sketchucation logo sketchucation
    • Login
    1. Home
    2. stephennutt
    🤑 SketchPlus 1.3 | 44 Tools for $15 until June 20th Buy Now
    S
    Offline
    • Profile
    • Following 0
    • Followers 0
    • Topics 1
    • Posts 3
    • Groups 2

    stephennutt

    @stephennutt

    Newcomers
    0
    Reputation
    1
    Profile views
    3
    Posts
    0
    Followers
    0
    Following
    Joined
    Last Online
    stephennutt Unfollow Follow
    Newcomers registered-users

    Latest posts made by stephennutt

    • RE: Upgrading Fredo6 Library caused Sketchup to be Quarantined by Sentinel One

      I don't know. That's all i could get from them. I can't risk trying to install again to see if it would happen again. VERY STRANGE!!!!!

      posted in Extensions & Applications Discussions
      S
      stephennutt
    • RE: Upgrading Fredo6 Library caused Sketchup to be Quarantined by Sentinel One

      According to Sentinel One, there was actually malicious code in it that tried to do damage. This is from the follow-up email I.T. sent me that includes Sentinel One logs:

      "Now that we have the logs from Sentinel we know that the library program used Fredo to deposit a payload through SketchUp onto your computer. That part is not abnormal - that is exactly how most programs are able to install themselves. Once the library passed the file through to your computer, the program ran itself and we now know that the file was a multifacited attack that was a combination of ransomware, credential scraping, and an trigger mechanism that was designed to evade detection. Part of the log file is below showing what Sentinel One was seeing.

      MITRE : Execution
      MITRE : Impact [DATA DESTRUCTION][DATA ENCRYPTED FOR IMPACT]
      File operations indicate ransomware
      MITRE : Impact [DATA DESTRUCTION][DATA ENCRYPTED FOR IMPACT]
      File operations indicate ransomware
      MITRE : Impact [DATA DESTRUCTION][DATA ENCRYPTED FOR IMPACT]
      Infostealer

      Microsoft Edge's private memory was accessed
      MITRE : Credential Access [CREDENTIALS FROM WEB BROWSERS]
      Malware

      Detected suspicious redirection of data to a pipe from an interpreter with a hidden window detected
      MITRE : Defense Evasion [HIDDEN WINDOW]
      General

      Detects the registration of a vectored exception handler
      Process started from shortcut file
      MITRE : Execution [USER EXECUTION]
      Evasion

      Process executed with non-standard resource type
      MITRE : Command and Control [DATA ENCODING]
      MITRE : Defense Evasion [OBFUSCATED FILES OR INFORMATION][ENVIRONMENTAL KEYING]

      EDIT: I was trying to upgrade both LibFredo6 and FredoSketch at the time so not sure which one I was updating for sure. I believe 85%/15% that it was LibFredo6.

      posted in Extensions & Applications Discussions
      S
      stephennutt
    • Upgrading Fredo6 Library caused Sketchup to be Quarantined by Sentinel One

      I am a long-time fan and user of all of Fredo's tools. Unfortunately, I was upgrading LibFredo to latest version on Thursday and it caused Sentinel One on my work computer to quarantine Sketchup rendering it useless until our I.T. department could reinstall. However, they would not allow reinstall of LibFredo or FredoSketch which were the 2 things I was updating at the time. Without LibFredo, the other Fredo Tools that I have, including ones with paid license, are useless with out LibFredo. Our I.T. vendor told our liaison that "Based on extended looks at those, they more than likely have malicious code in them that we are not willing to risk introducing onto your computer and/or the ****** network".

      Has anyone else ever had any issues similar to this? Obviously, Fredo Tools are a great addition to Sketchup that I can survive without but would rather not.

      posted in Extensions & Applications Discussions
      S
      stephennutt