Open jthvedt opened 5 years ago
Hm. What do you expect I can fix here? The problem is only in Carbon Black. As their user I believe you may ask them how to run the application which is trusted by thousands of users. BTW, dozens of antiviruses don't block ConEmu. It's used by developers all over the world.
I see from your comment on issue #1214 that ConEmu is in fact injecting code. I can understand why this is seen as suspicious by Carbon Black. I was hoping that since an earlier version of ConEmu doesn't exhibit the same behavior that there might be a fix.
And yes, I am trying to get help from Carbon Black, but haven't heard anything yet. The weird thing is that whitelisting ConEmu doesn't do anything -- it still gets blocked.
Nope. SetWindowsHookExW is not used for injecting code. This function is called only when you run some ChildGui application. Don't you try to run mintty in ConEmu as startup task? Don't do that.
The application "C:\program files\conemu\conemu64.exe" attempted to inject code into the process "C:\Program Files\ConEmu\ConEmu64.exe" by calling the function "SetWindowsHookExW"
Isn't that a precise text? Don't you think it's crazy? ;) CB does not allow ConEmu to inject code into the ConEmu?? It looks like a bug in CB or extra paranoia. The only thing I noted, paths differs in letter cases. May be that matters.
@jthvedt, were you able to get Carbon Black to allow ConEmu to run? I am encountering the same or similar issue with the a recent release of ConEmu (210912) and Carbon Black Cloud.
I would recommend asking for help Carbon's authors. As you are the user of their program which blocks some legitimate operation. False alarms are often fixed fast by AV software authors.
Anyway, I would not recommend running ChildGui applications in ConEmu if your AV blocks that feature. Just use proper Console Applications instead and the function SetWindowsHookExW
will not be called.
Versions
ConEmu build: 190623, 190331, 180626 x64 OS version: Windows 10 x64, version 1903 build 18362.175 Used shell version (Far Manager, git-bash, cmd, powershell, cygwin, whatever): n/a
Problem description
At launch, ConEmu gets blocked, and the following event shows up in the application log:
The application "C:\program files\conemu\conemu64.exe" attempted to inject code into the process "C:\Program Files\ConEmu\ConEmu64.exe" by calling the function "SetWindowsHookExW". The operation was blocked and the application terminated by Confer.
The same thing happens for ConEmu builds 190623, 190331, and 180626. Build 161206 does not have the same problem.
Steps to reproduce
Actual results
ConEmu does not run.
Expected results
Terminal joy.