Jump to content

Cannot install/update Piriform CCleaner and Speccy


Recommended Posts

I tried to update the CCleaner utility (https://www.ccleaner.com) and Speccy (https://www.ccleaner.com/speccy). PiriformSpeccy1.32.740.exe isn't contain a PUP. Ccsetup543.exe install PUP if you do not uncheck the box. I uncheck the box, but I can not install at all these utilities with the EAM protection turned on. When "Quarantine with notification" was selected in the settings, a notification popped up indicating that the installation was locked. After I changed the setting to "Alert", any notifications stopped popping up at all, and programs are simply not installed. Quarantine is empty as a drum.

Manually checking the installers for viruses and PUP does not find anything. Adding these installers to the exception list does not change anything. Disabling file protection in EAM does not help. Utilities can be installed only by completely disabling EAM.

EAM @ Windows Server 2008 + EEC @ Windows 7 Prof. Of course, it is always about the most recent versions of all programs used, and in the future I will not waste time on mentioning this. But if you insist, the EAM version in the Control Panel is 18.2.1.8483, the EAM version in the interface of the program itself is 2018.4.0.8631 (and what to believe?), EEC version 2018.5.0.3373.

Попытался обновить утилиты CCleaner (https://www.ccleaner.com) и Speccy (https://www.ccleaner.com/speccy). Утилиты эти грешат установкой PUP, если не убрать галочку. Галочку я убираю, но установить эти утилиты при включенной защите EAM не удаётся никаким образом. Когда в настройках было выбрано "Помещать в карантин с уведомлением" (Quarantine with notification), всплывало уведомление, о том, что установка была заблокирована. После того, как я поменял настройку на "Уведомление с выбором" ("Alert"), какие-либо уведомления перестали всплывать вообще, и программы просто не устанавливаются. В карантине при этом пусто как в барабане.

Проверка инсталляторов на вирусы и PUP вручную ничего не находит. Добавление указанных инсталляторов в список исключений ничего не меняет. Отключение файловой защиты в EAM не помогает. Утилиты удаётся установить только полностью отключив EAM.

EAM @ Windows Server 2008 + EEC @ Windows 7 Prof, разумеется, речь всегда идёт о наиболее свежих версиях всех используемых программ, в дальнейшем не буду тратить время на упоминание об этом. Но если вы настаиваете, то версия EAM в "Панели управления" – 18.2.1.8483, версия EAM в интерфейсе самой программы – 2018.4.0.8631 (и чему верить?), версия EEC 2018.5.0.3373.

Link to comment
Share on other sites

> But if you insist, the EAM version in the Control Panel is 18.2.1.8483, the EAM version in the interface of the program itself is 2018.4.0.8631

I can not help with the rest... but this means you last used an original installer to install18.2.1.8483, which has then self-updated to 2018.4.0.8631.

Link to comment
Share on other sites

Can you attach a copy of your logs to a reply for me to review?

  1. Open Emsisoft Anti-Malware.
  2. Click on Logs.
  3. Make sure that the search field is empty (it should only say Search in it).
  4. Click on the View button to the right of the search field, and make sure that the option named Select all is turned on under Components.
  5. Click on the Export button in the lower-left, and save the log somewhere easy to find.
  6. Attach the log file you saved to a reply.
Link to comment
Share on other sites

It looks like you were trying to run the installers from a network share. Do you have the same issue if you copy them to the computer and then execute them?

Did you download the files from the Piriform/Avast website, or from somewhere else?

Link to comment
Share on other sites

Indeed, the problem occurs when you run the installer from a network folder. First, there is a long delay when nothing happens, then the EAM sends out a message: "Remote cleaning is not supported, because threats or PUP can not be correctly deleted without risking system loading. Please run the test locally on the required system. File: \\S\distributions\Utilities other\piriform ccleaner\ccsetup543.exe". When the installers are restarted, the message does not appear, programs are not installed and their processes in the Task Manager are abscent . When running installers from a local disk, there are no problems.

Records appear in the log:

–  Behavior analysis detected suspicious behavior "AutorunCreation" in "\\S\distributions\Utilities other\Piriform Ccleaner\ccsetup543.exe"
– The average risk of malicious object "Bad reputation" in "\\S\distributions\Utilities other\ Piriform Ccleaner\ccsetup543.exe" -> Sent to quarantine by the user UserName (in tabular form "Sent to quarantine by the Cloud")

The quarantine remains empty. EAM 2018.5.0.8686, EEC 2018.3.1.8572

image.thumb.png.02308d109382ea85170e44218560e53a.png

The same in Russian:

Действительно, проблема возникает при запуске инсталлятора из сетевой папки. Сначала возникает длительная задержка, когда ничего не происходит, затем EAM выдаёт сообщение "Удалённая очистка не поддерживается, так как угрозы или ПНП не могут быть корректно удалены без риска повреждения загрузки системы. Пожалуйста, запустите проверку локально на необходимой системе. Файл: \\s\дистрибутивы\Утилиты прочие\piriform ccleaner\ccsetup543.exe". При повторных запусках инсталляторов это сообщение не появляется, программы не устанавливаются, их процессы в Диспетчере Задач отсутствуют.

В журнале появляются записи:
"Анализом поведения обнаружен подозрительное поведение "AutorunCreation" в "\\S\дистрибутивы\Утилиты прочие\Piriform CCleaner\ccsetup543.exe""
"Средний риск Вредоносный объект "Bad reputation" в "\\S\дистрибутивы\Утилиты прочие\Piriform CCleaner\ccsetup543.exe" отправлено в карантин пользователем ИмяПользователя (в табличном виде "помещено в карантин облаком")"

Карантин при этом остаётся пустым.

При запуске инсталляторов с локального диска никаких проблем не возникает.

Link to comment
Share on other sites

The issue is more than likely that EAM can't read the digital signature over the network share, and thus can't validate the safety of the files. You can temporarily add the file to the exclusions in order to work around the issue for now.

Link to comment
Share on other sites

  • 3 weeks later...

I did not understand why EAM can not read the digital signature over the network share? After all, if I run an unsigned executable from a shared folder, Windows immediately screams for it!

Не понял, почему EAM не может прочитать цифровую подпись по сети? Ведь если я запускаю неподписанный исполняемый файл из расшаренной папки с дистрибутивами, Windows сразу же кричит об этом!

Link to comment
Share on other sites

13 hours ago, Владислав said:

I did not understand why EAM can not read the digital signature over the network share?

It may be signed in a catalog file that EAM doesn't have access to.

Also, keep in mind that reading and writing data over a network share is not as reliable as reading and writing data to local media (such as hard drives physically connected to a computer). Something on the computer sharing the files could be preventing access to read the digital signature (security software, permissions, etc). There may also be an oddity in the path passed to EAM by the kernel for shared files.

Link to comment
Share on other sites

Unconvincing answer. To the shared folder with distributions I, as an administrator, have the maximum possible set of access rights. The digital signature is inside the executable itself, and if the file itself can be read from the network folder, what prevents reading from it, already read, the digital signature?

Perhaps the problem is that the EAM services are running on behalf of the SYSTEM user who does not have access to the network folders? Or is that EAM does not support Cyrillic in network paths?

 

Неубедительный ответ. К расшаренной папке с дистрибутивами у меня, как у администратора, есть максимально возможный набор прав доступа. Цифровая подпись находится внутри самого исполняемого файла, и если сам файл может быть прочитан из сетевой папки, то что мешает прочитать из него, уже прочитанного, цифровую подпись?

Может быть проблема в том, что службы EAM работают от имени пользователя СИСТЕМА, у которого нет доступа к сетевым папкам? Или в том, что EAM не поддерживает кириллицу в сетевых путях?

Link to comment
Share on other sites

21 hours ago, Владислав said:

Perhaps the problem is that the EAM services are running on behalf of the SYSTEM user who does not have access to the network folders?

Anything running with from the SYSTEM account should have the same access as the Administrator account in most cases, however that's up to the computer sharing the file and not the computer that EAM is running on. The SYSTEM account is a local account, and software on a remote computer running under one of that remote computer's accounts is trying to access those files.

 

21 hours ago, Владислав said:

Or is that EAM does not support Cyrillic in network paths?

As far as I know there are no issues with Cyrillic in network paths. We have team members who speak languages that use the Cyrillic alphabet, so if there are issues with Cyrillic characters then we should find out in our internal testing.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...