Chief is... Ransomware? (it's not)


DeLayDesign
 Share

Recommended Posts

I'm sure it's not; but today my college and I discovered a few issues with antivirus protection and how it interacts with Chief Architect.

We've been upgrading the company's computers to X14, some of them are older pc's but Chief X13 has been working great on those units so we figured there wouldn't be any issues with X14.  At the same time we also switched the company from Malwarebytes to McAfee (no one wanted this).  McAfee has been causing a few issues with programs, google chrome, and Chief X14 doesn't seem to work great on everyone's PC.  The software would seemingly freeze for some unknown reason, but always around the 5 min. mark of letting it idle.  We are experimenting with the Time tracker being turned off.  It seems to be working for the most part.

Talking with Chief Architect about this issue, they did let me know that they did have issues with McAfee a few versions ago, but that they hadn't heard any issues with X14.  Interesting.

So we tried uninstalling McAfee from one of the pc's that was about to get the upgrade and something strange happened.  We couldn't get X14 to install properly.  The X14 data folder that goes into your 'documents' wouldn't show up, even after it would say it installed successfully.  Opening Chief X14 and it would just crash over and over again because it couldn't connect to the missing folder, an issue I've never run into before, and I field a lot of questions from the team.

I had to turn to the IT guy who through the power of google (Why didn't I think of that?) discovered that some virus softwares have issues with Chief.  None being installed on this computer we discovered that Microsoft's defender was blacklisting Chief Architect as a ransomware threat!

A quick 'add' to the whitelist and 'pop'... the missing folder showed up and X14 worked as intended.

We have notified Chief of the situation; but I'm curious as to why this is happening.  I don't know enough of the inner workings of Chief Architect to know what would cause Microsoft or any other third-party antivirus software to think it was a threat.

Link to comment
Share on other sites

4 minutes ago, DeLayDesign said:

I had to turn to the IT guy who through the power of google (Why didn't I think of that?) discovered that some virus softwares have issues with Chief.  None being installed on this computer we discovered that Microsoft's defender was blacklisting Chief Architect as a ransomware threat!

 

LOL, Most of the time this have to do with anti-piracy protection. Software products decrypt the code segments at the runtime, use anti-debugging, anti-... techniques', use crypt blowfish on data, communicate with central server (like botnet), and sometimes copy the segments of a known viruses. Most anti- viruses, trying to analyze a threat, see the anti-debugging, data crypt, notice QtWebEngineProcess local webserver that looks like a botnet backdoor - thus the result. 

 

Excluding a software is NOT a solution either, because it could get infected... And than you are in whole new class of trouble.

 

Personally I recommend all vendors scaling down anti-piracy protection whatever the vendor they use and make code more transparent for antivirus software to scan, get rid of code segment private encryptions [I trashed all of mine years ago] either go UPX or just abandon - to let Windows DEP ( Data Execution Prevention) to do it's work. Writable code segments are PITA and defy the CPU code cache. 

 

  

Link to comment
Share on other sites

18 hours ago, BrownTiger said:

Excluding a software is NOT a solution either, because it could get infected... And than you are in whole new class of trouble.

 

Personally I recommend all vendors scaling down anti-piracy protection whatever the vendor they use and make code more transparent for antivirus software to scan, get rid of code segment private encryptions [I trashed all of mine years ago] either go UPX or just abandon - to let Windows DEP ( Data Execution Prevention) to do it's work. Writable code segments are PITA and defy the CPU code cache. 

 

  

Good point!

I only recommended whitelisting Chief because that was a solution their customer support recommended.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share