frpc.exe detected as virus #1204
Comments
|
Can you try to build it on your machine and see if it's still report virus? |
|
It gets detected as a virus/trojian after any update of Windows Defender and quarantined. This is unbelievably annoying. Antivirus "protection" programs, in my humble opinion, are utter crap, always been useless, resource-wasters and memory hogs. We had three breaches in our systems and the hackers disabled a $4000 "Enterprise" version of kaspersky in three (3) minutes. After that they encrypted all the files and backups and we ended up having to pay a $5000 ransom to get the decryption key. The only purpose of anti-viruses is to slow down a $4000 server to the speed of a smartphone. And to make you pay a ton of money for that. This nonsense in the Microsoft Windows worls has to end, but I doubt it. |
|
I don't think so. Windows Defender can protect your server from some of the virus, not all. https://golang.org/doc/faq#virus
Can you add frp to your anti-virus software's white list ? |
|
Sometimes I do not have access to white lists, because they are centralized in an enterprise environment (Kaspersky) and require special credentials. I partially solved the problem by strongly encrypting the binary with an utility called "Enigma Virtual Box". It makes the executable a little bigger, and loading times a tad slower, but can pass undetected, for some time. After a while (two, three days), the heuristics in the antivirus code block the program again so I have to re-crypt it. It's like a cat-and-mouse game. |
|
I'm about to setup another frp s/c for some of our company's Windows servers. Just downloaded 0.34.2 and 0.33.0, both triggered Trojan warning by Windows Defender. Can't risk to deploy it to the company server... But the older version 0.30.0 on my machine still reports as sane. |
|
@zoeeer Try to build it on your own machine from source code? |
|
Can confirm recent versions of Windows Defender starts detecting it. It happened on around Nov 20. I have a remote system that I need to access via FRP but noticed it's offline and it never reconnected. Using another (yet slower) remote access utility I found that Windows Defender killed and removed it saying it's a Trojan. This has impaired my work and I'm currently in the process of adding the frp folder to the exclusion list (F*CK-U M$)... EDIT: Done restoring frpc and adding it to the exclusion list. What an effort... at least I could resume my work. |
|
@lss4 https://github.com/golang/go/issues?q=is%3Aissue+windows+detect+virus+is%3Aclosed+ |
Should note that Windows Defender did not detect the virus as a heuristic. In my case it mentioned the frpc executable is a Not sure which part of the code caused Windows Defender to detect it as that. Googled that virus signature, and it seems several other stuffs have also been flagged as that before, and there were cases of false positives as well. EDIT: Just noticed the newly created issue #2095. It seems the detection signature varies by person, by frp version, and by antivirus definition update. Guess it's a bit out of control and better advise users to add frp folder to exclusion list (if possible) to avoid further issues. |
|
@lss4 Can you compile frpc on a windows machine and see if it's also reported virus? It was cross compiled on linux before. |
|
Not sure what's needed to build on Windows. I haven't built with Go on Windows before. I've cloned the frp repo, installed go 1.15, and installed GNU Make 4.3 from Chocolatey. I'm building it from Git bash because PowerShell doesn't recognize the Not sure if Makefile is all I need to build, but I'm getting tons of |
|
@fatedier What are the instructions and pre-requisites for compiling from source on Windows? There are no compile instrucions in the README.md file. |
|
@frakman1 On Linux or MacOS. You can build it like other golang projects.
I'm not sure if there are differences on Windows. |
Other golang projects don't use Makefiles. Windows doesn't have
How do you build the official Windows binary in the release if you don't know this? Does someone else build it for you? |
|
@frakman1 Released binaries are cross compiled on Linux. Find more info in You can find Just build it by your way If you are familiar with golang. |
|
Thank you. I never built a go app before. I had to install various components to get it to work on Windows. 1- Go for Windows: I was finally able to build using the unusually named make binary from the mingw compiler from within the Git Bash terminal:
Windows binaries: frp.zip My point is that it's not obvious. Please include build instructions in the README for future reference. |
Just allow the exe via the fire wall settings |
|
Damn... I just deleted |
|
@fatedier After reaching to this error and building it locally as well. I think what we can do is sign the release binary with a publisher for windows exe and that will resolve this issue. |
|
@NupurThakur27 Yes, i will try to do this in future releases. |
|
Yes, you need to sign the exe-files with a valid code sign cert. That certificate can be self signed and bundled with the project, so no need for a "real" certificate in my opinion. |
|
I'm hitting this as well. Any chance of getting signed releases? |
+1 |
|
+1 |
|
Its May 2023 and +1 @fatedier any luck with this ? seems like you have proposed a legit solution #1204 (comment) |
|
@ksingh7 You can download |
|
|
|
@ksingh7 I think I may have misunderstood the meaning of the previous answer. I don't have much knowledge about the publishing mechanism of Windows applications, especially for a command-line tool. |
|
I encountered the same problem after using a virtual work machine in the company, and our virtual machine does not have administrator rights, so it is impossible to set a whitelist. |
|
Just now I noticed Windows Defender has formally classified it as I guess this issue should be pinned and inform users to set exceptions in their security software if possible, though there are indeed cases where users cannot do so, like in the previous comment. It's hard to really control how users use this software considering its double-edged nature. |
This is disgusting. I wonder where this fascist attitude comes from: please "really control" my ass. It's this mentality that makes the internet the sewer it has become, NATs, firewalls everywhere, logging of every PACKET, ICMP broken everywhere. VPN is the only solution left to have a little USABILITY of the net, which has become a GIANT BROADCAST TELEVISION (i.e.: you just have to RECEIVE SPAM/ADS/"CORPORATE CONTROLLED CONTENT"), and there is practically NO TWO WAY communication anymore: you have to UPLOAD your data to a corporate CDN/cloud, facebook/apple/google and that's it. This program is (was) a nice little utility to overcome this pile of shit. |
|
Any news or workarounds on this? |
I doubt this will go anywhere as frpc is now a named threat at least for Windows Defender ( Not sure if frpc/frps has anything that could be used as a signature that helps network admins make sure only the frp instances they know and authorized would be permitted in their network, while keeping other unauthorized ones alerted/blocked. A guide for network admins on this subject would be appreciated. |
|
The only legit "workaround" possible is to use WSL2 (on win10/11) to launch an ultra-minimal linux distro and launch frpc from there. I used Tiny Core. Total image was around 8mb. Qemu maybe even better. Ugly as F. |
|
Some notes about using wsl2:
|
|
The latest version is treated as a trojian/malicious by defender even if compiled into windows from scratch. I'm disgusted. |
I am using frpc as a proxy for RDP (port 3389/TCP) on windows, using stcp. Works beautifully, but Windows Defender, the default anti-virus, wrongly reports the executable frpc.exe as a virus and blocks/removes the file immediately. Kaspersky anti-virus does it too. This is totally annoying and makes the use of the program a pain, if not impossible, in my corporate environment that has to have anti-virus software installed by (terrible and dumb) laws and regulations: in some machines the anti-virus program can't be disabled at all. Is there a way to circumvent this issue ?
The text was updated successfully, but these errors were encountered: