Emsisoft recently started flagging einstein code as suspicious

chris
chris
Joined: 9 Nov 09
Posts: 1
Credit: 967
RAC: 0
Topic 225692

Emsisoft Anti-Malware recently started flagging einstein code as suspicious.   Curious if the code has recently changed and if you could explain what the code is attempting before I release it to run again.  Log records included in the post.

7/14/2021 8:32:52 PM
Behavior Blocker detected suspicious behavior "CodeInjector" of E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe (SHA1: 71495E2067398856AA5317DBFBA1828339B30531)

7/14/2021 8:32:58 PM
A notification message "Suspicious behavior has been found in the following program: E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe" has been shown

7/14/2021 8:33:00 PM
Alert message "E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe Program is attempting to manipulate other processes" has been shown

7/14/2021 7:03:40 AM
Behavior Blocker detected suspicious behavior "CodeInjector" of E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe (SHA1: 71495E2067398856AA5317DBFBA1828339B30531)

7/14/2021 7:03:45 AM
A notification message "Suspicious behavior has been found in the following program: E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe" has been shown

7/14/2021 7:03:47 AM
Alert message "E:\BOINC\projects\einstein.phys.uwm.edu\einstein_O3AS_1.00_windows_x86_64__GW-opencl-nvidia.exe Program is attempting to manipulate other processes" has been shown

Regards, 

Chris

Gary Roberts
Gary Roberts
Moderator
Joined: 9 Feb 05
Posts: 5872
Credit: 117781921952
RAC: 34764065

chris wrote:...   Curious if

chris wrote:
...   Curious if the code has recently changed ...

Yes, a new search app has recently been released by project staff at the AEI in Hannover, Germany.  This app is a continuation of a long running series of apps over the last 16+ years that analyse data from the LIGO observatories, looking for signs of continuous gravitational wave emissions from massive spinning objects like neutron stars and black holes.  Over the years, there have been some false positives from this series of apps.  Those of us who have been volunteering over that period are confident that there is absolutely no malware problem with these apps.  It's entirely up to you whether or not you trust that confidence.

You should take this up with your anti-malware provider if you want further clarification.  I imagine they will eventually change their software to correct the false positive response.

Cheers,
Gary.

Richard Haselgrove
Richard Haselgrove
Joined: 10 Dec 05
Posts: 2143
Credit: 2960959319
RAC: 696885

As Gary said, there has been

As Gary said, there has been a recent code change.

Modern anti-virus programs do an awful lot more than simply scan the files stored on your hard disk. Note that the reports, in this case, state that "Suspicious behavior" has been observed. BOINC science projects - from any project, not just Einstein - have two characteristics which look just like a virus:

1) They use your computer very hard indeed
2) They don't (themselves) have any way of communicating with the user

The anti-virus programs are right to be suspicious, but they will continue to watch the situation, and to gather other reports from around the world. They will also scrutinise the actual code inside the application, to see if it does anything dangerous. In due course, an overall and more complete analysis will emerge: at that point, I would expect that there will be enough information to withdraw the warnings.

If you are still worried, you can submit your copy of the program to a service like VirusTotal, which will check it with a range of anti-virus tools from different manufacturers.

Nita
Nita
Joined: 3 Aug 21
Posts: 3
Credit: 16040100
RAC: 11901

My Avast has alerted me two

My Avast has alerted me two times today about this. I decided to ignore it.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.