DeepGuard causes application to crash

We are developing an application as part of our bachelor thesis.  This application connects to the internet, but DeepGuard causes an exception to occur when the application tries to create a socket.  This exception causes  the application to crash.


The F-secure client is a 2011 version with the latest updates, but we're guessing it will have the same problem on the other F-Secure clients also. 

The application is supposed to be deployed to users so we need it to work without having it crash each time it starts.

 

How can this problem be mitigated?

 

The application is for Windows OS, developed using C++ and standard windows libraries.

Answers

  • JaniashviliJaniashvili Posts: 469
    By "a F-Secure client is a 2011 version" you mean F-Secure Anti-Virus or Internet Security 2011 or F-Secure Client Security(so called "business solution")?
  • F-Secure 2011 Anti-Virus

  • VilleVille Posts: 477

    Hi,

     

    What DeepGuard does, is that it might block the connect attempt for a while, until it decides whether to allow it to pass. This is where some applications crash. They are not prepared for the connect to block that long. Another thing is that it might prevent the connect from succeeding. You must also handle this in your application properly. I find it very unlikely that DeepGuard would directly cause the crash - most likely it modifies the system behaviour enough so that your application can't handle it properly.

     

    Could you post call stack of the crash?

     

    Ville

     

     

  • Send the file using https://analysis.f-secure.com/portal/login.html to f-Secure and report it as a false positive.

  • VilleVille Posts: 477

    I don't think sending it as false positive will help in this scenario as the poster did not say that it was blocked by DeepGuard. Most likely the problem is the analysis phase which slows down the connection.

     

    I have seen this problem once before with Qt libraries. They are using WSAConnect to open socket. Our product needs to analyze the process so WSAConnect returns SOCKET_ERROR and WSAGetLastError returns WSAEWOULDBLOCK. This is just fine and the connection will happen in a while. MSDN has instructions how to handle this propely in code: http://msdn.microsoft.com/en-us/library/windows/desktop/ms741559%28v=vs.85%29.aspx

     

    The component that is causing this has changed since version 2011, so the problem might not happen with 2012 or later versions. I haven't checked.

     

    Ville

     

This discussion has been closed.