Windows: mintty.exe classified as exploit by AV software
- Date: Wed, 7 Feb 2018 09:18:46 +0000
- From: "Ehrt, Michael" <m.ehrt@xxxxxxxx>
- Subject: Windows: mintty.exe classified as exploit by AV software
a few days ago I installed version 126.96.36.199, downloaded from https://git-scm.com/download/win on my Windows 7 system. The OS is Windows 7 Enterprise 64bit, Build 7601/SP1, in case it matters. This is a first time install, not an upgrade.
Our current virus protection software is Cylance, from https://www.cylance.com/en_us/home.html
During install, several executions of
were blocked, the violation being given as "Stack Pivot". Our admins then temporarily lifted some rules for my device so that I could properly install it.
But now, when I start ...
"C:\Program Files\Git\git-bash.exe" --cd-to-home
... Cylance classifies it as an Exploit, and blocks execution with the following messages:
Details: Violation: StackProtect; Application: C:\Program Files\Git\usr\bin\mintty.exe
(Screenshot available if needed)
If I start ...
directly, and choose the 64 bit version from the dialog, it is allowes to start without getting blocked.
My current problem is that the security guys don't want to see this software installed on my machine because of this.
And as Cylance is not a pattern-based AV, it's not something that will go away by waiting for the next daily update ...
Any ideas about this?