Firebird caught by Defender
316 views
Skip to first unread message
Takada Hiroko
Jul 27, 2022, 12:58:47 AM7/27/22
to firebird-support
Hello. I am debugging an IOT system using(Windows10 pro) Firebird 3.0.4.3305.
And have a trouble with "C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx".
The Firebird makes an error once or twice a week in the way shown in firebird.log:
---------------------
FBServer Sun May 22 00:57:43 2022
Operating system call CreateFile failed. Error code 225
FBServer Sun May 22 00:57:43 2022
MonitoringData: Cannot initialize the shared memory region
operating system directive CreateFile failed
Operation did not complete successfully because the file contains a virus or potentially unwanted software.
--------------------
Once this error happens it repeats on any access from client thereafter.
This log does not explicitly show the error file name, but I found
"C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx" (xxx : 24 hex digits)
is the file that is considered to have a virus.
(In the system the windows defender is activated (required) but I excluded Firebird programs and
C:\ProgramData\firebird\)
I am sure the firebird clients do not access MON$ tables
Does anyone know how to avoid this problem ?
I think escaping from defender or not making fb2_ fille would be a solution
And have a trouble with "C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx".
The Firebird makes an error once or twice a week in the way shown in firebird.log:
---------------------
FBServer Sun May 22 00:57:43 2022
Operating system call CreateFile failed. Error code 225
FBServer Sun May 22 00:57:43 2022
MonitoringData: Cannot initialize the shared memory region
operating system directive CreateFile failed
Operation did not complete successfully because the file contains a virus or potentially unwanted software.
--------------------
Once this error happens it repeats on any access from client thereafter.
This log does not explicitly show the error file name, but I found
"C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx" (xxx : 24 hex digits)
is the file that is considered to have a virus.
(In the system the windows defender is activated (required) but I excluded Firebird programs and
C:\ProgramData\firebird\)
I am sure the firebird clients do not access MON$ tables
Does anyone know how to avoid this problem ?
I think escaping from defender or not making fb2_ fille would be a solution
Vlad Khorsun
Jul 27, 2022, 6:05:35 AM7/27/22
to firebird-support
Hello. I am debugging an IOT system using(Windows10 pro) Firebird 3.0.4.3305.
And have a trouble with "C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx".
The Firebird makes an error once or twice a week in the way shown in firebird.log:
---------------------
FBServer Sun May 22 00:57:43 2022
Operating system call CreateFile failed. Error code 225
FBServer Sun May 22 00:57:43 2022
MonitoringData: Cannot initialize the shared memory region
operating system directive CreateFile failed
Operation did not complete successfully because the file contains a virus or potentially unwanted software.
This is
ERROR_VIRUS_INFECTED
and I never saw it before. Very strange.
--------------------
Once this error happens it repeats on any access from client thereafter.
When it stop to happens ?
This log does not explicitly show the error file name, but I found
"C:\ProgramData\firebird\fb12_monitor_xxxxxxxxxxxxxxxxxxxxxx" (xxx : 24 hex digits)
is the file that is considered to have a virus.
(In the system the windows defender is activated (required) but I excluded Firebird programs and
C:\ProgramData\firebird\)
I am sure the firebird clients do not access MON$ tables
The shared memory area(s) is created in advance, not on first access to the monitoring.
Does anyone know how to avoid this problem ?
I think escaping from defender or not making fb2_ fille would be a solution
Find a way to fix defender. Who knows what it will not like next time ?
Regards,
Vlad
PS Firebird 3.0.4 is very old, consider upgrade to current 3.0.10
Takada Hiroko
Jul 28, 2022, 7:09:20 AM7/28/22
to firebird-support
Thank you for your answer.
>When it stop to happens ?
It does not stop. It happens every time on access after that until PC rebooted next time.
>PS Firebird 3.0.4 is very old, consider upgrade to current 3.0.10
Yes. I think I should try. Thank you.
Best regards,
Takada
Best regards,
Takada
2022年7月27日水曜日 19:05:35 UTC+9 vlad.k...@gmail.com:
Takada Hiroko
Jan 7, 2023, 4:51:38 AM1/7/23
to firebird-support
Hello,
Again virus problem.
I posted the 5 month ago (not solved) and I have come to suspect HP Wolf Security not Defender, because this problem happened only on the PC where HP Wolf Security is installed.
Dose anyone know any problem with HP Wolf Security?
It took long time for me to come to suspect HP Wolf Security because the Firebird log does not show what security system has detected virus error.
Does anyone have an idea to know what security system detected virus concerning firebird?
Best regards,
Takada
2022年7月28日木曜日 20:09:20 UTC+9 Takada Hiroko:
Alexey Kovyazin
Jan 7, 2023, 4:54:54 AM1/7/23
to firebird...@googlegroups.com
Hello,
Try to submit your executables to virustotal, and then send results to the vendor of antivirus.
Regards,
Alexey Kovyazin
IBSurgeon
Takada Hiroko <tasa...@gmail.com>:
--
You received this message because you are subscribed to the Google Groups "firebird-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebird-suppo...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/firebird-support/dfbacfeb-27a4-4b41-99b7-b2b49c424390n%40googlegroups.com.
Takada Hiroko
Jan 16, 2023, 11:44:34 AM1/16/23
to firebird-support
Thank you for your suggestion. But in this case, “the executable “ or the file to be sent to Virus Total should be Firebird itself or the file “C:¥ProgramDate¥firebird¥fb12-monitor-xxxxxxxxxxxxxxxxxxxxxx”, which is produced by Firebird. The former is nonsense. The latter is impossible because the file “C¥Program Date¥firebird¥fb12-monitor-xxxxxxxxxxxxxxxxxxxxx” cannot be copied.
Is there anyone having trouble with HP PC?
Best regards,
Takada
Reply all
Reply to author
Forward
0 new messages