| Index | Recent Threads | Unanswered Threads | Who's Active | Guidelines | Search |
 |
World Community Grid Forums
Category: Support
Forum: BOINC Agent Support
Thread: BOINC being flagged for Ransomware? |
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 8
|
|
| Author |
|
|
Karl_in_Chicago
Cruncher Joined: Dec 4, 2014 Post Count: 1 Status: Offline Project Badges: 
|
Hi, been running for a number of years now. Today my security s/w, BitDefender Total Security, flashed up a warning message that Ransomware activity had been detected and remediated. When I went into the BitDefender app to get more info it was pointing to BOINC (details cut and pasted below). I'm thinking it's most likely a false positive but wanted to bring it up here for any possible guidance. I'll be following up with BitDefender to have them explain/verify this as well. Listing the 2 events that have been flagged, and only quite recently.
Ransomware behavior remediated 4 minutes ago Feature: Ransomware remediation The process C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_hst1_gromacs_7.26_windows_x86_64 manifests ransomware behavior and was blocked. Several files were encrypted but we successfully restored all of them. You can find the restored files list below. (Clicking on the restored file list shows:) C:\ProgramData\BOINC\slots\1\wcg_checkpoint.dat Ransomware behavior remediated 25 minutes ago Feature: Ransomware remediation The process C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_hst1_gromacs_7.26_windows_x86_64 manifests ransomware behavior and was blocked. Several files were encrypted but we successfully restored all of them. You can find the restored files list below. (Clicking on the restored file list shows:) C:\ProgramData\BOINC\slots\1\wcg_checkpoint.dat |
||
|
|
knreed
Former World Community Grid Tech Joined: Nov 8, 2004 Post Count: 4504 Status: Offline Project Badges: 
|
Thank you for submitting this to BitDefender. Due to the nature of the software downloading executables and running them, security software has a tendency to be aggressive about assuming the worst until it knows better. You are doing exactly what we need the most by submitting a report to them saying that our software is ok. They will generally run a more intensive review on it and if they find no issues with it, then they will whitelist it. This makes it behave correctly for all users of their software.
Thanks for taking that extra step and submitting the report to them. |
||
|
|
KLiK
Master Cruncher Croatia Joined: Nov 13, 2006 Post Count: 3108 Status: Offline Project Badges: 
|
Ransomware?!
----------------------------------------   |
|||
|
||||
|
twilyth
Master Cruncher US Joined: Mar 30, 2007 Post Count: 2130 Status: Offline Project Badges: 
|
There's always the possibility that whatever computer is used to compile one of the executables could be infected. I'm sure every means possible is used to prevent this but companies like IBM are juicy targets. Research labs less so but then they don't have the same level of security either.
----------------------------------------  |
||
|
|
littlepeaks
Veteran Cruncher USA Joined: Apr 28, 2007 Post Count: 748 Status: Offline Project Badges:
|
I am using Acronis 2019 to backup my PC and my laptop. Acronis 2019 has ransomware protection built in -- uses AI to detect it. I came home today, and it had stopped boinc.exe -- thought it was ransomware. So, I told Acronis to white-list boinc, and I'm good to go. I just thought that was kind of strange, since I haven't had any notifications from Acronis in 5 months. (I also have Norton Security Suite running on this PC).
|
||
|
|
retsof
Former Community Advisor USA Joined: Jul 31, 2005 Post Count: 6824 Status: Offline Project Badges: 
|
So far mine isn't ransomware, but my AVG antivirus wanted to block boinc.scr because it was infected with IDP.Generic.
----------------------------------------I told it to create an exception, and it has been stuck for five minutes so far doing that. p.s. ... it is still trying to create an exception, after struggling overnight with it. At some point next week I am going out of town and will shut the computer down. Normal BOINC is still executing.
SUPPORT ADVISOR
----------------------------------------Work+GPU i7 8700 12threads School i7 4770 8threads Default+GPU Ryzen 7 3700X 16threads Ryzen 7 3800X 16 threads Ryzen 9 3900X 24threads Home i7 3540M 4threads50% [Edit 2 times, last edit by retsof at Sep 13, 2019 12:29:29 PM] |
||
|
|
Rick OKeefe at CFI Tampa Bay
Cruncher Joined: May 8, 2013 Post Count: 1 Status: Offline Project Badges: 
|
02/14/2020
Ransomware Remediation by Bitdefender Total Security 2020 build 24.0.14.86 1/20/2020 Windows 10 build 19564.rs_prerelease.200207-1438 The process C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_arp1_wrf_7.27_windows_x86_64 manifests ransomware behavior and was blocked. Several files were encrypted by it and couldn't be automatically restored. You can find the files to be restored below. This was remediated numerous time overnight, but some effrorts couldn't save the bad file in its designated folder. Submitted to Bitdefender. |
||
|
|
hchc
Veteran Cruncher USA Joined: Aug 15, 2006 Post Count: 865 Status: Offline Project Badges: 
|
I'd whitelist the BOINC data directory from all AV products, personally.
----------------------------------------
|
||
|
|
|