virus/trojan on loxone update?

391 views
Skip to first unread message

RSinn

unread,
Oct 29, 2021, 5:13:27 AM10/29/21
to Loxone English
I just did a config update, then miniserver firmware update and windows defender went crazy. I'm not sure if this is falsely reporting as a trojan and is just loxone's required files. 

Anyone else?
1.JPG
2.JPG
3.JPG

David Wallis

unread,
Oct 29, 2021, 5:58:50 AM10/29/21
to RSinn, Loxone English
I would stay well away for the moment, and let Loxone confirm, recent supply chain attacks have seen a rise in this sort of thing so could be valid, especially when it’s a bms type device, I’m not saying it’s a stuxnet but… also see solarwinds recent issues.

On Fri, 29 Oct 2021 at 10:13, RSinn <richard....@gmail.com> wrote:
I just did a config update, then miniserver firmware update and windows defender went crazy. I'm not sure if this is falsely reporting as a trojan and is just loxone's required files. 

Anyone else?

--
You received this message because you are subscribed to the Google Groups "Loxone English" group.
To unsubscribe from this group and stop receiving emails from it, send an email to loxone-englis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/loxone-english/d2d711ee-e76c-4392-a086-d24bfb61b67bn%40googlegroups.com.

RSinn

unread,
Oct 29, 2021, 7:36:19 AM10/29/21
to Loxone English
ticket raised with loxone.

Clegger

unread,
Nov 9, 2021, 7:22:12 AM11/9/21
to Loxone English

Did you get a response from Loxone about this?

RSinn

unread,
Nov 10, 2021, 5:30:26 AM11/10/21
to Loxone English
Yes. They said it wasn't them having checked it on 2 computers. I'm still not convinced because it only happened on that install. when i saw it happening mid install i stopped it and pulled the network cable. tried it again the following day and the same thing happened. i guess i could have it on the network and its looking for BMS installs to occur??

Clegger

unread,
Nov 12, 2021, 5:39:48 AM11/12/21
to Loxone English
That's odd. I immediately ran a scan with Windows Defender after updating Loxone Config the other day and it found nothing. I also did some manual digging around for files of the type you attached in your screenshots and couldn't find anything.

I'm (genuinely) not sure why malware of this type would be looking for a BMS installation in particular, given that the malware looks like it's PC-based. 

Techdoctor

unread,
Nov 16, 2021, 5:58:05 PM11/16/21
to Loxone English
Could it be a false positive?

Techdoctor

unread,
Nov 16, 2021, 6:06:27 PM11/16/21
to Loxone English
Just did a google on false positives for Vigorf.A and there seems to be quite a few people reporting this as a false positive.
Reply all
Reply to author
Forward
0 new messages