Why was this application blocked by Antivirus Software? Win32/VulnInsydeDriver.A

Discussion in 'UDOO X86' started by LDighera, Oct 4, 2019.

  1. LDighera

    LDighera UDOOer

    Joined:
    Jan 13, 2014
    Messages:
    192
    Likes Received:
    30
    Immediately subsequent to the installation of: Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.303.837.0), Windows Defender Antivirus quarantined six Insyde programs found within UDOOX86_B02-UEFI_Update_rel102.zip and Temp1_UDOOX86_B02-UEFI_Update_rel104.zip found on my MS Surface Pro. Here's the Defender report:

    [​IMG]

    MS Defender referred me to this page: https://www.microsoft.com/en-us/wds...gram:Win32/VulnInsydeDriver.A&threatid=258247
    that then referred me to this page: https://www.insyde.com/security-pledge/application-blocked whose Insyde Software Tool Security Advisory is not found.

    The Insyde application-blocked page provides this terse information:
    Is anyone able to provide any insight into the issue involved here?

    Is Insyde actually providing virus software in their tool suite?
     
  2. LDighera

    LDighera UDOOer

    Joined:
    Jan 13, 2014
    Messages:
    192
    Likes Received:
    30
    This file failed to be included in the above message: WinDefenderInsydeQuarantine.JPG
     
  3. riri0

    riri0 UDOOer

    Joined:
    Aug 18, 2019
    Messages:
    4
    Likes Received:
    0
    Does it say Virus anywhere? No it doesn't. It's written there in plain English from the link you gave. Your Antivirus is warning you of a potential Vulnerability in an application you are trying to use. This means bad guys can use the application to do bad things to your computer.

    You should continue only if you have downloaded it from an official source that you trust (UDOO?) and you intend to flash your bios. In the case above, it is not dangerous as you know what you are doing and you intend to do so. If your UDOO is a bad guy and you don't trust them, you wouldn't buy their product in the first place now would you?

    If you did not intend to download and run the said application, for example by opening a suspicious email attachment, then it is dangerous as that means some bad guy is trying to modify/damage your computer with the said application and your antivirus is stopping your from doing so.
     
  4. evaloverde

    evaloverde Administrator Staff Member

    Joined:
    Apr 29, 2019
    Messages:
    101
    Likes Received:
    23
    Thank you for being so passionate, but please keep it respectful. No need to get heated up. Some users might not be as experienced as others, it's okay.
     
  5. LDighera

    LDighera UDOOer

    Joined:
    Jan 13, 2014
    Messages:
    192
    Likes Received:
    30
    Thank you for your interest in this matter.

    The point is, that the latest Windows update will quarantine or delete the Insyde tool required to update the Udoo firmware. Presumably, there will be several Udoo users with the Insyde firmware update tools on their Windows machines who will see this issue. My intent was to provide a heads-up.

    The other point is, that in my opinion Insyde's message is poorly worded, and the link on their page https://www.insyde.com/security-pledge/2019001 links to page that is not found. I find it interesting that Insyde's Security Pledge is missing from their web site. That is less than reassuring on several levels...

    I'll send copies of my message to these addresses:
    It was the information Microsoft kindly provided about the "offending" Insyde file on this page that I found concerning:

     
  6. ccs_hello

    ccs_hello UDOOer

    Joined:
    Apr 15, 2017
    Messages:
    391
    Likes Received:
    150
    Yeah, probably harmless from an advanced user point of view. Any tool that goes deep and will make permanent changes (or damages) to the system probably will be flagged.
     
    LDighera likes this.

Share This Page