完善资料让更多小伙伴认识你,还能领取20积分哦, 立即完善>
我们最近将校园中的防病毒软件包更改为更现代的防病毒软件,执行代码分析而不是使用病毒定义。
默认情况下,它会阻止它认为可疑的所有内容,我们必须明确列出白名单。 我们的一位教授有ISE 13.1而且AV已经获得了一个DLL,特别是C: Xilinx 13.1 ISE_DS PlanAhead lib win32.o librdi_constraints.dll 它为我们提供了标记此文件的原因列表。 基本上它检测到DLL能够执行恶意软件可能使用的某些行为。 这些是FPGA开发IDE中DLL的合理行为,但是我们必须执行尽职调查并验证该文件确实应该具备这些行为,并且我们系统上的文件的SHA256哈希与已知的好处相匹配 该文件的哈希值,以确保我们的文件没有受到损害。 是否有Xilinx在此主板上的存在,以便为我提供这些问题的答案,以便我可以让我们的IT部门将文件列入白名单? 以下是AV软件关于该文件的报告: C:赛灵思 13.1 ISE_DS 的PlanAhead LIB win32.o librdi_constraints.dll 此对象是具有非平凡(关键)入口点的DLL。 入口点在DLL中很常见,但恶意DLL可能会使用其入口点将自身置于进程中。 入口点是控制从操作系统进入程序的位置,此时程序被执行。 此对象导入用于收集有关当前操作系统的信息的函数。 恶意软件使用它来更好地定制进一步的攻击(利用操作系统漏洞利用)并将信息报告给控制器。 此对象导入可用于确定有关处理器(CPU)的详细信息的函数。 恶意软件使用此信息来定制攻击并将收集的数据发送到公共命令和控制(C& C)基础结构(exfiltrate数据)。 处理器信息的一个示例是CPU是否支持64位操作系统; 64位操作系统提供比32位版本更多的安全措施。 这个对象似乎在寻找常见的保护系统(如防病毒或反恶意软件程序)。 恶意软件执行此操作以启动针对安装在设备上的保护系统定制的防保护操作。 该对象导入的函数允许它像调试程序(调试器)一样工作。 调试器用于测试其他软件程序中的问题,包括停止正在测试的程序并改变其运行方式。 但是,这些相同的功能也可用于恶意目的,例如从系统上运行的其他进程读取敏感信息,或篡改软件(如软件破解工具以逃避版权保护)。 此对象导入可用于停止正在运行的进程的函数。 恶意软件使用此方法尝试删除保护系统,或者对正在运行的系统造成损害。 此对象包含一个被编译为隐身的OpenSSL版本。 OpenSSL是一个加密库,用于安全通信,通常用于Web服务器。 恶意软件将这样做包括crytopgraphy功能,而不会出现可疑。 以上来自于谷歌翻译 以下为原文 We recently changed our antivirus package on campus to a more modern type of antivirus that performs code analysis instead of using virus definitions. By default it will block everything that it thinks looks suspicious and we have to explicitly white list. One of our professors has ISE 13.1 and the AV has picked up on a DLL, specifically C:Xilinx13.1ISE_DSPlanAheadlibwin32.olibrdi_constraints.dll It gives us a list of reasons why it flagged this file. Basically it detected that the DLL is capable of certain behaviors that COULD be used by malware. These are reasonable behaviors for a DLL in an FPGA development IDE, but we have to perform due diligence and verify that this file indeed is supposed to be capable of those behaviors, and that the SHA256 hash of the file on our system matches a known good hash for that file to ensure that our file was not compromised. Is there a Xilinx presence on this board to give me the answers to those questions so that I can get our IT department to white list the file? Below is the report from the AV software about the file: C:Xilinx13.1ISE_DSPlanAheadlibwin32.olibrdi_constraints.dll This object is a DLL with a nontrivial (critical) entry point. Entry points are common among DLLs, but a malicious DLL may use its entry point to place itself inside a process. An entry point is where control goes from the operating system to the program, at which point the program is executed. This object imports functions that are used to gather information about the current operating system. Malware uses this to better tailor further attacks (to take advantage of OS exploits) and to report information back to a controller. This object imports functions that can be used to determine details about the processor (CPU). Malware uses this information to tailor attacks and send data collected to a common Command and Control (C&C) infrastructure (exfiltrate data). An example of processor information is whether or not the CPU supports 64-bit operating systems; 64-bit operating systems provide more security measures than 32-bit versions. This object seems to be looking for common protection systems (like anti-virus or anti-malware programs). Malware does this to initiate anti-protection actions tailored to the protection system installed on the device. This object imports functions that would allow it to act like a debugging program (debugger). A debugger is used to test other software for problems in the program, which include stopping the program being tested and changing the way it operates. However, these same functions can also to be used for malicious purposes, like reading sensitive information from other processes running on the system, or tampering with software (as in the case of a software cracking tool to evade copyright protection). This object imports functions that can be used to stop a running process. Malware uses this to attempt to remove protection systems, or to cause damage to a running system. This object contains a version of OpenSSL that is compiled to be stealthy. OpenSSL is a cryptographic library and is used for secure communication, typically with web servers. Malware will do this to include crytopgraphy functionality without appearing suspicious. |
|
相关推荐
1个回答
|
|
你好@ dquill78,
当时ISE 13.x我们报告了类似的东西,安装程序中的几个文件被报告为恶意软件。 当时我们与AV和其他防病毒提供商合作,将这些/这些文件放入安全列表中。 因此,由于ISE13.1是不再支持的旧版ISE,您可以尝试使用我们最新的ISE支持版本14.7,然后查看AV是否报告/检测到与恶意软件相同的文件? 亲切的问候,Anatoli Curran,Xilinx技术支持----------------------------------------- --------------------------------不要忘记回复,工作,并接受解决方案.---- -------------------------------------------------- ------------------- 以上来自于谷歌翻译 以下为原文 Hello @dquill78, Back then with ISE 13.x we had something similar reported where a couple files from the installer was being reported as Malware. Back then we worked with AV and other antivirus providers to get this/these files into the safe list. Therefore, since the ISE13.1 is an older version of ISE that is no longer suppported, can you please try using our latest ISE supported version 14.7 and then see if AV reports/detects the same file as Malware? Kind Regards, Anatoli Curran, Xilinx Technical Support ------------------------------------------------------------------------- Don’t forget to reply, kudo, and accept as solution. ------------------------------------------------------------------------- |
|
|
|
只有小组成员才能发言,加入小组>>
2420 浏览 7 评论
2823 浏览 4 评论
Spartan 3-AN时钟和VHDL让ISE合成时出现错误该怎么办?
2294 浏览 9 评论
3374 浏览 0 评论
如何在RTL或xilinx spartan fpga的约束文件中插入1.56ns延迟缓冲区?
2461 浏览 15 评论
有输入,但是LVDS_25的FPGA内部接收不到数据,为什么?
1157浏览 1评论
请问vc707的电源线是如何连接的,我这边可能出现了缺失元件的情况导致无法供电
584浏览 1评论
求一块XILINX开发板KC705,VC707,KC105和KCU1500
450浏览 1评论
2005浏览 0评论
729浏览 0评论
小黑屋| 手机版| Archiver| 电子发烧友 ( 湘ICP备2023018690号 )
GMT+8, 2024-12-23 03:29 , Processed in 1.192021 second(s), Total 77, Slave 60 queries .
Powered by 电子发烧友网
© 2015 bbs.elecfans.com
关注我们的微信
下载发烧友APP
电子发烧友观察
版权所有 © 湖南华秋数字科技有限公司
电子发烧友 (电路图) 湘公网安备 43011202000918 号 电信与信息服务业务经营许可证:合字B2-20210191 工商网监 湘ICP备2023018690号