Skip to content
This repository has been archived by the owner on May 18, 2024. It is now read-only.

[Bug]: Antivirus Trigger - Crowdstrike Falcon #1755

Closed
4 tasks done
GregFurnival opened this issue Aug 1, 2023 · 2 comments
Closed
4 tasks done

[Bug]: Antivirus Trigger - Crowdstrike Falcon #1755

GregFurnival opened this issue Aug 1, 2023 · 2 comments
Labels
bug Something isn't working needs-triage Awaiting triage. stale Issues that are no longer active.

Comments

@GregFurnival
Copy link

GregFurnival commented Aug 1, 2023
edited
Loading

Preflight Checklist

Cider Version

2.1

What operating system are you using?

Windows

Operating System Version

Windows 11 22H2 (OS Build 22621.1992)

Where did you download Cider from?

Microsoft Store

Describe the Bug

Tripped Crowdstrike Antivirus after installing Cider (Preview) from Windows Store.

Detect time: Aug. 1, 2023 07:07:56

Host Type: Workstation

Action Taken: File quarantined

Severity: Medium

Objective: Falcon Detection Method

Tactic & technique: Machine Learning via Sensor-based ML

Technique ID: CST0007

IOA Name: Machine Learning Identified Medium Confidence Malicious File

IOA Description: A file written to the file system meets the on-sensor machine learning medium confidence threshold for malicious files. Detection is based on a high degree of entropy, packing, anti-malware evasion, or other similarity to known malware.

Triggering Indicator: Associated IOC (SHA256 on file write)
7c1cdf41c9dae182dfdea050a4b3b2841b14cdb614746d1306062574973da8fd

Global prevalence: Common
Local prevalence: Unique

IOC Management Action: None

Associated File: \Device\HarddiskVolume5\Program Files\WindowsApps\27554FireDevElijahKlauman.CiderEA_2.1.0.0_x64__270bejk4xgzqp\VFS\ProgramFilesX64\Cider\airtunes2.exe

Local Process ID: 17436

Command Line: C:\WINDOWS\system32\svchost.exe -k wsappx -p -s AppXSvc

File path: \Device\HarddiskVolume5\Windows\System32\svchost.exe

Executable SHA256: 949bfb5b4c7d58d92f3f9c5f8ec7ca4ceaffd10ec5f0020f0a987c472d61c54b

Steps to Reproduce

Installed Cider (Preview) from windows store and attempted to start it. Antivirus quarantined it.

Windows 11 22H2 (OS Build 22621.1992)

Anything else?

https://www.virustotal.com/gui/file/7c1cdf41c9dae182dfdea050a4b3b2841b14cdb614746d1306062574973da8fd/detection
@GregFurnival GregFurnival added bug Something isn't working needs-triage Awaiting triage. labels Aug 1, 2023
@github-actions
Copy link

github-actions bot commented Aug 1, 2023

Support for Cider 1.0 is in a reduced state. Do not expect replies or acknowledgement for issues that do not break full functionality of the app (Media playback, plugin functionality etc.).

If you are interested in joining the Cider 2 open alpha, you can join our Discord here.

@github-project-automation github-project-automation bot moved this to Backlog 📖 in Cider - Bug Reports Aug 1, 2023
@github-actions
Copy link

github-actions bot commented Sep 4, 2023

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 7 days.

@github-actions github-actions bot added the stale Issues that are no longer active. label Sep 4, 2023
@github-project-automation github-project-automation bot moved this from Backlog 📖 to Completed / Merged into Main 🚀 in Cider - Bug Reports Sep 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug Something isn't working needs-triage Awaiting triage. stale Issues that are no longer active.
Projects
Cider - Bug Reports
Status: Completed 🚀
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GregFurnival