Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (1)

Resolved CrowdStrike suddenly dislikes our exe

  1. New
  2. Misc
0
Votes
Undo
  1. Mary Jane Foster
    Mary Jane Foster
  2. PowerBuilder
  3. Thursday, 19 December 2024 20:57 PM UTC

Hi:

We have 7 PowerBuilder applications that have been in play for many, many years.  For some reason CrowdStrike has started flagging ONE of our apps as malicious and quarantining it when it is under test.

Our QA team can be testing different changes by different developers on that application at any given time, each of these versions has a different folder name.  For example we have BranchA & BranchB under test, and they are always uniquely identified.

QA has a c:\Test folder in which they have both BranchA folder and BranchB folder, and CrowdStrike has tried to add it to their Allowlist, but it will work for one folder and not the other.  They have basically said they cannot determine why it is generating detection for the file because it is done through machine learning generated detection.

They have asked how often and when does the file hash the executable change.  Can you answer that question for me?  Is this something we can control, like within the .json file, or a way to certify or 'sign' our applications?  I find all kinds of information with PowerServer, but not PowerBuilder.

All insight appreciated.

MJ

 

 

Convert SOAP Webservices with integrated windows a...
HttpClient gets random "No Session exists for Acce...
Responses (1)
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Thursday, 19 December 2024 21:42 PM UTC
  2. PowerBuilder
  3. # 1

Hi Mary Jane;

  Yes, this is a CrowdStrike issue for as Appeon during our QA process before releasing any release or MR runs the IDE & runtime through the major AV software out there. AFAIK though, CS is not one of them.

   You will need to contact your CrowdStrike support team to get around this OR yes, you can easily sign your App's executable(s) to make them trusted more with your AV setup. Both the PowerClient and PowerServer projects can sign your App for you. For a native PB App EXE though, you will need to sign the EXE after the EXE has been created, as follows:

FYI: https://community.appeon.com/index.php/qna/q-a/how-to-sign-exe-and-pbds

HTH

Regards .. Chris

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.