SUMo : Keep your software up to date

Symantec FP Incident Response
Upon further analysis and investigation we have verified your submission and as such this detection for sumo.exe (MD5: 84CB6D88FF5ACAFE4425D978A38D84A9) will be removed from our products.

 

OK, i'll sign !

 

Thank you!!

 

The Incident Response took an extra day because Symantec wrote me that they needed a URL for download. I included URL for SUMo Summary page that has Download. They wanted the download page. This just shows who you're dealing with.
<< With regards to us communicating with the developer of the software, pardon us but we are not in a position to do such request as we currently do not have a process in place. However, we do advise options to avoid future detections of files:
1. Digitally sign binaries with Class-3 digital certificates (X.509) from a Certificate Authority.
2. Submit the software to Symantec’s white-listing program: https://submit.symantec.com/whitelist/

Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape.>>

 

ok, i'll go the the cheapest CA then

 

Hi Kylr,

Are you aware that sumo and dumo are reporting windows 10 components as available updates for windows 8.1?

 

Hi Kylr,
I checked the beta builds I'm familiar with that are always Norton clean n' green = Digest algorithm sha1 + Timestamp changes w build

 

Would you please tell me more ?

 

Hello kyle

Please see these images

Sumo:
https://i.imgur.com/DGzQpHA.png

Dumo:
https://i.imgur.com/w4mkU0n.png

For sumo i have windows components and beta updates enabled.

For dumo there are no settings, you can ignore nvidia and bluetooth, the other drivers are for windows 10 and will not install on windows 8.1

 

Weird !
I'll investigate

 

Should not occur refering to this : http://winsupersite.com/windows-10/microsoft-confirms-windows-10-will-also-be-version-10-internally

Do anyone has log of any KC Softwares product on a Wibndows 10 preview platform ?

 

Regarding SUMo and 12.0.9600.17415,
according to information in a TechNet thread, 12.0.9600.17415 seems to be Windows Media Player for Windows 8.1.
If SUMo detects wmplayer.exe 12.0.9600.17415 as an update for WFS.exe 6.3.9600.17415, that seems to be a SUMo error.

Regarding DUMo,
I haven't checked all mentioned drivers, but I did a web search for a few.
9.4.0.1025 is an actual Intel driver version.
And 9.18.13.5012 is an actual NVIDIA component, nvwgf2umx.dll, version: 9.18.13.5012.
So those do not seem to be errors.
As I said, I haven't checked all other mentioned drivers. I don't use DUMo, and this isn't the DUMo thread, of course.
You might do web searches for the other mentioned driver updates, to see whether or not those mentioned updates are correct, or errors. The first couple mentioned driver update suggestions do not seem to be errors.

 

Thanks !

 

I'm sorry i reported from the wrong computer!

The only mistake in those screenshots is that dumo reports and update for the ELAN input device.
This update doesnt actually work for my device. afaik the second number eg, xx.14.x.x, designates which device the driver was made for.

i will report further problems with dumo in the dumo thread!

A different problem with sumo this time: https://i.imgur.com/e1MRxqf.png
I have version 2.3.0.0 and the beta updates option shows 2.22.0.0 as an available update. in fact this beta version is older, you have to image the current version as 2.30.0.0, but the 0 isnt shown.

There is actually a newer build available: http://blog.codesector.com/2015/04/22/teracopy-3-alpha-3/

thanks for all your help.

 

I'll check, thanks !

 

Hello Kyle i found some more issues with Sumo, see this screenshot:
https://i.imgur.com/jfxTRod.png

1. The Adobe flash player updates mentioned really do exist, however you cannot install them on a fully updated windows 8.1. The installer tells me that updates to the flash player are provided by microsoft through windows update.
2. The Nvidia geforce version mentioned is not available for my system, i have beta versions enabled in the updater settings. I can only find it in a full driver installer that refuses to run on my system running a geforce 8400M GS.
3. Teracopy i already mentioned before.
4. Winrar seems new, i dont see any newer beta's, i guess winrar is known for using a wierd numbering scheme, in any case i have the latest version installed already.

Thanks again for your great tool.

nvidia hardware id's:
PCI\VEN_10DE&DEV_0427&SUBSYS_30CC103C&REV_A1
PCI\VEN_10DE&DEV_0427&SUBSYS_30CC103C
PCI\VEN_10DE&DEV_0427&CC_030000
PCI\VEN_10DE&DEV_0427&CC_0300

 

On one of my other systems i ran into this problem.
Hopefully someone can help me.

This is with allow microsoft and beta updated disabled:
https://i.imgur.com/JbHOr1l.png

In the image you will see an update available for internet explorer.
This update seems to really exist but i am not getting it over windows update.. any ideas?


-----

On this computer an update for sumo was available, after i downloaded it https://chrome.google.com/webstore/detail/secure-downloader/njbcfghpoodhahbegndmbojmgkibhiol reported the file as suspicious:

https://i.imgur.com/d2APPNP.png

As you can see Dr.Web considers the sumo installer suspicious

 

Regarding those Flash Player versions 18.0.0.114, those are beta.
Probably, that version will be offered tomorrow, automatically.

Regarding NVIDIA GeForce Experience, that is not the NVIDIA driver, but a help program, that can be installed with the driver installer, or separately. Version 2.4.3.22 is the current NVIDIA GeForce Experience version.
SUMo suggesting 17.12.8.0 must be a SUMo error.

I don't know why your IE11 doesn't update to the current version 11.0.9600.17728.
Is "Install new versions automatically" checked for IE11?
IE11 settings (Alt+X), About Internet Explorer, check: Install new versions automatically.

That's the trouble with those multiple scanning tools like Secure Downloader, that utilize more than 40 Antivirus engines. There's always a chance of one of the engines giving a false positive. This time it's Dr.Web that gives a false positive.
I would say, just ignore that Dr.Web false positive.

 

Thanks for your reply.

I misunderstood some of the options in sumo resulting in an invalid list.

About Dr.Web: i agree that its ignorable, but maybe Kyle would want to report it to Dr.Web and work on no longer getting it flagged.

In any case i am reinstalling and correctly using sumo now, if any problems remain i will report them.

 

Thank you !!

 

I found a serious bug in sumo.

Every time I build a new list of programs in sumo it will build a different list from the same set of executables executables.

If I edit the list in any way the list changes again in unpredictable ways

 

Here is my update report of issues i am running into with Sumo.
This report is made after running Windows update and trying to update any reported file manually.
My OS is Windows 8.1 Pro x64
This system is: Dell 1525

Sumo 3.13.7.261 all files wiped in the appdata folder before starting
Added all of C:/
Options enabled: Allow Microsoft products, in-Depth (slower)
Part1:
https://i.imgur.com/io9OW35.png

• 360boxdl64.exe: This is a false positive due to Qihoo360 naming schemes. My file is from Qihoo Total Security. where 2.0.0.1031 is the current version. The update mentioned is actually for 360 internet security, however this is an outdated version as this product is currently at 6.0.0.2016 and has been renamed to 360 total security essential (http://www.360totalsecurity.com/en/features/360-total-security-essential/)
• 360SPTool.exe: This is a false positive due to Qihoo360 naming schemes. My file is from Qihoo Total Security. where 2.0.0.1031 is the current version. The update mentioned is actually for 360 internet security, however this is an outdated version as this product is currently at 6.0.0.2016 and has been renamed to 360 total security essential (http://www.360totalsecurity.com/en/features/360-total-security-essential/)
• Uninstall.exe: This is probably the same issue with the other Qihoo360 updates, besides this is an uninstaller and should probably be ignored
• MsMpEng.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• cnmvs.exe: This file is not being updated ny Windows Update, Canon does not provide downloadable drivers for my printer. I suspect this file may be for a different device while sharing the .exe name?
• cwf_installer_6106_53.exe: This is an installer and should be filtered out.
• nacl64.exe: it seems Google keeps around old versions for some reason, not sure what to do about that
• ieinstal.exe: This file is not being updated by Windows Update, IE11 reports being up to date https://imgur.com/i00gppH
• iediagcmd.exe: This file is not being updated by Windows Update, IE11 reports being up to date https://imgur.com/i00gppH
• ieinstal.exe(64 bits): This file is not being updated by Windows Update, IE11 reports being up to date https://imgur.com/i00gppH
• ie4unit.exe: This file is not being updated by Windows Update, IE11 reports being up to date https://imgur.com/i00gppH
• EQNEDT32.exe: This seems to be shipped with microsoft office. Windows Update says no updates are available
• ODeploy.exe: This file is not being updated by Windows Update, Office itself reports being version 15.0.4711.1000
• SmartTagInstall.exe: This file is not being updated by Windows Update, Office itself reports being version 15.0.4711.1000
• cvtres.exe(2x): The update suggestes belongs to .NET4.0 and/or VS12 and as such is a false-positive.
• wmpshare.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• TsWpfWrp.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• instnm.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• wabmig.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.

Part2:
https://i.imgur.com/2HjyuFX.png

• wmpshare.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• AuditShD.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• WMIADAP.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• Narrator.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• credit.exe: I will report the availability of this update to the Developers of this application
• sapisvr.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• SteamSetup.exe: This is an installer and should be ignored
• sp59154.exe: This is an installer and should be filtered out.
• sp59620.exe: This is an installer and should be filtered out.
• MpUXSrv.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• cmd.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• wab.exe(2x): This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• control.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• journal.exe(2x): This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• winmail.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• wmplayer.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• wmpconfig.exe(2x): This file is not being updated by Windows Update. I believe the update is for Windows 10 only.
• powershell.exe: This file is not being updated by Windows Update. I believe the update is for Windows 10 only.

Sumo 3.13.7.261 all files wiped in the appdata folder before starting
Added all of C:/
Options enabled: Allow Microsoft product, Allow Beta versions, in-Depth (slower)
https://i.imgur.com/Xkuonpt.png

• FlashUtil_ActiveX.dll(2x): It's not possible to install this on windows8.1
• nacl64.exe(2x): again google keeping around old versions, but what i find strange is that the beta update is only shown for this file and not for chrome.exe
• AuditShD.exe: This beta version seems to be even newer than the one in the non beta section, but i still think both are for windows 10
• WMIADAP.exe: This beta version seems to be even newer than the one in the non beta section, but i still think both are for windows 10
• credit.exe: This is wierd, why is the beta version shown here a lower version number than the non beta update?
• SteamSetup.exe: This is an installer and should be ignored

While adding the files i got a list of applications that where not added to sumo. I was wondering why the following are ignored.

• C:\Program Files (x86)\360\Total Security\360ShellPro.exe | Rejected by name filter ( / / 9.0.0.1031 ): I don't understand why this one is rejected
• C:\Program Files (x86)\Conquer Online 2.0\TimeDelay.exe | Rejected by name filter ( / / 1.0.0.1 ): I don't understand why this one is rejected
• C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe | Installer / Uninstaller (Google Crash Handler / Google Inc. / 1.3.26.9 ): Afaik this is not an installer/uninstaller but a standalone program for chrome to handle crashes
• C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe | Installer / Uninstaller (Google Crash Handler (64 bits) / Google Inc. / 1.3.26.9 ): Afaik this is not an installer/uninstaller but a standalone program for chrome to handle crashes

I noticed Sumo is behaving differently than i expected so i would to put a feature request here:

• Can you add an option to ignore/delete a single binary file.

 

Hi tetsuo55,

I tried to assist with some of the results from your previous reports, but your recent report is just too much for me to analyze.
Of course you're free to set SUMo to allow Microsoft products (although "not recommended"), and allow beta versions, and allow driver scan, and choose in-depth scan, and add all of C:/, but I suppose that way SUMo will come up with quite some errors. That's because I think most users don't use those extended settings, so the errors that are generated with those settings hardly ever get reported and consequently hardly ever get corrected.
It is fine (or great, even) that you are reporting all that stuff, but for me it's just too much to help with.
I mostly keep to SUMo's default check, with a few portable exe's added that are not in default locations, and with driver scan disabled. For me, that keeps SUMo manageable.
As I said, it's just too much for me to help you with you extended use of SUMo. And I'm afraid it'll be quite the job for Kyle ...
Good luck!

[edit: typo corrected]

 

Hi stupendous man,

I was using the default settings at first but sumo is acting so strange that I decided to use extra options to weed out all the issues I could find.

Let's hope kyle has enough information to fix the issues. If not I will gladly run any debug builds or whatever is needed to get to the bottom of this.

 

SUMo - 3.13.8 (Released 2015-05-15)
===================================

http://www.kcsoftwares.com