On Fri, Nov 13, 2009 at 8:05 PM, Dave Korn <> wrote: > Andy Koppe wrote: >> 2009/11/13 Jacob Jacobson: >>> Output of Kaspersky Anti-Virus 6.0 >>> >>> 11/13/2009 1:03:09 PM C:\WIN\CYGWIN\BIN\CYGRUNSRV.EXE Process is trying to >>> inject into another process. This behavior is typical of some malicious >>> programs (Invader) >>> 11/13/2009 1:03:09 PM C:\WIN\CYGWIN\BIN\CYGRUNSRV.EXE "Quarantine" action >>> is selected >>> 11/13/2009 1:03:09 PM C:\WIN\CYGWIN\BIN\CYGRUNSRV.EXE Forced to terminate >>> the process. >>> 11/13/2009 1:03:09 PM C:\WIN\CYGWIN\BIN\CYGRUNSRV.EXE File quarantined. >>> >>> Output of Kaspersky Anti-Virus 6.0 >> >> Send that to Kaspersky. Cygwin isn't gonna be changed to work around >> that sort of crap. > > BLODA in full effect. It is designed to stop you running anything that > behaves like forking, just in case what you were running wasn't meant to be > doing that; therefore it is a crude and indiscriminate filter and must > inevitably suffer false positives. > > The problem is that there's no easy way for a simple-minded computer program > to tell the difference between "suspicious process injecting itself into > another", and "legitimate user-directed application attempting to emulate > posix fork semantics". It is unfortunate, but a lot of the things that Cygwin > *has* to do are exactly like a lot of the things that some viruses do; hence > we run up against the limits of heuristic behaviour blockers. > > cheers, > DaveK > > > --
The real question is whether or not Kaspersky will let you exclude specific processes from this sort of inspection. If so, just exclude cygrunsrv.exe. I routinely have to do this depending on what AV I am running. Heck, if I run the whole Comodo Security Suite, I get pages of prompts every time I run setup.exe and it changes files around. It's all "hey, bash is trusted, but it is doing something it didn't do yesterday and it has a different checksum." Security is pain. -Jason -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
