another try.

Well, IKM never fails to disappoint me.  So your suggestion may be the best advice of all.

Link to comment
Share on other sites
simon

simon

Posted
Posted
3 minutes ago, locrian said:

Any suggestions for the safest course of action

It's most likely to be just a false positive so no need to stress unnecessarily, but this is what I would do.

1. I'm assuming you are using Windows (?) - in that case make sure you update your virus definitions for Windows Defender (a Windows Update check will sort that). If you are on a mac then nothing to do, that was flagged as clean.

2. Do a full system scan with Windows Defender.

3. I can't imagine any reason why anyone would need to 'emergency update' any IKM products ? so no need to run the product manager for the time being.

4. It seems to be one very specific file in the "program folder" that I mentioned in a previous reply that is causing the problem - I'd be tempted to rename (or delete it).  Or you could uninstall the product manager - again I don't think that affects any current installations or authorisations (unless you have a subscription?). Easy enough to re-install when the dust settles.

IMO It's very good news if Windows Defender flags it - even if it's a false positive.  This means that most Windows users are getting protected and might force IKM to do something about it.  I haven't got it installed anywhere to be able to check it - might spin up a VM at some point and take a look,

Hope that all makes sense and as I say I suspect that it's far more likely a false positive.

Let us know what happens after you scan with windows defender.

 

 

  • Like 2
  • Thanks 1
Link to comment
Share on other sites
ralfrobert

ralfrobert

Posted
Posted
2 minutes ago, locrian said:

Actually I haven't used any IKM software for quite a while but thought I'd update what I had and give them another try.

Well, IKM never fails to disappoint me.  So your suggestion may be the best advice of all.

As far as my installations are concerned, I will remove the product manager until the issue is resolved. If the software is non functional in the meantime, so be it. 

Link to comment
Share on other sites
locrian

locrian

Posted
Posted
2 minutes ago, simon said:

It's most likely to be just a false positive so no need to stress unnecessarily, but this is what I would do.

1. I'm assuming you are using Windows (?) - in that case make sure you update your virus definitions for Windows Defender (a Windows Update check will sort that). If you are on a mac then nothing to do, that was flagged as clean.

2. Do a full system scan with Windows Defender.

3. I can't imagine any reason why anyone would need to 'emergency update' any IKM products ? so no need to run the product manager for the time being.

4. It seems to be one very specific file in the "program folder" that I mentioned in a previous reply that is causing the problem - I'd be tempted to rename (or delete it).  Or you could uninstall the product manager - again I don't think that affects any current installations or authorisations (unless you have a subscription?). Easy enough to re-install when the dust settles.

IMO It's very good news if Windows Defender flags it - even if it's a false positive.  This means that most Windows users are getting protected and might force IKM to do something about it.  I haven't got it installed anywhere to be able to check it - might spin up a VM at some point and take a look,

Hope that all makes sense and as I say I suspect that it's far more likely a false positive.

Let us know what happens after you scan with windows defender.

 

 

Thanks, Simon!  I'll report back after I'm done...

  • Thanks 1
Link to comment
Share on other sites
locrian

locrian

Posted
Posted
12 minutes ago, simon said:

It's most likely to be just a false positive so no need to stress unnecessarily, but this is what I would do.

1. I'm assuming you are using Windows (?) - in that case make sure you update your virus definitions for Windows Defender (a Windows Update check will sort that). If you are on a mac then nothing to do, that was flagged as clean.

2. Do a full system scan with Windows Defender.

3. I can't imagine any reason why anyone would need to 'emergency update' any IKM products ? so no need to run the product manager for the time being.

4. It seems to be one very specific file in the "program folder" that I mentioned in a previous reply that is causing the problem - I'd be tempted to rename (or delete it).  Or you could uninstall the product manager - again I don't think that affects any current installations or authorisations (unless you have a subscription?). Easy enough to re-install when the dust settles.

IMO It's very good news if Windows Defender flags it - even if it's a false positive.  This means that most Windows users are getting protected and might force IKM to do something about it.  I haven't got it installed anywhere to be able to check it - might spin up a VM at some point and take a look,

Hope that all makes sense and as I say I suspect that it's far more likely a false positive.

Let us know what happens after you scan with windows defender.

 

 

Okay, that was quick.  I don't have Windows Defender installed on my system (Win10).  I looked in Windows Security > Virus and Threat Protection and nothing (Microsoft-based) is there.

So, in lieu of running a Defender scan, I'll just delete the IKM PM and hope for the best.
 

  • Great Idea 1
Link to comment
Share on other sites
antler

antler

Posted
Posted (edited)
20 minutes ago, simon said:

Hope that all makes sense and as I say I suspect that it's far more likely a false positive.

I agree - it's probably a false positive.

My guess is that Availability.exe is for the new subscriptions. As mentioned in another thread, some products appear to need an online connection at least every 72 hours. My guess is that Availability.exe scans the hardware it's running on, converts the results into some kind of hash ID, and sends it back to IK for subscription status verification at regular intervals. This might be seen as suspicious behaviour. From a trusted source, it's no problem. But for an app that isn't trusted*, it could potentially be considered as malicious - hence flagged by malware scanners.

* By trusted, I mean from the computer's perspective, i.e. the app is signed with a trusted certificate.

Edited by antler
  • Like 1
  • Thanks 1
Link to comment
Share on other sites
simon

simon

Posted
Posted

it's just my 2cents but as a general rule I think it's worth having Windows Defender enabled, especially if you don't have any other antivirus software installed. 

On Windows 10 there is very little (more or less zero) CPU overhead although it can just slow down some things like opening Kontakt or big libraries.

just my opinion :)

  • Like 3
Link to comment
Share on other sites
simon

simon

Posted
Posted
18 minutes ago, antler said:

My guess is that Availability.exe is for the new subscriptions.

100% agree with that entire post 

IKM have some very ugly coding practices (IMO) like using incorrect file extension in an attempt to hide the purpose of the file etc.

It's this kind of nonsense that encourages AI/ML virus scanners to view these applications as suspicious (which it is!).  I suspect their subscription coding is just as ugly.

The 'unsigned' aspect is pretty unforgivable in 2023 too  - it indicates IKM attitude to security - and their response to customer concerns....well not very impressive.

  • Like 4
Link to comment
Share on other sites
simon

simon

Posted
Posted
2 minutes ago, locrian said:

Just curious, which IKM files do you think have incorrect extensions?

I think there are several

take a look in %APPDATA% and sort by 'date' - launch amplitube or tonex - and look at the .dll that gets modified, and starts msxxxx.dll 

that's not a .dll and that's not from microsoft - there are more examples in various other (system?) folders too.  

 

  • Like 1
  • Sad 1
Link to comment
Share on other sites
TheSteven

TheSteven

Posted
Posted (edited)
6 hours ago, simon said:

This situation is made even worse as IKM refuse to sign their Windows installers (saving approx $10!).

Actually between $179 USD to $499 USD a year, cheaper if you buy multiyear packages.  Apple certs run around $100 per year.
(maybe $10 if you consider splitting that cost over their numerous products)
I've seen some cheaper Windows certs but they're issued per person not per company.
But do 100% agree that a company IKM's size really should have their products signed.

 

Edited by TheSteven
  • Like 3
  • Thanks 1
Link to comment
Share on other sites
locrian

locrian

Posted
Posted
1 hour ago, simon said:

I think there are several

take a look in %APPDATA% and sort by 'date' - launch amplitube or tonex - and look at the .dll that gets modified, and starts msxxxx.dll 

that's not a .dll and that's not from microsoft - there are more examples in various other (system?) folders too. 

Hmm.  I looked in both %APPDATA\Local and %APPDATA\Roaming but did not find the files you described.  I also checked the IK Multimedia folder in Roaming and the Temp folder in Local but didn't find them there either.

FYI, I did do a 'refresh' everytime before looking b/c I know MS is too damn lazy to do a screen refresh for me.

Also, I should mention that I uninstalled Tonex a few days ago b/c I never used it and wanted my 4GB+ of storage back.  The standalone version of AmpliTube I used in the test is 5.7.1 (23108).

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...