I received an alert from my desktop virus/malware scanner that an executable within Storyline 360 was flagged and is being blocked.
It happened when publishing a course and said "Malicious Behavior. Ransomware blocked in C:\Program Files (x86)\Articulate\360\Storyline\pngcrush.exe".
Screen image attached.
Has this happened to anyone else? Anyone know what affect this might have on publishing?
Thanks Russell for reaching out here and sharing your case #! I see that Eloisa shared some steps with your about our network endpoints and ports that should be enabled, and the steps to uninstall and reinstall the Articulate 360 software. Let us know if your admin or IT team are able to assist with that and if it resolves that error message for you!
Is there any documentation on this that could be shared with my IT department to help ease any concerns and maybe help them go towards whitelisting this or removing it from the scan? I currently have an IT swat team arrive at my desk within minutes after I have published any content which causes me to lose access to my system for 30 minutes or so while they are investigating the warning.
If you're still running into issues with Articulate 360 and accessing the resources or features let me know. It may be best to work with our Support Engineers through some next steps.
I experienced the same Sophos issue last week. We whitelisted the file, but published courses resulted in only the Storyline player and a black slide with a spinner in the center when using Google Chrome to view the story_html5.html file. IE and FF were fine - but we have to support all browsers with our published courses.
Installed a new hard drive (unrelated issue), and the issue went away for a few days - but now it's back. I believe Sophos somehow is modifying the registry. I have a ticket open with our IT department. Running SL3.
...and to add to the mix, I published the course anyway to see how it would behave on the LMS - and now it plays fine in Chrome using our LMS, but is completely blank in IE.
I think I just need a sandy beach and a fruity drink with an umbrella in it.
🍹🏝 <-- not the real thing, but the best I can do Cheryl.
If you're publishing for Web you'd see the story_html5.html file, but publishing for LMS you'd want to point to the index.html file. So you'll want to make sure you're using the right publish setting for the environment where you'll upload it. Also, check what version of each browser you're using and if there are any pending updates.
Thanks! I published it the same way I always do. I'm not on the LMS team, so they do their thing, and I do mine. I tell them where the folder is, and they grab it and load it.
I just use story_html5.html to run through the course after publishing to make sure everything's functioning before I hand it over to the LMS team.
Browsers are all up-to-date.
Here's the latest on some troubleshooting I've done:
The course misbehaves in Chrome when I use story_html5.html, but works fine in FF and IE.
The course behaves perfectly in Chrome and FF via the LMS, but is totally blank in IE.
I performed the same test on a few courses published before this Sophos nightmare began, and they are all fine using story_html5.html AND the LMS in all 3 browsers.
I don't know a ton about Sophos (or really anything at all!) but I always recommend publishing for LMS, and pointing to that index.html file. Also, even if you've published for web and included the HTML5 only output you can point to the story.html file as that will default to HTML5 as well.
When you're testing the story_html5.html are you doing that using the published files on your local drive? Chrome has a number of security restrictions in place with playing back content - so you may also be running into that. We've also seen blank content in IE11 when an LMS forces it into compatibility mode - that'd be something to ask your LMS team about!
Oh, wow - thanks for the info! I will ask the LMS team about compatibility mode.
I just tried (from my hard drive) both index_lms.html and story.html, and I still get just the player border with a blank black 'slide' and the spinner in the center (it should also be showing the menu area, but isn't). That was with Chrome.
In IE, the index_lms.html file gives all sorts of nasty messages and popups, but eventually shows the player with the menu populated, but a blank (black) slide.
Maybe I'm just using the wrong file to preview the published content? Should I always use story.html? I'm unable to locate a file named "index.html".
You're right - it's the index_lms.html (not index.html)! There's a lot of files in there and I confused them, sorry about that.
Can you try uploading your content to another environment besides your LMS? If you've published for LMS look at using SCORM Cloud. Testing the published output locally can always cause these odd behaviors with local and browser security restrictions at play.
I updated to SL3.3 this morning, and as of right now - my issues have all been resolved. This was a known bug in SL3.2 (per the published list of fixes).
19 Replies
pngcrush is a third-party (open source) plugin used by Storyline in order to optimize (i.e. compress) your PNG image files during publish.
Pay no attention to that alert from your antivirus. This is a false positive.
Hope it helps,
Alex
Thanks for the reply. My concern is about it being blocked though and if that will corrupt my publishing of courses.
thanks
I'm not familiar with Sophos, but I'm sure there is some kind of "Exclude from scan" option in the app somewhere.
Oh it does. But naturally, I do not have the admin rights to do that.
:(
Thanks Russell for reaching out here and sharing your case #! I see that Eloisa shared some steps with your about our network endpoints and ports that should be enabled, and the steps to uninstall and reinstall the Articulate 360 software. Let us know if your admin or IT team are able to assist with that and if it resolves that error message for you!
Is there any documentation on this that could be shared with my IT department to help ease any concerns and maybe help them go towards whitelisting this or removing it from the scan? I currently have an IT swat team arrive at my desk within minutes after I have published any content which causes me to lose access to my system for 30 minutes or so while they are investigating the warning.
Hi Gary,
We have our list of networks and endpoints that should be allowed here. Would that work in addition to my confirmation in this forum discussion?
If it helps, my IT department reviewed it, ok'd it and added an exception to allow it.
I had the same issue with BitDefender Total Security (PR PRO's top IS package) on Windows 10. It blocked pngcrush.exe and also jpegtran.exe.
Hi John,
If you're still running into issues with Articulate 360 and accessing the resources or features let me know. It may be best to work with our Support Engineers through some next steps.
I experienced the same Sophos issue last week. We whitelisted the file, but published courses resulted in only the Storyline player and a black slide with a spinner in the center when using Google Chrome to view the story_html5.html file. IE and FF were fine - but we have to support all browsers with our published courses.
Installed a new hard drive (unrelated issue), and the issue went away for a few days - but now it's back. I believe Sophos somehow is modifying the registry. I have a ticket open with our IT department. Running SL3.
...and to add to the mix, I published the course anyway to see how it would behave on the LMS - and now it plays fine in Chrome using our LMS, but is completely blank in IE.
I think I just need a sandy beach and a fruity drink with an umbrella in it.
🍹🏝 <-- not the real thing, but the best I can do Cheryl.
If you're publishing for Web you'd see the story_html5.html file, but publishing for LMS you'd want to point to the index.html file. So you'll want to make sure you're using the right publish setting for the environment where you'll upload it. Also, check what version of each browser you're using and if there are any pending updates.
Let us know if you need anything else!
Thanks! I published it the same way I always do. I'm not on the LMS team, so they do their thing, and I do mine. I tell them where the folder is, and they grab it and load it.
I just use story_html5.html to run through the course after publishing to make sure everything's functioning before I hand it over to the LMS team.
Browsers are all up-to-date.
Here's the latest on some troubleshooting I've done:
The course misbehaves in Chrome when I use story_html5.html, but works fine in FF and IE.
The course behaves perfectly in Chrome and FF via the LMS, but is totally blank in IE.
I performed the same test on a few courses published before this Sophos nightmare began, and they are all fine using story_html5.html AND the LMS in all 3 browsers.
Thanks for the cocktail, I need it! :)
I don't know a ton about Sophos (or really anything at all!) but I always recommend publishing for LMS, and pointing to that index.html file. Also, even if you've published for web and included the HTML5 only output you can point to the story.html file as that will default to HTML5 as well.
When you're testing the story_html5.html are you doing that using the published files on your local drive? Chrome has a number of security restrictions in place with playing back content - so you may also be running into that. We've also seen blank content in IE11 when an LMS forces it into compatibility mode - that'd be something to ask your LMS team about!
Oh, wow - thanks for the info! I will ask the LMS team about compatibility mode.
I just tried (from my hard drive) both index_lms.html and story.html, and I still get just the player border with a blank black 'slide' and the spinner in the center (it should also be showing the menu area, but isn't). That was with Chrome.
In IE, the index_lms.html file gives all sorts of nasty messages and popups, but eventually shows the player with the menu populated, but a blank (black) slide.
Maybe I'm just using the wrong file to preview the published content? Should I always use story.html? I'm unable to locate a file named "index.html".
You're right - it's the index_lms.html (not index.html)! There's a lot of files in there and I confused them, sorry about that.
Can you try uploading your content to another environment besides your LMS? If you've published for LMS look at using SCORM Cloud. Testing the published output locally can always cause these odd behaviors with local and browser security restrictions at play.
I updated to SL3.3 this morning, and as of right now - my issues have all been resolved. This was a known bug in SL3.2 (per the published list of fixes).
Whoop-Whoop!
So happy to hear this Cheryl - and let us know if you need anything else! In case anyone else needs it, the Storyline 3 Version history is here.
This discussion is closed. You can start a new discussion or contact Articulate Support.