32 Replies
absent-sapphire•2mo ago
passive-yellow•3w ago
I got the same today
This is fixed in the latest beta, see #🚀・releases
fascinating-indigo•3w ago
Installed latest beta and Windows Defender is still showing vulnerability.
@Amadeo
How in the world
Can you please see if you have "LibreHardwareMonitor.dll" in the same path as the .sys file mentioned by defender?
LHM is not included starting with 2.2.0-beta1 and the installer explicitly removes those 2 files if they exist
There should be no way it's still there and used by HASS.Agent/Satellite
+ could you please check version of satellite service? (Open the Satellite config UI and it's on the first page)
I did tests on 2 vms and they were in fact removed...
Hmm, maybe dangling old version?
correct-apricot•3w ago
When I did the upgrade, LibreHardwareMomitor.dll didn't get removed automatically. I had to go and remove it myself.
What's interesting is that to start the upgrade, I had to start HassAgent, which created the .sys file. This would have resulted in a detection for me when this issue first occurred but during the upgrade, no notification popped up. (I didn't add any exceptions in Defender.)
to start the upgrade you had to start HASS.Agent? the installer should complain that you need to close it before installation
@angelo_aaa & @Gvolten would you be so kind please to screenshot me the basic details of HASS.Agent.Satellite.Service.exe?
something like this from explorer:https://b.chihi.ro/60QBin.png
correct-apricot•3w ago
If you need help with the Czech translation, let me know.
correct-apricot•3w ago
Yes but I first used the program to switch the installation channel and initiate the upgrade. I didn't download the installer externally.
Btw I am running on 2.2.0-beta2 according to the app
kurwa language is compatible with chech 😄
BUT
thank you very much for the screenshot as it tells me what the fault might be
it says 02.03.2024 - I'll confirm it 100% but that looks like 2.1.1 timestamp
which would mean the satellite upgrade went wrong somehow and wasn't fully upgraded
correct-apricot•3w ago
And it says 2.1.0 in the properties
i.e that would explain why Windows Defender is still (rightfully) complaining
ffs I'll just add logic that installer stright of kills satellite before upgrade - this is not the first time that this kind of issue created other problems (issue of files not being updated because satellite service is still running or something)
tank you for swift response ❤️
correct-apricot•3w ago
No, thank you for working this out for us 😄
Just to be absolutely clear, Defender was detecting the .sys file as Trojan:Win32/Vigorf.A instead of VulnerableDriver:WinNT/Winring0.G. Now after the update (even though it may not have gone through completely), no detections are present.
fascinating-indigo•3w ago
Sorry about the delay in responding. The only place the LibreHardwareMonitor.dll exists is the $RPG6A6I.zip file in my recycle bin. I am running 2.2.0-beta2. I can't see the Satellite version because of Windows Defender quarantining files. Here are the quarantine items.
fascinating-indigo•3w ago
fascinating-indigo•3w ago
I tried to reinstall 2.2.0-beta2. I checked the box to migrate settings. As soon as the Satellite Service was being installed, Widows Defender said that I was installing a virus.
please tell Windows Defender to remove them (the .sys files) and then see if the Satellite Service is running
migrate settings from the original hass.agent by LAB02 Research?
note: from my testing, even when installing "clean" version of HASS.Agent without LHM, during the installation Windows Defender scans with what folder the installer is interacting with, finds .sys files of previous HASS.Agent version and complains about it
this is confirmed by running the installer again after all LHM files have been removed by previous install
Defender will not complain again (I just tested it on one of the VMs)
mind you, if you'll do any tests, please use beta3 (some changes to the satellite installer to "double check" if the files are removed during first install) https://github.com/hass-agent/HASS.Agent/releases/tag/2.2.0-beta3
GitHub
Release 2.2.0-beta3 · hass-agent/HASS.Agent
BREAKING CHANGES STARTING WITH 2.2.0-beta1
As with all beta versions, please remember to backup your configuration.
Automatic configuration backup is coming, at least I'm working on it :)
Break...
correct-apricot•3w ago
The upgrade seems to have worked now
correct-apricot•3w ago
What is still strange to me is that during the upgrade to beta-1, Defender did not report any malware.
Though Defender is working. I also have the official LibreHardwareMonitor installed and that still detects. But it changed the malware type to VulnerableDriver:WinNT/Winring0.G
the .sys files are created on the fly by the LibrehardwareMonitor.dll from what I understood (the .sys files were never "installed by the installer")
I can only speculate that the service&agent were stopped so the .sys files were not there (they are removed by the exiting process) or Defender just didnt catch that - I did so much testing with this that it's starting to be a blur xd
correct-apricot•3w ago
Yes, the .sys file only gets created when you run the service, that is the same with the original LibreHardwareMonitor. And yes, it is possible that I have disabled the satelite service after the first detection but it should have still detected the .sys file in the Client.
Well. Whatever. It has worked for me without any detections since.
But on a little different topic, I have to say that having the option to migrate from LAB02 Workstation Service in the installer could be confusing for new users. Maybe the installer could detect if the Workstation Service had been installed and only show the prompt once in that case. After a migration has been done, store a flag somewhere in the appdata and never even prompt for it again.
hmm
the detection might be a bit tricky
still doable but tricky
but storing the fact that user already migrated configuration and then skiping it could be a nice and quick win
fascinating-indigo•3w ago
I was running version 2.1.1
got ya (☞゚ヮ゚)☞
https://b.chihi.ro/ulmIA6.png
fascinating-indigo•3w ago
I pulled down beta3 version, installed, and this time did not ask to migrate settings. No Windows Defender issues and everything is working correctly. Big thank you!!
unwilling-turquoise•6d ago
So, I got the same today, installing from Latest, not Beta. Should I go for reinstalling from Beta3 version as above, or manually remove the dll mentioned as the culprit, or, allow the "trojan" that Defender detects? 🤯
Either way works
If defender put it's m$ hands on it the installer might not be able to remove it since file will be locked
unwilling-turquoise•6d ago
Ahh, thanks! Sounds to me like beta is the best way to go then. I'll try that I think. Any recommendations whether to go for beta3 or 4?
I went with beta3, as that was listed under "additional releases" and 4 was not (yet) 🙂
Thank you all above for figuring this out!