Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Squirrel.exe gets quarantined as a virus threat with each ATOM update by Cylance Protect #16986
Each time ATOM,IO gets receives an update squirrel.exe gets quarantined by Cylance Protect as a suspicious threat
Steps to Reproduce
Reproduces how often:
I'm using on two systems one with Windows 7 the other with Windows 10
It seems that squirrel.exe has different check sums although the file size has not changed from the previous version. That may makes it look like a mutating virus.
This is expected from NGAV products like Cylance/Carbon Black/whatever. They look at not just the signatures (sha256 hash in most cases) but the behavior of the application, processes started, commands run, invocations, etc. There is not much a developer can do to prevent this. Until the ngav provider has had a chance to scan and whitelist the application, this will continue to happen. You'll either have to add a policy exclusion for the path the .exe runs from or whitelist the process itself.
Exclusion would look something like:
**edits: adding exclusion and formating
In our enterprise environment I'm not in a position to get white list any version of squirrel.exe.
I can understand that this is frustrating. However, attempting to convince the myriad anti-virus systems that our installer is safe is not something that we're going to be devoting any significant time to. Figuring out a system that allows us to easily install, dynamically update, and isn't flagged by all anti-virus systems just isn't our area of expertise or what we're interested in working on. Since this isn't something that we're going to prioritize, I'm going to close this.