Web lists-archives.com

Windows: mintty.exe classified as exploit by AV software




Hi everyone,

a few days ago I installed version 2.16.1.2, downloaded from https://git-scm.com/download/win on my Windows 7 system. The OS is Windows 7 Enterprise 64bit, Build 7601/SP1, in case it matters. This is a first time install, not an upgrade.

Our current virus protection software is Cylance, from https://www.cylance.com/en_us/home.html

During install, several executions of 
C:\Program Files\Git\usr\bin\bash.exe
were blocked, the violation being given as "Stack Pivot". Our admins then temporarily lifted some rules for my device so that I could properly install it.

But now, when I start ...
"C:\Program Files\Git\git-bash.exe" --cd-to-home
... Cylance classifies it as an Exploit, and blocks execution with the following messages:
Category: Exploit
Event: Blocked
Details: Violation: StackProtect; Application: C:\Program Files\Git\usr\bin\mintty.exe
(Screenshot available if needed)

If I start ...
C:\Program Files\Git\usr\bin\mintty.exe
directly, and choose the 64 bit version from the dialog, it is allowes to start without getting blocked.

My current problem is that the security guys don't want to see this software installed on my machine because of this.
And as Cylance is not a pattern-based AV, it's not something that will go away by waiting for the next daily update ...

Any ideas about this?

Thanks

Michael