Jump to content
Fast6er

Cura 2.3.1 flagged by Virustotal

Recommended Posts

Posted · Cura 2.3.1 flagged by Virustotal

Hi team-

My new workplace has very stringent software security policies, including thorough inspection of software that hasn't previously been vetted.

One of the steps is a Virustotal scan, and Cura 2.3.1 threw 4 flags. FWIW, 2.3.0 threw 2 flags.

As such, I have no recourse to install the software on my corporate computer, which is a real downer.

Is there anything that can be done to address these (assuming) false positives, or, (worst case) malicious code?

Thanks in advance for any help or insight.

Share this post


Link to post
Share on other sites
Posted · Cura 2.3.1 flagged by Virustotal

If your workplace had competent IT people they would know that 4 positives on Virustotal doesn't really mean anything.

Share this post


Link to post
Share on other sites
Posted · Cura 2.3.1 flagged by Virustotal

If you knew who my employer was, you may revise your opinion :)

Here's the report:

linky

As I mentioned, this is one metric of several they use, and these results make them wary. The responsibility lies on either me or Ultimaker to prove that Cura is safe to install and run. My experience is purely anecdotal across several machines and versions, and that's not worth much to them. Their suggestion was that I ask for Ultimaker's input.

Share this post


Link to post
Share on other sites
Posted · Cura 2.3.1 flagged by Virustotal

I find it a little odd that the file being analyzed is a win64 program, yet the Virustotal scan categorizes it as a win32 / 386 processor executible.

Are they sure they analyzed the right file or are their catagories that far out of date?

Share this post


Link to post
Share on other sites
Posted · Cura 2.3.1 flagged by Virustotal

"Generic Trojan" -> there is fairly little we can do about this. We tried getting Cura listed on the whitelist of some of the virus scanner companies, but it's a lot of work getting it done with every single one of them.

We suspect that it's the combination of Cura being able to send statistics (if you agree) and it using a local (socket) connection with the backend.

What would it take to prove that it's safe? Show them the source code? That we can do! ;)

  • Like 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Our picks

    • Ultimaker Cura 4.0 | Stable available!
      Ultimaker Cura 4.0 is mainly focused on the improved user interface and cloud integration.
      As always, we want to collect your user feedback for this release. If there are any improvements you can think of, feel free to mention it here and help us to shape the next release.
      • 65 replies
×
×
  • Create New...

Important Information

Welcome to the Ultimaker Community of 3D printing experts. Visit the following links to read more about our Terms of Use or our Privacy Policy. Thank you!