#677 closed enhancement (fixed)

[OSGeo4W-NG installer] Panda Adaptive Defense 360 block .dlls and .exe

Reported by: jonnyforest Owned by: osgeo4w-dev@…
Priority: minor Component: Installer
Version: Keywords:
Cc:

Description

Hi, I tested the new OSGeo4W network installer and during the installation and after installation the Panda Adaptive Defense 360 block all .dlls and .exe of qgis, saga.

I try to install using cmd with osgeo4W -b to use the option Disable known or suspected buggy anti-virus and the result is the same.

I reported it as a false positive to support atpandasecurity.com to see what they will answer. The only workaround so far is to put recursively the folder in the whitelist but my IT department doesn't allow it.

Cheers

Attachments (2)

fullreport_antivirus.txt (14.1 KB) - added by jonnyforest 10 months ago.
Description of blocking Panda anti-virus
message.png (14.2 KB) - added by jonnyforest 10 months ago.
popup

Download all attachments as: .zip

Change History (9)

Changed 10 months ago by jonnyforest

Attachment: fullreport_antivirus.txt added

Description of blocking Panda anti-virus

comment:1 Changed 10 months ago by jef

The log doesn't tell us anything about why panda is blocking.

Changed 10 months ago by jonnyforest

Attachment: message.png added

popup

comment:2 Changed 10 months ago by jonnyforest

Hi Jef, I notice that now, sorry. The only additional info that I have is this popup (see attach).

So if I try to run any .exe QGIS, SAGA or GRASS or even the Python from OSGeo shell, Panda block the .ddl dependencies or the .exe itself.

Last edited 10 months ago by jonnyforest (previous) (diff)

comment:3 Changed 10 months ago by jef

Um, that message suggests that pandas blocks everything that it doesn't know…

comment:4 Changed 10 months ago by jonnyforest

The easy way is to put all folder recursively in the whitelist Panda directories but it's against the IT policies.

My hope, for now, is the Panda support grab the information and put in their whitelist databases.

I send an email explaining the project, the type of installers and point them to the link of Github project.

So I did a quick search and a Windows forum suggest the following: https://social.msdn.microsoft.com/Forums/Windows/en-US/79870753-035e-438e-ad58-21aa9fa55088/how-to-preventavoid-my-application-from-anti-virus-software-without-giving-an-exception?forum=windowssecurity

I have been working with security for some years now, and none of my applications have been blocked by Kaspersky AV (either the others). In order, to prevent this blocking, you should open Visual Studio® and open your project, then from Project menu select “Properties” and you will come to the properties page.

Now click “Security” tab and check the “Enable Click Once Security Settings” also provide information inside the assembly info dialog.

If the AVs keep on blocking your application now, then navigate to their application list and modify the AV settings for your application.

Also what you can do is, to make a code that checks AV and then adds it’s self to the application trusted list.

Does this make sense?

comment:5 Changed 10 months ago by jonnyforest

Jef, the Panda support open an issue and they will check the installation folder, I hope this can be a good thing to whitelisting QGIS in the Panda Security databases.

Meanwhile, I found this contact list from anti-virus providers that can be useful:

https://github.com/yaronelh/False-Positive-Center

comment:6 Changed 10 months ago by jonnyforest

So after a painful check for each file and send it to Panda Labs step by step they are validating the .dll and .exe files. Is very frustrating how they validate the files, it's necessary to run multiple times de QGIS, for they receive in their panel and validate de files and give a hash for each file.

I suspect they have blocked the files because the files have a publisher as None.

Jef, I think you can close this issue because isn't the OSGeo4W fault, the only thing I have afraid of is users that have this kind of anti-virus and then blame the software.

Cheers

comment:7 Changed 10 months ago by jef

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.