Question
· Sep 12, 2019

Virus detection during installation

I downloaded the free version of CachePCkit_x86.exe. During installation, the antivirus detects a virus
PDM: Trojan.Win32.Generic
c: \ users \ ...... I \ temp \ pde9cb \ setup.exe
How to eliminate this problem

Discussion (7)2
Log in or sign up to continue

Hello Sergey,

Can you confirm if you are getting that kit from the Download Caché button in the sidebar here in the Developer Community? If so, then that alleviates my primary concern that it might actually be a threat.

Beyond that, the question would be one of setting up an anti-virus exclusion or disabling it briefly. This is something you might need to do for any software kit that is improperly flagged by your antivirus, which is not really a question of InterSystems technology but of whatever antivirus you are using.

Further down the line you may want to add some additional exclusions so Caché can operate properly per this documentation:

https://cedocs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?K...

I just got the same problem installing under Windows 10 and Kaspersky Internet Security. I appreciate your point that it's just a false positive so I ought to disable the software or exclude the install file, but I've never had this problem with any other software, nor did I get the problem all the years I used Cache and other InterSystems before I retired. There must be a way to check your software for virus signature artifacts and remove them at compilation. Leaving them in is easier for you but I don't think I'll bother with the installation, which is a shame as I have more than 20 years' experience with MUMPS and Caché and used to work for InterSystems (give my regards to anyone at the Windsor/Eton office who may remember me). But I won't be installing Iris as long as Kaspersky kicks up a fuss.

Jay,

I recognize your frustration. I'm not an expert on this topic but I think different antiviruses have different patterns that they check for and it might not be possible to avoid all false alarms.

Kaspersky have this to say on the subject:

https://support.kaspersky.com/viruses/answers/1870

"A false detection, or a false positive, is a case of incorrect detection of a clean file or website as infected.

Unfortunately, manufacturers of security solutions cannot avoid false detection. At Kaspersky, we continuously improve the product testing system and strive to decrease the number of false positives. However, it is impossible to completely avoid such cases, as new threats arise every moment."

Hey Jay.

I appreciate this probably doesn't help you, but thought I would share in case it's of interest to anyone.

I had this same issue with Kaspersky a few years ago when installing a preview of Healthconnect on my local machine to review some upcoming features (Does anyone else remember FHIR?).

As each attempted install would result in an internal virus response and some light hearted ribbing from colleagues, I was quite keen to get this resolved.

I worked with WRC as well as Kaspersky, and we found that the "threat" detected was oddly tied to the build number of Windows 10, and we would not get a detection with the same version of Kaspersky running on different builds of Windows 10 or on any builds of Windows Server Edition we had currently in operation and free to test.

At the time, Kaspersky did state that they had updated their definitions which I confirmed worked, however that could easily have been tied to the specific build of the Healthconnect install exe, or could just be something reintroduced over the last 3 years since I had reported this issue to Kaspersky.

FWIW - if there was something in the installer that was a red flag to all AV suppliers, then I would suspect that it would be addressed (especially as it'd probably flag up with whatever AV is used by Intersystems). However behavior detection isn't an exact science, and I wouldn't be surprised if adjusting the installer to appease Kaspersky is then detected by another supplier as an attempt to avoid detection by an AV.