All systems are online

The SelfGuide Recorder is classified as malware when downloaded or started, which has happened to some editors. Depending on the anti-virus configuration, the recorder works properly or the recorder cannot be used at all.

‍

Behavior seen: When downloading or starting the SelfGuide Recorder, an anti-virus warning is issued

Workaround: N/A

Expected resolution time: N/A

Updates:

• 15/05/2023: To date, we have received no information that the SelfGuide Recorder is considered a malware based on the new version. Customers who have the false positive malware flag will not receive it back when using the new version. Based on these experiences and information, we consider the incident resolved.
  ‍
• 04/05/2023: A new release of the SelfGuide Recorder is available on the download page. The new version includes several changes, with the positive result that all tests carried out no longer show a false positive malware flag.
  ‍
• 20/04/2023: Unfortunately, there are still anti-virus vendors that classify the SelfGuide Recorder as malware, so that the incident still has an impact. The SelfGuide Recorder is currently being modified to reduce this impact. As soon as a new release is available, this will be announced. In the meantime, the workarounds can be applied.
  ‍
• 13/04/2023: Last week, we have received no reports from customers that the SelfGuide Recorder is considered a malware. We will keep this incident open for information and will update the status by the end of next week.
  ‍
• 06/04/2023: Several anti-virus vendors have confirmed that this is a false positive detection and adapted their own anti-virus definition database accordingly. It takes time for these adjustments to take effect. We will continue to monitor the situation and take action where necessary.
  ‍
• 04/04/2023: To date, the suspicion that the malware flag is a false positive remains, all research points in this direction and reinforces this suspicion. More details about work in progress below:
  ‍
  - Minimize impact: two options are available for this. The first is using the SelfGuide Recorder without Update Step functionality. This release does not include the file that causes the malware flag. The second option involves whitelisting the file that is flagged as malware. For more information about the whitelisting, please contact support.
  ‍
  - Short-term improvements: we are actively working to investigate the malware flag and improve the file reputation among anti-virus vendors
  
  - Long-term improvements: we are investigating which structural improvements we can make to reduce the burden of this type of situation in the future.
  ‍
• 31/03/2023: Analysis so far has not resulted in any suspicious situations, so it seems to be a false positive. At the moment, there is a lot to do about the supply chain attack at 3CX. The 3CX application that was infected uses the same framework (Electron) as the SelfGuide Recorder. This is very likely to result in the SelfGuide Recorder being classified as malware in some cases.

A vulnerability was recently discovered in the WebP library developed by Google. SelfGuide uses this WebP standard for the images used in Instructions. In addition, editors have the option to use WebP images in a User Guide.

Impact:

Even though the vulnerability itself has a high impact, the impact is small in relation to SelfGuide. Two reasons for this:

• The WebP images in the instruction are created by the SelfGuide Recorder, these images are not malformed and therefore do not pose a risk.
• In a User Guide, an editor can use a malformed WebP image, causing users who read the User Guide to be affected by the vulnerability. The telemetry data provides insight that in practice, relatively few WebP images are used and more people opt for PNG, for example.

Measures:

• The SelfGuide Recorder uses packages and frameworks that use an outdated version of the WebP library. Where necessary, updates have been made to rule out the vulnerability. A new version of the SelfGuide Recorder is available on the download page.
• Starting with release 125 of SelfGuide, rolling out in the first week of October, editors are warned if an outdated version of the SelfGuide Recorder is being used and asking them to update the software.

Remarks:

• If an editor chooses to ignore the warning and continue to use an old SelfGuide Recorder, the vulnerability remains.
• The browser handles displaying the WebP images outside the SelfGuide Recorder. Therefore, the advice is to update the browser to rule out the vulnerability.

When saving a user guide, the images from the chapters are unintentionally deleted.

‍

Behavior seen: After saving a user guide with images, they are no longer visible to the end user. When the user guide is opened in edit mode, you can still see that an image has been added to the chapter, but the image itself is no longer visible. From now on, any changes to the user guide will go wrong as soon as the Save button is pressed.

Workaround: N/A

Expected resolution time: N/A

An AWI for which TOPdesk KB synchronization is enabled does not lead to a new KB item in TOPdesk. The bug fix is ready and will be included by TOPdesk in the upcoming patch round.

‍

Behavior seen: The synchronization for TOPdesk KB can be enabled on an AWI, this change is successfully stored in the PP but no result is visible in TOPdesk. The cause is a bug in the TOPdesk KB API, so creating new KB items is not possible. The synchronization preference for the AWI is stored in the PP and once the bug has been fixed, the KB items will still be created by the PP.

Workaround: N/A

Expected resolution time: N/A