Closed foxxcomm closed 2 years ago
foxxcomm
commented
2 years ago Also suggest ditching the .JS scripts which have to be run via CSCRIPT/WSCRIPT as these are likely sending the risk score significantly higher....
Suggest using standard Windows commands (NETSH) or standard PowerShell commands to control the service and firewall rules...
Joe
Kaelber
commented
2 years ago The problem does not only exist with business customers, but on all Windows computers. The user has the chance to click through the messages of a virus software or to deactivate the virus software beforehand. So far, I have done the latter. Solving this would be good in the long run.
For business customers, however, it is not always possible to initiate a deactivation, because such functions are usually blocked. For the same reason, it may not be possible to stop such a software service. The guidelines are quite regimented there. Nevertheless, if you have somehow overcome the virus software, further installation is not possible, depending on the regulations.
Unfortunately, Bill seems to have lost the desire. If he continues to develop it, I will continue to use the EXE. Since he does not make himself noticeable in the meantime for weeks neither in the Syncthing forum and concerning the Syncthing EXE also not here, it is not clear whether there are further updates. In this respect it would be nice for his fans to come out, so that everyone knows, sometime it goes on somehow, that would be enough to know is only a thing for waiting.
Bill-Stewart
commented
2 years ago My guess is that the total risk score has gone over some threshold due to NSSM + the new PowerShell module (
Install-SyncthingService.ps1) which does direct API calls into Windows system DLL's. ... Also suggest ditching the .JS scripts which have to be run via CSCRIPT/WSCRIPT as these are likely sending the risk score significantly higher....
I don't see the need to redesign perfectly good working code that is not malware because some security tools are classifying them incorrectly. Inno Setup, NSSM, and the scripts in this package are all open-source. My recommendation, if your security tools are blocking the install, would be to submit the package to the vendor as a false-positive. If they still say it's malware, then I would suggest a better software.
Regarding organizations restricting installation of third-party software: That's something you'd need to address with your organization.
(Incidentally, regarding winsw: This has a dependency on .NET that I don't want to introduce.)
Bill --
The changes made in 1.20.1 are making deployment impossible for business users:
https://github.com/Bill-Stewart/SyncthingWindowsSetup/compare/v1.19.2...main
My guess is that the total risk score has gone over some threshold due to NSSM + the new PowerShell module ([Install-SyncthingService.ps1) which does direct API calls into Windows system DLL's.
Windows Defender, Defender 365, Sophos AV, Sophos XG Firewall are all hard blocking running this on all our new customer workstations.
Suggest ditching the powershell module and NSSM for service functions and use:
https://github.com/winsw/winsw
We have had good luck with this for customer packages.
Joe