ALOps App Publish blocked by Anti-Virus

[joningi98]

Describe the bug Hi, a customer of ours recently updated some security measures on their servers and as a result, their antivirus blocked our release pipeline. The task that's being blocked is "ALOps App Publish", I added the "alops_disable_amsi = true" variable but it didn't seem to have any effect. In the release pipeline, we have one task which is the ALOps App Publish.

the used yaml

steps:
- task: Hodor.hodor-alops.alopspublishtask.ALOpsAppPublish@1
  displayName: 'ALOps App Publish'
  inputs:
    nav_serverinstance: Upgrade

the output

2022-11-15T11:11:21.8820032Z ##[section]Starting: ALOps App Publish
2022-11-15T11:11:21.8946403Z ==============================================================================
2022-11-15T11:11:21.8946639Z Task         : ALOps App Publish
2022-11-15T11:11:21.8946799Z Description  : Publish AL Extension to Business Central
2022-11-15T11:11:21.8946952Z Version      : 1.453.3283
2022-11-15T11:11:21.8947078Z Author       : Hodor
2022-11-15T11:11:21.8948011Z Help         : Publish Business Central extension to service tier.
2022-11-15T11:11:21.8948232Z ==============================================================================
2022-11-15T11:11:23.6592698Z *** Configure AMSI for session: disable (in memory)
2022-11-15T11:11:24.6123554Z ##[error]At C:\azagent\A1\_work\_tasks\ALOpsAppPublish_c004e2d2-e842-40f0-9ed4-89fb9bdd2e33\1.453.3283\a9c539cb-f172-4bba-a45e-d7f4efbec703.ps1:1 char:1
+ Invoke-Expression -Command ([System.Text.Encoding]::UTF8.GetString([S ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**This script contains malicious content and has been blocked by your antivirus software.**
2022-11-15T11:11:24.6404060Z ##[section]Finishing: ALOps App Publish

We only have one stage and one task in this release pipeline.

Adding this variable seemed to have no effect.

[waldo1001]

It only has effect to some situations, not all. Virusscanners that block our execution - that's the problem of the virusscanner, i'm afraid. No way for us to mitigate that.

2 options:

• set up an exclusion for the build-agent-folder
• use alops.externaldeployer: more info: https://www.waldo.be/2020/06/15/deploying-from-devops-the-right-way-enabling-external-deployment-in-onprem-business-central-environments/

[joningi98]

Thank you for the quick reply. We will use the external deployer to fix this problem.