Firebird caught by Defender

29 views
Skip to first unread message

Takada Hiroko

unread,
Jul 27, 2022, 12:58:47 AMJul 27
to firebird-support
Hello. I am debugging an IOT system using(Windows10 pro) Firebird 3.0.4.3305.
And have a trouble with "C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx".

The Firebird makes an error once or twice a week in the way shown in firebird.log:
---------------------
FBServer   Sun May 22 00:57:43 2022
    Operating system call CreateFile failed. Error code 225

FBServer   Sun May 22 00:57:43 2022
    MonitoringData: Cannot initialize the shared memory region
    operating system directive CreateFile failed
  Operation did not complete successfully because the file contains a virus or potentially unwanted software.
--------------------
Once this error happens it repeats on any access from client thereafter.

This log does not explicitly show the error file name, but I found

"C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx"    (xxx : 24 hex digits)

is the file that is considered to have a virus.

(In the system the windows defender is activated (required) but I excluded Firebird programs and
C:\ProgramData\firebird\)

I am sure the firebird clients do not access MON$ tables

Does anyone know how to avoid this problem ?
I think escaping from defender or not making fb2_ fille would be a solution

Vlad Khorsun

unread,
Jul 27, 2022, 6:05:35 AMJul 27
to firebird-support
Hello. I am debugging an IOT system using(Windows10 pro) Firebird 3.0.4.3305.
And have a trouble with "C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx".

The Firebird makes an error once or twice a week in the way shown in firebird.log:
---------------------
FBServer   Sun May 22 00:57:43 2022
    Operating system call CreateFile failed. Error code 225

FBServer   Sun May 22 00:57:43 2022
    MonitoringData: Cannot initialize the shared memory region
    operating system directive CreateFile failed
  Operation did not complete successfully because the file contains a virus or potentially unwanted software.

This is

ERROR_VIRUS_INFECTED

and I never saw it before. Very strange.


--------------------
Once this error happens it repeats on any access from client thereafter.

  When it stop to happens ?
 

This log does not explicitly show the error file name, but I found

"C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx"    (xxx : 24 hex digits)

is the file that is considered to have a virus.

(In the system the windows defender is activated (required) but I excluded Firebird programs and
C:\ProgramData\firebird\)
 

I am sure the firebird clients do not access MON$ tables


The shared memory area(s) is created in advance, not on first access to the monitoring.
 
Does anyone know how to avoid this problem ?
I think escaping from defender or not making fb2_ fille would be a solution

Find a way to fix defender. Who knows what it will not like next time ?

Regards,
Vlad

PS Firebird 3.0.4 is very old, consider upgrade to current 3.0.10

Takada Hiroko

unread,
Jul 28, 2022, 7:09:20 AMJul 28
to firebird-support
Thank you for your answer.

>When it stop to happens ?
It does not stop. It happens every time on access after that until PC rebooted next time.

>PS Firebird 3.0.4 is very old, consider upgrade to current 3.0.10
Yes. I think I should try. Thank you.

Best regards,
Takada

2022年7月27日水曜日 19:05:35 UTC+9 vlad.k...@gmail.com:
Reply all
Reply to author
Forward
0 new messages