search

posit-dev / positron

Positron, a next-generation data science IDE
https://positron.posit.co
Other
2.82k stars 90 forks source link

Antivirus false positive detection for Positron (Bitdefender) due to unsigned process / file #5350

Open rempsyc opened 1 week ago

rempsyc commented 1 week ago

System details:

Positron and OS details:

Positron Version: 2024.11.0 (user setup) build 140 Code - OSS Version: 1.93.0 Commit: e0d844b031f95acbf89f234a2cce2af9b6721f6c Date: 2024-10-31T14:22:13.808Z Electron: 30.4.0 Chromium: 124.0.6367.243 Node.js: 20.15.1 V8: 12.4.254.20-electron.0 OS: Windows_NT x64 10.0.26100

Interpreter details:

R 4.4.1

Describe the issue:

Bitdefender fasely detected Positron as a critical threat / attack and quarantined 71 associated files.

Steps to reproduce the issue:

  1. This is a new installation from today and I tweaked a couple things like adding extensions and changing keyboard shortcuts.
  2. I used the ctrl+shift+b shortcut (Rstudio) to install the current package (datawizard).
  3. Installation started then was interrupted by Bitdefender.
  4. This doesn't happen in RStudio.

Expected or desired behavior:

No false flag by antivirus.

Were there any error messages in the UI, Output panel, or Developer Tools console?

Positron was terminated by Bitdefender. Log file attached. vscode-app-1731510659006.log

Supporting screenshots

Image

Image

Image

Image

Image

juliasilge commented 1 week ago

Does your antivirus software have any other info about why Positron was identified as malicious? That would be really helpful. We do know that as a new application there will be some of this cropping up as the security vendors have not seen Positron before.

rempsyc commented 1 week ago

The screenshot suggests it is because of an unsigned process / file. Do you mean more info than that?

rempsyc commented 1 week ago

Strangely, there exists logs for when I manually ran a scan, but not for the Positron defense incident... I don't know how to extract more information. There doesn't seem to be a way to easily export logs of the event or anything like that :/ I just get something like this:

Image

And this

Image

There exists an area that lists all the files that were problematic, but it's unfortunately not possible to export or copy-paste, so I can only do screenshots (let me know if you want the whole long list)

Image

juliasilge commented 1 week ago

Without logs, it is quite difficult for us to know what might be happening unfortunately. 😔

I will share that we believe we are signing/packaging Positron in an appropriate way and suspect the problem is that it is new. Products like this do typically have the ability to add certain applications to an allowlist, so one option would be for you to go to your IT folks and ask them to add Positron to that (assuming you don't manage this antivirus software yourself).

rempsyc commented 1 week ago

Ok so I reported the false positive to Positron. Additionally, the agent's commented:

Unfortunately, I do not know where you can find those logs, But I can ask my senior colleagues to look into this and then they will reach back to you via email with more information about that.

Fingers crossed!