climateprediction.net (CPDN) home page
Thread 'couldn't start app: CreateProcess() failed. Check your antivirus.'

Thread 'couldn't start app: CreateProcess() failed. Check your antivirus.'

Message boards : Number crunching : couldn't start app: CreateProcess() failed. Check your antivirus.
Message board moderation

To post messages, you must log in.

1 · 2 · 3 · Next

AuthorMessage
Glenn Carver

Send message
Joined: 29 Oct 17
Posts: 1049
Credit: 16,476,460
RAC: 15,681
Message 70376 - Posted: 14 Feb 2024, 12:29:06 UTC

Seeing failed tasks with this error in the log on the task webpage:

couldn't start app: CreateProcess() failed

This usually means Antivirus software on the host has quarantined the executable. In this case, it's the new wah2_8.29_windows_intelx86.exe.

Solution is to exclude the boinc folder if possible, or the executable file itself.
---
CPDN Visiting Scientist
ID: 70376 · Report as offensive     Reply Quote
Glenn Carver

Send message
Joined: 29 Oct 17
Posts: 1049
Credit: 16,476,460
RAC: 15,681
Message 70377 - Posted: 14 Feb 2024, 16:07:59 UTC - in response to Message 70376.  

p.s. checking CPDN's WAH 8.29 batch failures, 30% of fails for batch 1006 are because of this error.
---
CPDN Visiting Scientist
ID: 70377 · Report as offensive     Reply Quote
ProfileDave Jackson
Volunteer moderator

Send message
Joined: 15 May 09
Posts: 4540
Credit: 19,039,635
RAC: 18,944
Message 70378 - Posted: 14 Feb 2024, 16:39:37 UTC - in response to Message 70377.  

p.s. checking CPDN's WAH 8.29 batch failures, 30% of fails for batch 1006 are because of this error.
It only takes a relatively small fragment of code to exactly match that in a known virus/piece of malicious code. This seems to have been happening more often recently. Is it possible to identify the fragment of code and to tell the antivirus people that the relevant binaries are safe?
ID: 70378 · Report as offensive     Reply Quote
Richard Haselgrove

Send message
Joined: 1 Jan 07
Posts: 1061
Credit: 36,716,561
RAC: 8,355
Message 70379 - Posted: 14 Feb 2024, 17:26:09 UTC - in response to Message 70378.  
Last modified: 14 Feb 2024, 17:36:20 UTC

I think a more likely explanation is that the potential wrong 'un is being detected by heuristics, rather than by pattern matching.

Modern AV products often have a module which examines the behaviour of the beastie in questions like:

  • Does it have a user interface? (no = stealth module)
  • Does it use a lot of resources? (yes = could be doing something nasty)
  • Does it communicate with external sites? (not a problem here, but is a problem for BOINC)
  • Have I ever heard of it before? (no = could be a threat - handle with care)

The remedy is the same - check your AV messages and logs, and report any false positives as quickly and as often as you can. They usually get the message after a few days.

Obviously, an official message from the affected institution carries more weight than any number of end-user reports.

Edit - I've reported my 8.29 executable to https://www.virustotal.com/gui/file/2bc8155ce0a9f3a44cae5a0376f6d662a393f8e21c2aff377c7f23ae307fd9f4

For comparison, 8.24 is at https://www.virustotal.com/gui/file/ba4288b2d84f24a7ae47d01f75bed804edac36d8c7eff5ded7c9bd1bf740440e

ID: 70379 · Report as offensive     Reply Quote
Glenn Carver

Send message
Joined: 29 Oct 17
Posts: 1049
Credit: 16,476,460
RAC: 15,681
Message 70380 - Posted: 14 Feb 2024, 19:10:07 UTC - in response to Message 70379.  

Richard, I can send an email from my Oxford U account. Who do I send to?
---
CPDN Visiting Scientist
ID: 70380 · Report as offensive     Reply Quote
Richard Haselgrove

Send message
Joined: 1 Jan 07
Posts: 1061
Credit: 36,716,561
RAC: 8,355
Message 70381 - Posted: 14 Feb 2024, 19:41:10 UTC - in response to Message 70380.  

It would be most helpful if we could identify which anti-virus products are reporting a detection.

That won't ever be identifiable in your server logs: we would probably have to crowd-source it by an appeal here. So: if anyone here has noticed an AV alert relatable to CPDN since the new tasks were released, please post details here.

I don't have any recent experience of a central, industry-wide, reporting point, although I have written and released software installation packages in the past which have triggered similar problems.

Unfortunately the BOINC message board most likely to have searchable records of such events (SETI@home) has been offline all day, although it's back now. I'll put my thinking cap on in the morning.
ID: 70381 · Report as offensive     Reply Quote
Richard Haselgrove

Send message
Joined: 1 Jan 07
Posts: 1061
Credit: 36,716,561
RAC: 8,355
Message 70382 - Posted: 14 Feb 2024, 19:55:44 UTC

Had a quick grok before going out to the pub, and found a relevant message board post (SETI NC 1641898 - nine years ago today!).

I did look into the possibility of whitelisting when this question was raised after the release of v0.43 last year. It turned out to require considerably more identity and security checks than opening a bank or PayPal business account, and I found I couldn't possibly qualify in any event (I don't run a personal website with my home address checkable through a WhoIs lookup on the domain name).
ID: 70382 · Report as offensive     Reply Quote
wateroakley

Send message
Joined: 6 Aug 04
Posts: 195
Credit: 28,374,000
RAC: 10,722
Message 70383 - Posted: 14 Feb 2024, 20:59:12 UTC - in response to Message 70381.  
Last modified: 14 Feb 2024, 21:00:56 UTC

It would be most helpful if we could identify which anti-virus products are reporting a detection.

That won't ever be identifiable in your server logs: we would probably have to crowd-source it by an appeal here. So: if anyone here has noticed an AV alert relatable to CPDN since the new tasks were released, please post details here.

I don't have any recent experience of a central, industry-wide, reporting point, although I have written and released software installation packages in the past which have triggered similar problems.

Unfortunately the BOINC message board most likely to have searchable records of such events (SETI@home) has been offline all day, although it's back now. I'll put my thinking cap on in the morning.

CPDN with a corporate McAfee anti-virus, 2005 to 2017. No issues to report.
CPDN with M$ anti-virus (Defender) 2017 to 2024. No issues to report.
Recent model/task crashes 2024, Nothing that I could attribute to the M$ anti-virus (Defender).
ID: 70383 · Report as offensive     Reply Quote
Glenn Carver

Send message
Joined: 29 Oct 17
Posts: 1049
Credit: 16,476,460
RAC: 15,681
Message 70384 - Posted: 14 Feb 2024, 22:02:53 UTC - in response to Message 70381.  
Last modified: 14 Feb 2024, 22:04:12 UTC

It would be most helpful if we could identify which anti-virus products are reporting a detection.
My personal McAfee quarantined it, that's how I recognised the error. Though I'm puzzled why it threw a wobbly since I'd built the executable on the same PC.
ID: 70384 · Report as offensive     Reply Quote
Jean-David Beyer

Send message
Joined: 5 Aug 04
Posts: 1120
Credit: 17,202,915
RAC: 2,154
Message 70406 - Posted: 16 Feb 2024, 5:01:58 UTC - in response to Message 70376.  

Seeing failed tasks with this error in the log on the task webpage:

couldn't start app: CreateProcess() failed


This usually means Antivirus software on the host has quarantined the executable. In this case, it's the new wah2_8.29_windows_intelx86.exe.

Solution is to exclude the boinc folder if possible, or the executable file itself.


I know how to do this in Linux, but I am ignorant about Windows 10 that is running on my other machine.
So how do I exclude folders from anti-virus in Windows 10>
ID: 70406 · Report as offensive     Reply Quote
Profilegeophi
Volunteer moderator

Send message
Joined: 7 Aug 04
Posts: 2187
Credit: 64,822,615
RAC: 5,275
Message 70408 - Posted: 16 Feb 2024, 6:02:29 UTC - in response to Message 70406.  

I know how to do this in Linux, but I am ignorant about Windows 10 that is running on my other machine.
So how do I exclude folders from anti-virus in Windows 10>


If using Windows Defender,

https://www.howtogeek.com/671233/how-to-add-exclusions-in-windows-defender-on-windows-10/

If using some other AV solution, google search exclusions for that AV.
ID: 70408 · Report as offensive     Reply Quote
Jean-David Beyer

Send message
Joined: 5 Aug 04
Posts: 1120
Credit: 17,202,915
RAC: 2,154
Message 70409 - Posted: 16 Feb 2024, 8:07:56 UTC - in response to Message 70408.  

Thank you. I am using McAfee and I can exclude files, but not directories. I excluded the .exe causing the problem, but would hate to add each new one (even an update) each time.
ID: 70409 · Report as offensive     Reply Quote
Profilegeophi
Volunteer moderator

Send message
Joined: 7 Aug 04
Posts: 2187
Credit: 64,822,615
RAC: 5,275
Message 70410 - Posted: 16 Feb 2024, 8:39:25 UTC - in response to Message 70409.  

Thank you. I am using McAfee and I can exclude files, but not directories. I excluded the .exe causing the problem, but would hate to add each new one (even an update) each time.

Yeah, wow! This thread says it all about McAfee I guess.

https://forums.mcafee.com/t5/VirusScan/How-to-exclude-folders-from-real-time-scan/td-p/658116
ID: 70410 · Report as offensive     Reply Quote
Glenn Carver

Send message
Joined: 29 Oct 17
Posts: 1049
Credit: 16,476,460
RAC: 15,681
Message 70411 - Posted: 16 Feb 2024, 9:11:16 UTC - in response to Message 70410.  

Yes, I had this problem when I was developing the new app and regularly creating a new executable. I had to disable Real Time scanning in McAfee to be able to work. But even that is time limited to a max of 45 mins. It was a pain.

However, I tend to agree with their reasoning. Excluding folders is risky as they tend to get forgotten.

I've made a mental note to add a comment about antivirus systems when we release new versions in the future.
---
CPDN Visiting Scientist
ID: 70411 · Report as offensive     Reply Quote
Jean-David Beyer

Send message
Joined: 5 Aug 04
Posts: 1120
Credit: 17,202,915
RAC: 2,154
Message 70413 - Posted: 16 Feb 2024, 13:16:32 UTC - in response to Message 70411.  

Yes, I had this problem when I was developing the new app and regularly creating a new executable. I had to disable Real Time scanning in McAfee to be able to work. But even that is time limited to a max of 45 mins. It was a pain.

I do not understand what you mean about the 45 minutes part.

However, I tend to agree with their reasoning. Excluding folders is risky as they tend to get forgotten..

I agree.

I've made a mental note to add a comment about antivirus systems when we release new versions in the future

Good idea: I am sure to forget.
ID: 70413 · Report as offensive     Reply Quote
Jean-David Beyer

Send message
Joined: 5 Aug 04
Posts: 1120
Credit: 17,202,915
RAC: 2,154
Message 70416 - Posted: 16 Feb 2024, 18:37:04 UTC - in response to Message 70409.  

Thank you. I am using McAfee and I can exclude files, but not directories. I excluded the .exe causing the problem, but would hate to add each new one (even an update) each time.


Actually, I cannot exclude the file from scanning. I follow the directions, and I get no error message, but it does not work quite right. When I select the file from the list of possibilities (the .exe file), it does not acknowledge what I did. I also cannot figure out how to find the list of excluded files. I am certain it has not worked because the next time I get f work unit it fails as soon as it starts because it is quarantined.
ID: 70416 · Report as offensive     Reply Quote
Glenn Carver

Send message
Joined: 29 Oct 17
Posts: 1049
Credit: 16,476,460
RAC: 15,681
Message 70417 - Posted: 16 Feb 2024, 22:04:50 UTC - in response to Message 70416.  

For McAcfee, find the menu item 'quarantined files'. The executable will be listed there: wah2_8.29_windows_intelx86.exe. Select it and click restore.

See here for more info: https://www.mcafee.com/support/?articleId=TS100843&page=shell&shell=article-view
ID: 70417 · Report as offensive     Reply Quote
Jean-David Beyer

Send message
Joined: 5 Aug 04
Posts: 1120
Credit: 17,202,915
RAC: 2,154
Message 70418 - Posted: 16 Feb 2024, 23:04:18 UTC - in response to Message 70417.  

For McAcfee, find the menu item 'quarantined files'. The executable will be listed there: wah2_8.29_windows_intelx86.exe. Select it and click restore.

See here for more info: https://www.mcafee.com/support/?articleId=TS100843&page=shell&shell=article-view


I do that, but next time Boinc tries to download a task, it bitches, crashes the task, and quarantines it again.
ID: 70418 · Report as offensive     Reply Quote
Jean-David Beyer

Send message
Joined: 5 Aug 04
Posts: 1120
Credit: 17,202,915
RAC: 2,154
Message 70419 - Posted: 17 Feb 2024, 5:12:46 UTC - in response to Message 70417.  
Last modified: 17 Feb 2024, 5:15:02 UTC

For McAcfee, find the menu item 'quarantined files'. The executable will be listed there: wah2_8.29_windows_intelx86.exe. Select it and click restore.


Could it be that each time Boinc client downloads these tasks, it downloads a new copy of wah2_8.29_windows_intelx86.exe at the same time? In that case, McAfee will re-enable scanning of the file (new time: possibly new program) and failing it again. In that case the only way is to turn off my machine's virus protection and I do not really dare do that.
BTW: BOINC version 7.24.1 for this machine.
ID: 70419 · Report as offensive     Reply Quote
ProfileDave Jackson
Volunteer moderator

Send message
Joined: 15 May 09
Posts: 4540
Credit: 19,039,635
RAC: 18,944
Message 70420 - Posted: 17 Feb 2024, 6:24:29 UTC

Could it be that each time Boinc client downloads these tasks, it downloads a new copy of wah2_8.29_windows_intelx86.exe at the same time? In that case, McAfee will re-enable scanning of the file (new time: possibly new program) and failing it again. In that case the only way is to turn off my machine's virus protection and I do not really dare do that.


A long time ago, before I defenestrated, I had a similar problem with the slab model I think but it could have been one of the others available at the time. My solution was to start downloading, then suspend computing so the offending file could be dragged b ack out of quarantine before processing starts. As there aren't any exe files to be downloaded for subsequent tasks you should only need to do this once. If you have a very fast connection you may need to limit the download speed to give yourself time to do this.
ID: 70420 · Report as offensive     Reply Quote
1 · 2 · 3 · Next

Message boards : Number crunching : couldn't start app: CreateProcess() failed. Check your antivirus.

©2024 cpdn.org