Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (7)

Resolved McAfee deletes the exe file immediately

  1. Issue
0
Votes
Undo
  1. Sivaprakash BKR
    Sivaprakash BKR
  2. PowerBuilder
  3. Wednesday, 24 May 2023 14:17 PM UTC

Hello,

Using PB 2022 B 1900

We created the application exe file using File -> New -> Project -> Application option from the IDE.
EXE is created along with required PBD files.  

Double-clicking the EXE file from the same folder, where it's created, deletes the exe file [ McAfee Anti-virus ]

The same issue was there, in the same machine, for the previous build also.

We upgraded to 1900 build, just a couple of days ago.  Now the same issue.   

We didn't face such issues with PB 11.5 & PB 10.5, the previous versions that we are still using.  We create and run from the same machine in which PB 2022 is there.  

McAfee deletes the PB 2022 exe file(s) and not PB 11.5 files.  

Is there anything that we need to do here to get out of this issue, apart from adding to exclusion list.

Happiness Always
BKR Sivaprakash

 

  1. PowerBuilder (Appeon)
read content richtextedit powerbuilder line to lin...
Structure dynamic fill
Responses (7)
mike S
mike S Accepted Answer Pending Moderation
  1. Wednesday, 24 May 2023 16:04 PM UTC
  2. PowerBuilder
  3. # 1

sign the exe.  

 

It definitely stopped McAfee from deleting our PB generated exe in PB 2017 (PB 12.x and prior it had no problems with).  haven't tried it with newer builds but i assume it will be the same.  

Comment
Load more comments
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Friday, 26 May 2023 11:29 AM UTC
mike,

1. This application don't connect to any database in the application open event. It does some preparation and opens a login screen. Only after entering the credentials, it tries to connect a database for further processing. So, in this application, there is no question of database connection.

2. For 'yeah, that might be a question for your AV vendor'. Since we started facing this issue with appeon PB (since 2017), won't it be better to verify that with Appeon first?

  1. Helpful
mike S
  1. mike S
  2. Friday, 26 May 2023 12:06 PM UTC
I'm not sure how appeon can answer why a particular AV works the way it does, but maybe they will have some insight. I agree that it would be nice if something could be changed by appeon to prevent the need for signing, especially for in-house apps with the most common AV.



  1. Helpful
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Friday, 26 May 2023 12:41 PM UTC
Not a particular AV, McAfee, EndPoint Security are the two from the members of this community. My clients have reported that K7 Anti-virus and Total security is deleting the EXEs.

So far I'vent heard such a complaint from the users of Quick Heal.

Kasperskey and Norton are the other two AVs popular here.

  1. Helpful
There are no comments made yet.
Andreas Mykonios
Andreas Mykonios Accepted Answer Pending Moderation
  1. Friday, 26 May 2023 09:16 AM UTC
  2. PowerBuilder
  3. # 2

This answer is for @mike S.

Yes. The antivirus removes the exe right after the files is created and the first bytes are written (don't know how many - have no access to see). 

Follows a screenshot:

The first incident is when compiling with PBAutoBuild220. Then second on is with PBC220.

Last lines PBAutoBuild220 shows:

12:07:06 [Normal]       Rebuild complete.
12:07:06 [Warning] pfcapsrv.pbl(pfc_n_cst_conversion).pfc_n_cst_conversion.of_pdfmethod.68: Warning     C0240: The XSLFOP! export method is no longer supported. If used for export, it will be directly changed to Distill!.
12:07:06 [Warning] pfcapsrv.pbl(pfc_n_cst_conversion).pfc_n_cst_conversion.of_string.61: Warning     C0240: The XSLFOP! export method is no longer supported. If used for export, it will be directly changed to Distill!.
12:07:06 [Error] Create of executable file failed
12:07:06 [Error] Creation of executable failed with a link error
12:07:06 [Error] Failed to compile the target file. File name: C:\Dev\DWSyntaxModifier\dwsyntaxmodifier.pbt
Bye (-_-)

Last lines PBC220 shows:

        Rebuild complete.
 Library: c:\dev\dwsyntaxmodifier\pfcapsrv.pbl     Object: pfc_n_cst_conversion         Function: pfc_n_cst_conversion::of_pdfmethod             (0068): Warning     C0240: The XSLFOP! export method is no longer supported. If used for export, it will be directly changed to Distill!.         Function: pfc_n_cst_conversion::of_string             (0061): Warning     C0240: The XSLFOP! export method is no longer supported. If used for export, it will be directly changed to Distill!.Create of executable file failed
Creation of executable failed with a link error

I repeat, the error happens when linker tries to write the first bytes in exe... You can see that in PBAutoBuild220 where rebuild time is equal to executable creation error time.

Same issue happens when compiling from PB. But only in 32-bit.

Andreas.

Comment
mike S
  1. mike S
  2. Friday, 26 May 2023 12:07 PM UTC
ok , wow! i've never seen that, but like Chris P i changed my build machine to just use defender.
  1. Helpful 2
There are no comments made yet.
Armeen Mazda @Appeon
Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Wednesday, 24 May 2023 15:14 PM UTC
  2. PowerBuilder
  3. # 3

Report the false positive to McAfee so they improve their algorithms in future updates to not flag it.  In meantime, you are correct you need to add to exclusion list.

Comment
Load more comments
mike S
  1. mike S
  2. Saturday, 27 May 2023 20:19 PM UTC
you have to buy a cert - yearly cost. there are 2 levels, you only need the lower/easier to get/cheaper level. a low cost one is around 60-70 USD
  1. Helpful
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Monday, 29 May 2023 06:16 AM UTC
Thanks mike s. Can you point me the website from where I can get the certificate? Couldn't find anything around the 60-70USD in my search....

  1. Helpful
mike S
  1. mike S
  2. Tuesday, 30 May 2023 00:29 AM UTC
looks like they all just jumped up in price in the past month or two.

i believe there is a new requirement for code certs that go into effect sometime this year, so that probably increased their pricing.

  1. Helpful
There are no comments made yet.
Andreas Mykonios
Andreas Mykonios Accepted Answer Pending Moderation
  1. Thursday, 25 May 2023 06:50 AM UTC
  2. PowerBuilder
  3. # 4

Hi.

A question for those who's answer is "sign the exe".

In my case, when using PB 2022, the exe isn't created at all when deploying in 32-bit... Our antivirus is Check Point Endpoint Security...

Here is what I see in the IDE:

 ---------- Deploy: Deploy of project p_dwsyntaxmodifier   (9:42:12 πμ)
Creating executable file . . .
Inspecting Application Dependencies...
[...]
Inspecting application libraries...
 ---------- Finished Deploy of project p_dwsyntaxmodifier   (9:43:06 πμ)

 ---------- Linker: Errors   (9:43:06 πμ)
Create of executable file failed
 ---------- Finished Errors   (9:43:06 πμ)

So there is no way to sign a file that was never created.

What is your advice for such a situation? Why this only happens in PB 2022 when deploying in 32-bit?

Of course, as the exe isn't generated there is no way to report a false positive. It seems that exe creation is terminated by antivirus at the very beginning of linkage stage.

I mention that it work fine in:

  • PB 2019 R3 32-bit and 64-bit.
  • PB 2021 32-bit and 64-bit.
  • PB 2022 64-bit.

On my laptop (where I have a different antivirus - bitdefender), it works fine in all cases mentioned.

Andreas.

Comment
Load more comments
Andreas Mykonios
  1. Andreas Mykonios
  2. Friday, 26 May 2023 09:17 AM UTC
Hi mike. See my answer in https://community.appeon.com/index.php/qna/q-a/mcafee-deletes-the-exe-file-immediately#reply-40379.

Andreas.
  1. Helpful
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Friday, 26 May 2023 11:55 AM UTC
Andreas,

With PB 2019 R3, we had the same issue. EXE got deleted when we try to run the application. But we continued our development in that version and while running the exe, we used to add that to the exception list. We need to add to the exception list, on every build.

After few months, (may be 2 or 3, don't know exactly), we forgot to add to the exception list, and we didn't have that deletion issue till date. We upgraded few of our earlier (PB 11.5) application to PB 2019 also and all are running well so far.

We recollected that again as this is happening to 2022 version also.

  1. Helpful
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Saturday, 27 May 2023 05:17 AM UTC
Andreas,

Updated:

Today we checked for 2019R3 exe for this deletion issue. Yes, it's getting deleted again. It's running with no issues at our customer's place. Will check for the anti virus they use, if any.
  1. Helpful
There are no comments made yet.
Miguel Leeuwe
Miguel Leeuwe Accepted Answer Pending Moderation
  1. Thursday, 25 May 2023 10:52 AM UTC
  2. PowerBuilder
  3. # 5

Anti virus doesn't seem to like Appeon very much. I've had many problems with PB versions since Appeon took over. I'm not saying it's Appeon's fault. I really, really dislike Avast, but that's what I'm dealing with. I've seen similar false positives with .Net applications.

The other day I created and executable and ran it. As usual, Avast first has to check it and it was approved to be safe. Then whilst running the app, I suddenly get a virus warning after having opened some windows.

Created the same executable again and never got a warning again.

I'll add my folders for PB executables to the exceptions list, but using exceptions kind of destroys the benefits of having an anti virus.

just my 2cts.

 

Comment
Load more comments
Chris Pollach @Appeon
  1. Chris Pollach @Appeon
  2. Thursday, 25 May 2023 12:27 PM UTC
I switched to Windows Defender from McAfee 10 years ago. Never had an EXE issue since (unless it was a real threat). :-)
  1. Helpful
Andreas Mykonios
  1. Andreas Mykonios
  2. Thursday, 25 May 2023 13:01 PM UTC
Well, I agree. I can choose what anti virus I will use on my personal computer - laptop. I don't have that choice on my work...

Andreas.
  1. Helpful
Andreas Mykonios
  1. Andreas Mykonios
  2. Thursday, 25 May 2023 13:03 PM UTC
And the worst in our case is that the exe ins't generated... So we can even think of solutions like signing the exe...

Andreas.
  1. Helpful
There are no comments made yet.
Sivaprakash BKR
Sivaprakash BKR Accepted Answer Pending Moderation
  1. Friday, 26 May 2023 11:46 AM UTC
  2. PowerBuilder
  3. # 6

On further observation,

1.  We created a 64bit exe, in the same machine which created 32-bit exe, which was not deleted by McAfee.   We repeated the process, where we found that McAfee deletes only 32-bit exe and NOT 64-bit exe.

2.  We copied 32-bit application, to another machine, which runs Windows 7, with the same version of McAfee [updated to the latest version].   McAfee didn't delete the application and it's working fine.

3.  We copied 32-bit application to another machine, which runs Windows 10, with the same version of McAfee [updated to the latest version].  McAfee deleted the 32-bit exe.  64-bit exe works fine.

Windows 10                 32-bit               Deleted
Windows 10                 64-bit               Works Fine
Windows 7                   32-bit               Works Fine
Windows 7                   64-bit               It didn't get deleted, but it didn't run.

Note:  I'vent updated [drivers, dlls etc] this application for 64-bit.

Happiness Always
BKR Sivaprakash

 

Comment
Armeen Mazda @Appeon
  1. Armeen Mazda @Appeon
  2. Friday, 26 May 2023 15:30 PM UTC
I think you have confirmed it is McAfee problem on Windows 10 (and possibly newer like Windows 11). Same exact .EXE generated by PB is fine on Windows 7. I would recommend escalating this to McAfee tech support.
  1. Helpful
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Friday, 26 May 2023 16:10 PM UTC
Thanks Armeen,

Observing this, I already reported this issue to McAfee.

Issue is with 32 bit exe only.
  1. Helpful
Armeen Mazda @Appeon
  1. Armeen Mazda @Appeon
  2. Friday, 26 May 2023 16:46 PM UTC
Great, thanks!
  1. Helpful
There are no comments made yet.
Sivaprakash BKR
Sivaprakash BKR Accepted Answer Pending Moderation
  1. Thursday, 1 June 2023 12:23 PM UTC
  2. PowerBuilder
  3. # 7

I received the following reply from McAfee for my submission of the exe created by Powerbuilder 2022.   

*******************************************************************

Dear Sir/Madam,

 

Thank you for contacting us.

 

We have reviewed your submission for whitelisting of your software and the submitted files have been Whitelisted.

 

Regards,                       

McAfee Data Submission Team

 

From: donotreply@mcafee.com <donotreply@mcafee.com>
Sent: Saturday, May 27, 2023 12:46 PM
To: DL Data Submission <datasubmission@mcafee.com>
Subject: Software submissions for trust and false prevention

 

McAfee Logo

This is an automated e-mail sent to request the Software submissions for trust and false prevention of our product.

Details

Please contact us regarding any problems with our submission.

Thank you

*********************************************************************************

IN the meantime, I created the same exe, many times.  When I tried to execute the exe, by double-clicking it, it GOT DELETED.   

Any idea what should I do not to delete the file by McAfee?  McAfee says the file has been whitelisted.

Any idea?  I've already contacted McAfee regarding this and so far, received no reply.

Happiness Always
BKR Sivaprakash

 

Comment
Load more comments
Miguel Leeuwe
  1. Miguel Leeuwe
  2. Friday, 2 June 2023 08:34 AM UTC
hmmm well .. better late than never :)
  1. Helpful
Miguel Leeuwe
  1. Miguel Leeuwe
  2. Friday, 2 June 2023 08:35 AM UTC
Let's just hope it doesn't take them 2 weeks also when new viruses have been discovered !
  1. Helpful
Sivaprakash BKR
  1. Sivaprakash BKR
  2. Friday, 2 June 2023 12:08 PM UTC
:) Let's be positive.
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.