2010 Anitvirus Disabled Cygwin Apps Entirely Options

[MKairys]

I installed 2010 AV on Windows Vista and discovered not only bash.exe but every Cygwin app I tried would crash.

I verified 2010 AV as the cause by uninstalling (problem went away) and reinstalling 2009 (problem stayed away).

The usual cause of this is an installation copying an older copy of cygwin1.dll somewhere earlier on the path, e.g. windows/system32. However I could not find such a thing anywhere on my disk (hidden or no).

[Alex Stanciu]

Hello MKairys ,

If you still have BitDefender and Google Desktop installed please follow the steps bellow :

1. Go to Start->Control Panel.
2. Open Add or Remove Programs (Programs and Features on Vista)
3. Look for Google Desktop and verify the version of this application.
4. Remove Google Desktop.
5. Reboot the computer and verify if the issue still occurs.
6. Reply with the outcome and with the version of Google Desktop that you had installed.

Thank you .

[MKairys]

If you still have BitDefender and Google Desktop installed please follow the steps bellow :

Thank you for your reply, Alex, but I have never had Google Desktop installed.

[Andrei Dumitru]

MKairys ,

Go into Expert Mode, then Antivirus then click on BD AVC Settings and disable it. See if the app crashes again. It is possible that cygwin1.dll is injecting itself into processes and Active Virus Control is blocking it.

[MKairys]

Go into Expert Mode, then Antivirus then click on BD AVC Settings and disable it.

Well, that sounded promising, but didn't fix it.

[Andrei Dumitru]

Hello MKairys,

I went on a hunch when i suggested to disable AVC earlier. But we went ahead and tested the Cygwin app and we found out the access violation issue posted here by other users could be the culprit. We installed Cygwin with AVC enabled and sh.exe crashed right away. We installed the correctly and ran the cygwin.bat file from the installation folder which calls bash.exe --login -i . Without AVC enabled the app ran. After enabling AVC, the app crashed. I made a screenshot, where the 0xC0000005 error can be seen. Also there is the cygwin terminal. Can you confirm that this is the error you get? My colleagues are already working on a fix for this error.
As i said, we tested by running cygwin.bat with AVC, crash, then disabled AVC, clicked OK, then ran the .bat again and it started.
Try to disable AVC again, or better disable for a moment the whole Antivirus module. Restart the computer to make sure that nothing from AVC is loaded.

[Andrei Dumitru]

And the screenshot...  error.png ( 184.15K ) Number of downloads: 38

[MKairys]

As of this morning's update (engine version 7.27319) I find that disabling the AVC does fix the problem. Also I confirm that I am seeing the same error as you.

 error.jpg ( 80.04K ) Number of downloads: 18

[dhl]

Hello MKairys,

There is an incompatibility between cygwin and BitDefender AVC (Behavioral Scanner).

I'm going to get a little bit technical here in order to explain in detail what is happening :

Unfortunately, cygwin1.dll has a hardcoded image loading base (0x61000000) wich conflicts with one of the BitDefender AVC plugins injected into processes for monitoring their behaviour. Since, to offer maximum protection, the BitDefender AVC dlls are among the first to be loaded in the address space of any process, and well before cygwin1.dll, the cygwin1.dll cannot load at its desired image base, thus generating crashes. In a general purpose DLL written for Windows, this is not a problem, since such dll can work being loaded at any imagebase. But this is not the case for cygwin, wich insists on loading at the fixed address, and if not, generating crashes.

Now, how to fix :

1. Temporary disable AVC (BitDefender->Antivirus->Advanced Settings, uncheck AVC).
2. Make sure all cygwin applications are closed.
3. Open a cmd line and enter the following :
cd c:\cygwin\bin
copy cygwin1.dll cygwin_orig.dll
copy cygwin1.dll cygwin_tmp.dll
rebase -b 0x35000000 cygwin_tmp.dll
copy cygwin_tmp.dll cygwin1.dll
4. Reenable AVC (BitDefender->Antivirus->Advanced Settings, check AVC)

Try now to run cygwin.

By doing the above, we remapped cygwin1.dll to another imagebase (0x35000000). If it still does not work, please try remapping at various imagebases (such as 0x30000000 or 0x40000000 or 0x25000000 etc) until you find one that works.

Regards,
DHL

[MKairys]

rebase -b 0x35000000 cygwin_tmp.dll

That seems to have worked.

[MKairys]

I am not finished with this problem I see. I have BD AV 2010 on two systems, desktop and laptop, very similar as far as O/S and other software. On the laptop
rebase -b 0x35000000 worked as I said. On the desktop however I have not found a vaule that works; I have tried 0x20000000 - 0x80000000. Should I continue in this manner or what?

[dhl]

Hi,

Yes, please continue in this manner, start from 0x10000000 and go in increments of 0x3000000 (0x10000000, 0x13000000,0x16000000,0x19000000,0x1C000000, 0x1F000000, 0x22000000 etc).

Hope it works

[MKairys]

It doesn't. I went from 0x10000000 by 0x3000000 as you suggested, until I got to 0x90000000 at which point nothing worked at all.

[dhl]

In this case, please add cygwin executables to the Active Virus Control exclusion list. In this way, AVC will not affect by any means the loading base of cygwin dlls.

Thank you,
DHL

[MKairys]

Sigh. There are over 800 .exe files in my cygwin/bin. Of course I don't use them all, but I use at least 50 or so, and I don't know for example which are used in turn by commands I do use.

I suppose I could approach this iteratively and keep adding files as I need them, but it doesn't look pretty. The browse window for the exclusions list doesn't allow multiple selection either. Is there no way I could add a folder to the exclusion list? Or the cygwin1.dll file itself? Or is there perhaps a configuration file I could open in a text editor to add to this list?

Wht about rebasing the BitDefender dll instead of the cygwin one?

[Steven Bixby]

I'm in the same boat, here. I am running Vista x64; I tried rebasing to a few locations but with no luck.

I use Cygwin extensively and I am not comfortable turning off AVC for what ends up being 90% of the time, in order to have Cygwin open.

If I have to give one up, BD will be the one. (IMG:style_emoticons/default/sad.gif)

[MKairys]

If I have to give one up, BD will be the one. (IMG:style_emoticons/default/sad.gif)

Likewise.

[MKairys]

I'm afraid BD Support has given up on this one. It has been over two weeks since they last contacted me regarding my support case, and that was only to repeat suggestions already given in this thread.

In fairness to them I should say I don't know what the solution would be, except possibly an enhancement to the AVC exclusion dialog that would allow a folder (or perhaps a DLL) to be specified.

I don't know where I will go next however; in the past several years I have used Norton AV, ZoneAlarm Suite, and Kaspersky, and recently I tried out Avira and Nod32, and for one reason or another (intrusiveness, resource use, etc.) I haven't liked any of them.

[wje]

Is anyone at Bitdefender working on this? It's a major issue, and as others have said, it's BD that's going to be dumped, not all my Cygwin-based apps.
I've tried opening a support case and gotten the now-typical complete lack of response from BD.

And yes, I've tried rebasing. The only solution I've found is to turn off BD. If that's the solution, why am I paying them for the privilege of not using it?

As an aside, what's happened to them? I've used BD for years, but starting with BD 2009 things seem to have completely fallen apart. Buggy, slow, no support, etc. 2010 seems even worse, no cygwin, various operations don't work, and nobody on their end seems to care at all.

[MKairys]

I for one have abandoned BD because of this issue. (I am going with Microsoft Security Essentials for now.)