Closed Femtometer closed 10 months ago
chrisant996
commented
10 months ago "An antivirus tool may be blocking Clink. Consider adding an exception for Clink in the antivirus tool(s) in use."
There's nothing Clink itself can do about it. Refer to the pinned issue #369.
Femtometer
commented
10 months ago Find a reproducing method. @chrisant996
chrisant996
commented
10 months ago Find a reproducing method.
Since I cannot read the language in the context menu, I cannot follow the steps to try to reproduce the issue.
Can you please translate the text into English, for the context menu command that encounters the problem?
But, it is almost certainly caused by anti virus interference. Especially since sometimes there is no problem. There is nothing Clink can do about anti virus interference.
Femtometer
commented
10 months ago I open a terminal window on right-click menu "Open in Terminal"
chrisant996
commented
10 months ago Thanks for translating.
This isn't a Clink problem, and it isn't a Windows Terminal problem.
Something is actively interfering and blocking Clink. The usual cause is anti-virus software. But on work computers sometimes other protection software or monitoring software can also interfere.
There's nothing Clink can do about the other software that's blocking it from running.
Femtometer
commented
10 months ago I did add clink_x86.exe and clink_x64.exe on Antivirus software white list. Nothing more I can do too.
chrisant996
commented
10 months ago I did add clink_x86.exe and clink_x64.exe on Antivirus software white list. Nothing more I can do too.
Here are more things that can be done when troubleshooting antivirus interference. These are general techniques; they aren't related to Clink, and can be used whenever antivirus interference is suspected.
clink*.exe files are not the only executables involved. cmd.exe is involved as well. But I wouldn't recommend adding an exception for cmd.exe, except maybe as a short-term temporary workaround, or as a troubleshooting step to help identify whether antivirus is blocking (and which antivirus software is blocking it).
laurinkeithdavis
commented
10 months ago I'm having this same issue, but only with Windows Terminal, but it works fine in CMD - AV is locked down (we also can't do anything about the AV issue if that is the case, but strange it only affects Windows Terminal).
chrisant996
commented
10 months ago strange it only affects Windows Terminal
@laurinkeithdavis Is Windows Terminal the only terminal program you use? Could it also happen with other terminal programs sometimes?
Launching in Windows Terminal involves an additional process and additional cross-process communication. Maybe to the anti virus system the increased amounts of processes and communication are looking similar to malicious patterns.
More things to try in addition to what I mentioned earlier:
laurinkeithdavis
commented
10 months ago I used CMD and Terminal (CMD in Terminal) and PowerShell (in and out of Terminal) only. If you are sure it's AV, no need for me to spend time on it, as I work for a large corp and they will probably just tell me I can't use Clink at all if I raise the issue. :)
chrisant996
commented
10 months ago I used CMD and Terminal (CMD in Terminal) and PowerShell (in and out of Terminal) only. If you are sure it's AV, no need for me to spend time on it, as I work for a large corp and they will probably just tell me I can't use Clink at all if I raise the issue. :)
One can never be sure in advance of actual investigation.
I cannot reproduce the issue.
What AV system(s) are being used?
I would encourage to check the AV logs. The AV software may have multiple kinds of features with different logs, too, so it might not be as simple as checking one place.
Also, if you check the AV support materials, there might be info on how to tell for sure with that specific AV system. Once you confirm it's AV, then definitely it's worth reporting the false positive. Or, just start by reporting a suspected false positive and ask them how to tell for sure.
All AV companies I've interacted with are responsive to reports about false positives. You don't have to just live with the problem.
Or if it can be determined for sure that it's not related to AV, then that would be both surprising and interesting. And in that case there would be some way to reproduce the issue and investigate it. But so far, the issue is not reproducible, except on a few machines. It could be interesting to compare AV brands and detection signature versions.
laurinkeithdavis
commented
10 months ago One can never be sure in advance of actual investigation.
I agree, but you sounded pretty certain, and time is too great a commodity to spend diagnosing this problem on a slim chance it can be fixed. These machines are so cluttered with enterprise management crap, it's hard to tell for certain, but it appears they are only using Microsoft Defender (definitely none of the other highly known ones, and I've used or worked on machines that have had all the other common, and some uncommon ones). My dev tool, PhpStorm, complains all the time about wanting an exception added to Defender for performance reasons, but alas, can't be done.
chrisant996
commented
10 months ago One can never be sure in advance of actual investigation.
I agree, but you sounded pretty certain, and time is too great a commodity to spend diagnosing this problem on a slim chance it can be fixed. These machines are so cluttered with enterprise management crap...
There is one more thing we can try. It will take maybe 5 minutes including the time to upload files:
clink.logo setting is either full or short (e.g. run clink set clink.logo short). Hooking is the second to last step of initialization and the log shows hooking was completed. The last step is printing the logo, so knowing whether the logo is printed is informative.What I expect to find is that cmd.exe finished initialization and returned true already, but the clink inject command never received the result. That can only happen due to interference.
But, if the dumps show an unexpected state (maybe a hang somewhere), then there might be something else going on, and there might be a way to fix it or work around it.
ALSO:
Another thing you could try is using clink inject --detours to use a different hooking technology called "Detours" instead of the usual "IAT Hooking". E.g. if Clink is installed for autorun, then you could use clink autorun install -- --detours (the extra -- is necessary) to change it to include the detours flag when autorunning.
See https://github.com/chrisant996/clink/issues/159#issuecomment-926434313 for history + more info (and the rest of the comments in that issue). The Detours hooking method can sometimes avoid some kinds of antivirus interference. But it is more fragile than the normal IAT hooking, and is more susceptible to interference from other programs that also hook APIs, such as ANSICON.
P.S. You aren't using ANSICON, are you? If so, stop using it. It adds no value in Win10 or higher, and it causes many problems (big performance loss, breaks some escape sequences that Win10+ natively support, incompatibilities with various other software including Clink, etc).
laurinkeithdavis
commented
10 months ago Ok, very odd. I tried it again yesterday, and it hung, again. Then I clicked + (new tab) and mine defaults to CMD, and that loaded clink just fine! So, I closed Terminal, and launched it again....and it's worked fine ever since. :)
Also, no, I don't use ANSICON.
z760284582
commented
6 days ago I encountered the same problem, but cmd and powershell are good, and there will be problems starting tabby.
Initializing Clink is taking a long time...........................
Initializing Clink timed out. An antivirus tool may be blocking Clink. Consider adding an exception for Clink in the antivirus tool(s) in use.
Unable to inject Clink.
See log file for det ails (C:..\clink\clink.log). Clink v1.4.6.8b1dec Copyright (c) 2012-2018 Martin Ridgers Portions Copyright (c) 2020-2022 Christopher Antos https://github.com/chrisant996/clink clink.log
chrisant996
commented
6 days ago I encountered the same problem, but cmd and powershell are good, and there will be problems starting tabby.
An antivirus tool is almost certainly blocking Clink. Consider adding an exception for Clink in the antivirus tool(s) in use.
The only way Clink can work is by injecting a thread into a different process. That can be legitimate (like in Clink's case), but it's also a technique hackers use in malware. And so antivirus software sometimes gets confused and blocks Clink.
There is nothing I can do. Nothing. (If I could do something, so could hackers, so it's good and important that there's nothing I can do about it.)
You need to look into the logs from your antivirus software(s), and find which one is blocking Clink, and report it to them -- not to me. There's nothing I can do. Only the antivirus software can do anything about it.
z760284582
commented
6 days ago An antivirus tool is almost certainly blocking Clink. Consider adding an exception for Clink in the antivirus tool(s) in use.
I have turned off the windows security center, but the problem still occurs.
chrisant996
commented
6 days ago The problem is external to Clink. The most that Clink can do is alert that something external is interfering. Beyond that, you'll have to troubleshoot the problem on your machine.
Many times, other users have stated they had no anti virus tools other than Windows Defender, but later discovered that actually they did have other protection tools installed. Or they didn't realize they hadn't turned off all of them.
I'm sorry, but there's nothing I or Clink can do to troubleshoot what's happening your on computer. 😞
clink.log contents: