-
Notifications
You must be signed in to change notification settings - Fork 15.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ASAR Native Module unpacking triggers virus scanners #1205
Comments
Perhaps those snakeoil av vendors should not "detect" every bit of JavaScript as Win32:Evo-gen. But - good idea. |
@pfffr I'm not disagreeing :) But in the meantime, we have to solve the issue or else ASAR isn't tenable to use in production Windows applications |
I would suggest that under the data directory (i.e. the one pointed to by |
Wouldn't that still trigger the AV-foo on the first extraction and on any auto-update process too? |
@pfffr It will, but hopefully less so because we're not using temp files, and ideally we won't be doing it constantly (i.e. once it's unpacked it's done) |
@paulcbetts I'm totally with you. %allusersprofile%\ASAR (or .asar) would be the right destination for those files, IMHO. Otherwise %appdata%\ASAR i.e. for further usage for current user. |
@paulcbetts I think we can just don't include the shared libraries in asar archives, so we have following layout:
And when reading files we would first look into This solves the virus scanner problem and improves performance. It requires changes to both atom-shell and |
@zcbenz That works for me. So far, most vendors are okay with the current approach except for a few (WebRoot is the worst) that really get upset :-/ |
We're seeing a lot of tickets where ASARs unpacking of native modules to temp files is triggering AV vendors to mark the app as a Trojan Horse and start deleting files. We probably need to move to unpacking these files to a static location (this would also help with startup perf because we wouldn't be constantly unpacking files).
The text was updated successfully, but these errors were encountered: