Has anyone else encountered problems with msys programs?

Hönö
Hönö Posts: 68 Active Engager
edited April 9 in Device Protection

After the latest upgrade to F-Secure, I have had a probelm with programs I install with Cygwin or Scoop. The programs work fine and F-Secure doesn't care as long as they do not stumble on some error or another. Typically it is user error, such as wrong input. Every time such a program fails, F-Secure attempts to quarantee them program, and sometimes it succeeds in doing that. It is really annoying to have to pluck the program back fron quarantine just because I mis-typed something or some such.

Tagged:
Like Awesome

Answers

  • Ville
    Ville Posts: 768 F-Secure Product Expert

    Can you provide the exact program to install and exact command-line to make this happen so that we can reproduce the issue?

    Ville

    F-Secure R&D, Desktop products

    1Like Awesome
  • Hönö
    Hönö Posts: 68 Active Engager

    With Cygwin, F-Secure tries to quarantine minttty whenever a command that I run in the mintty window fails. However, when you install Cygwin, you get loads of ordinary unix commands to run, so the problem is easier reproduce with Scoop, because Scoop just installs individual programs.

    The last time it happened when I was trying to diff two directories, one on my hard drive and the other ono a USB stick. First I gave the other path the wrong way and kdiff3 said it cannot compare a directory and a file. I corrected the path but there was some other error on the way and after a few mistakes, F-Secure put kdiff3 in quarantine. Except when I open the settings, it says it quarantined mintty, which still works fine; I just don't have kdiff3 available anymore. To restore it back, I have to uninstall and install it again with Scoop.

    I don't know exactly what went wrong with kdiff3 other than the initial wrong path, because I didn't get a proper error message from it when F-Secure quarantined it. So it is difficult for me to give the exact steps.

    One other command it happened with is (mikefarah) yq, also installed with Scoop. I had a syntaxt error or some such in my script file, and yq failed and F-Secure quarantined mintty, except it didn't; it worked fine despite being listed as quarantined. But at that time, also yq didn't stop working despite the messaging from F-Secure. So far only kdiff3 has vanished. But this is early days yet. I am sure it will happen over and over again.

    Apparently I have to try and use commands provided by Cygwin instead of Scoop stuff until this is resolved.

    1Like Awesome
  • Ville
    Ville Posts: 768 F-Secure Product Expert

    I tried to reproduce the issue with mintty and yq, but I could not get our app to react to anything.

    Ville

    F-Secure R&D, Desktop products

    1Like Awesome
  • Hönö
    Hönö Posts: 68 Active Engager

    This happens on Windows 10 (yes, I know, I will have to upgrade very soon). I was running all of the commands in cygwin mintty & bash. Now that I tried in the mintty that comes with Scoop, kdiff3 does not trigger anything in F-Secure, but for some reason, the kdiff3 windows (three of them) are all blank, so I cannot see anything. In cmd kdiff3 is not in the path, so right now, I can run it only with cygwin mintty. There have been no updates to my Windows recently, so the recent big F-Secure upgrade is the only change I can pin this on. (The files I am diffing are all text files I wrote myself, which of course is irrelevant.)

    1Like Awesome
  • PineappleYoyo
    PineappleYoyo Posts: 3 Observer

    Hi Ville, thanks for looking into this matter.

    I've got the same problem using Cygwin. The problem can be reliably triggered by invoking the find utility (no arguments required). Doing so, F-Secure kills mintty (the Cygwin shell) and attempts to quarantine both mintty.exe and find.exe.

    This started with F-Secure 25.2 BTW; up to and including 19.8, everything was fine.

    Would be great if this could be fixed; I rely on Cygwin a fair bit, and this is interfering with my work flows. At the same time, for understandable reasons I don't want to disable F-Secure just to be able to do my work. Thanks!

    1Like Awesome
  • Firmy
    Firmy Posts: 2,133 Community Manager

    Hello @Hönö @PineappleYoyo

    Thank you for your question and comments.

    You can submit the file to our labs for further investigation. Please refer to this article for guidance: How can I submit samples to F-Secure?
    In the meantime, you may exclude the file from scanning as outlined here: Excluding files or folders from scanning

    If you need any further assistance, please don't hesitate to let us know.

    Thank you, and have a wonderful day.

    Firmy
    Community Manager | F-Secure Community
    🔐 Strengthening digital security through knowledge and collaboration
    🌐 Explore our User Guides | Knowledge Base for self-help resources
    💻 Empower yourself with Cybersecurity Insights and protect what matters

    Like Awesome
  • PineappleYoyo
    PineappleYoyo Posts: 3 Observer

    @Firmy, thanks for the tips. I've submitted samples for both and am looking forward to updated definitions that'll fix these false positives.

    1Like Awesome
  • PineappleYoyo
    PineappleYoyo Posts: 3 Observer

    For the benefit of anyone who might be reading this thread later on, as far as I can tell the issue has been resolved. If you use Cygwin you may want to use "cygcheck -c" in a Cygwin shell to check if there are any packages left in a damaged state; if there are, reinstall those.

    Thanks to everyone at F-Secure for resolving this matter quickly!

    1Like Awesome
  • jamesalexander
    jamesalexander Posts: 9 New Member

    Yeah, that’s annoying. Try whitelisting the programs in F-Secure. Hopefully, they fix it soon.

    Like Awesome

Categories