Emsisoft recently started flagging einstein code as suspicious
15 Jul 2021 2:23:01 UTC
Topic 225692
(moderation:
Emsisoft Anti-Malware recently started flagging einstein code as suspicious. Curious if the code has recently changed and if you could explain what the code is attempting before I release it to run again. Log records included in the post.
7/14/2021 8:32:52 PM
Behavior Blocker detected suspicious behavior "CodeInjector" of E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe (SHA1: 71495E2067398856AA5317DBFBA1828339B30531)
7/14/2021 8:32:58 PM
A notification message "Suspicious behavior has been found in the following program: E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe" has been shown
7/14/2021 8:33:00 PM
Alert message "E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe Program is attempting to manipulate other processes" has been shown
7/14/2021 7:03:40 AM
Behavior Blocker detected suspicious behavior "CodeInjector" of E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe (SHA1: 71495E2067398856AA5317DBFBA1828339B30531)
7/14/2021 7:03:45 AM
A notification message "Suspicious behavior has been found in the following program: E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe" has been shown
7/14/2021 7:03:47 AM
Alert message "E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe Program is attempting to manipulate other processes" has been shown
Regards,
Chris
chris wrote:... Curious if
)
Yes, a new search app has recently been released by project staff at the AEI in Hannover, Germany. This app is a continuation of a long running series of apps over the last 16+ years that analyse data from the LIGO observatories, looking for signs of continuous gravitational wave emissions from massive spinning objects like neutron stars and black holes. Over the years, there have been some false positives from this series of apps. Those of us who have been volunteering over that period are confident that there is absolutely no malware problem with these apps. It's entirely up to you whether or not you trust that confidence.
You should take this up with your anti-malware provider if you want further clarification. I imagine they will eventually change their software to correct the false positive response.
Cheers,
Gary.
As Gary said, there has been
)
As Gary said, there has been a recent code change.
Modern anti-virus programs do an awful lot more than simply scan the files stored on your hard disk. Note that the reports, in this case, state that "Suspicious behavior" has been observed. BOINC science projects - from any project, not just Einstein - have two characteristics which look just like a virus:
1) They use your computer very hard indeed
2) They don't (themselves) have any way of communicating with the user
The anti-virus programs are right to be suspicious, but they will continue to watch the situation, and to gather other reports from around the world. They will also scrutinise the actual code inside the application, to see if it does anything dangerous. In due course, an overall and more complete analysis will emerge: at that point, I would expect that there will be enough information to withdraw the warnings.
If you are still worried, you can submit your copy of the program to a service like VirusTotal, which will check it with a range of anti-virus tools from different manufacturers.
My Avast has alerted me two
)
My Avast has alerted me two times today about this. I decided to ignore it.