search

box / boxcli

A command line interface for interacting with the Box API.
https://developer.box.com
Apache License 2.0
222 stars 59 forks source link

The Box CLI installer is being blocked by security software due to malicious behavior #495

Closed straffin closed 1 year ago

straffin commented 1 year ago

I have checked that the SDK documentation doesn't solve my issue.

I have checked that the API documentation doesn't solve my issue.

I have checked that the Box Developer Forums doesn't solve my issue.

I have searched Issues in this repo and my issue isn't already reported.

Describe the bug

The Box CLI installer "box-v3.11.0-x64.exe" issues the following command which is (properly) reported by security software as malicious behavior: "C:\WINDOWS\system32\cmd.exe" /C powershell -ExecutionPolicy Bypass -Command "& {Add-MpPreference -ExclusionPath "C:\Users\jlb259_sa\AppData\Local\@box/cli"}" -FFFeatureOff

Expected behavior

Expected the installer to install the Box CLI software without attempting to modify the security configuration of the target computer.

Steps to reproduce

Steps to reproduce is run the installer on a computer with security software installed (in this case, CrowdStrike Falcon for Windows v6.58.17212). This is not an issue with the security software. The command being attempted by the installer is legitimately flagged as malicious. Any modifying of security software should be performed by an administrator of the computer, not by a software installer. Any modifying of security software, whether recommended or required, should be performed by an administrator of the computer, not by a non-security-related application installer.

Authentication method used in your application

User Authentication (OAuth 2.0)

App Access Level

App + Enterprise Access

What is Box CLI Version and Node used?

v3.11.0

What is your Operating System Version?

Windows Server 2022 Datacenter 10.0.20348.1906

straffin commented 1 year ago

I filed this based on a report to our IT Security Office by a Box Admin. In installing the software myself, I see that there is an option to disable this feature. You may want to seriously reconsider this being an option at all.

straffin commented 1 year ago

At the very least, if you want to keep the option, it should be deselected by default, with a shorter option title and a full description added to the option. I'd be surprised if any user understands what this option is doing given the installer UI...

image
antusus commented 1 year ago

Hello @straffin,

I've created internal bug to track this (SDK-3322). We will look into changing this behaviour.

congminh1254 commented 1 year ago

Hi @straffin 

As we are using @oclif to create the build and that's option is enabled by default, there are also many people complaining about that here: oclif/oclif#1173 but there are no fixes yet.

So we just adjust the usage from our side and override that option to mark it unchecked by default.

You can try the latest release to see if it's working now.

Regards, Minh