stable-diffusion-webui
stable-diffusion-webui copied to clipboard
AUTOMATIC1111
[Bug]: PUA:Win32/Presenoker in frpc_windows_amd64
Is there an existing issue for this?
- [X] I have searched the existing issues and checked the recent builds/commits
What happened?
Could not share instance with --share command because windows defender blocked the file C:\stable-diffusion-webui\venv\Lib\site-packages\gradio\frpc_windows_amd64 cause PUA:Win32/Presenoker was detected in it.
Malwarebytes do not detect the virus in the file, could it be a windows defender false positive?
Steps to reproduce the problem
use argument --share when launching webui
What should have happened?
webui should return a gradio link instead of "Could not create share link, please check your internet connection."
Commit where the problem happens
151233399c4b79934bdbb7c12a97eeb6499572fb
What platforms do you use to access UI ?
Windows
What browsers do you use to access the UI ?
Mozilla Firefox
Command Line Arguments
No response
Additional information, context and logs
No response
My AV picked it up today. VirusTotal claims frpc_windows_amd64 is either unsafe or a trojan first detected on 2023-01-04 12:48:21 UTC. Could be a false positive. https://www.virustotal.com/gui/file/c9db0db0f0f41ce3fe84f92a785d4ba0ab351ee231ce9e53924a168889a525fd
Same as above. Found in venv\Lib\site-packages\gradio\frpc_windows_amd64
Edit: Should also say that I reached out to the team at Gradio since it's their package that pings. According to them, it's used to tunnel when sharing is enabled and is a valid file. I suggested they submit it to clear it as a false positive.
Same thing here, probably a gradio issue, but if our wizards around here knows how to solve this, it'd be nice !
after a quick google search.... https://www.mandiant.com/resources/blog/hunting-attestation-signed-malware
Anyone come up with a fix, workaround or definitive answer on this one? Can't run with share command, even after reinstall and removal of all .ckpt models and sub with .safetensors models. Whatever it was, it didn't need to be loaded directly into SD, just pre loaded or referenced for use (put in the list of models). I never changed my model and it started after I added a few new .ckpt models. One of them specifically, was the AnythingV3.0 model. I've seen this possible trojan warning associated with this model more than a few times. I still haven't seen anyone give a clear answer as to if it is false positive or not.
@Luthor-inc For this issue, I believe it's a gradio issue with the frpc_windows_amd64.exe that is generated. Norton definitely tagged that file. Now the error in norton is "pending"
Filename: frpc_windows_amd64.exe Threat name: Heur.AdvML.C Threat type: Heuristic Virus. Detection of a threat based on malware heuristics. Path: ....\stable-diffusion-webui\venv\Lib\site-packages\gradio\frpc_windows_amd64
Few Users: Hundreds of users in the Norton Community have used this file. Mature: This file was released 1 month ago. High: This file risk is high.
File Actions: frpc_windows_amd64.exe has been Removed (Quarantined)
As far as I know this specific issue has nothing to do with ckpt files. And I am still experiencing it.
Same as above. Found in venv\Lib\site-packages\gradio\frpc_windows_amd64
Edit: Should also say that I reached out to the team at Gradio since it's their package that pings. According to them, it's used to tunnel when sharing is enabled and is a valid file. I suggested they submit it to clear it as a false positive.
oof did they even acknowledge there's an issue? like... Virus Total flags the file with 26/61 vendors marking it malicious
I've submitted to norton as possible false-positive. should hear back in 48 hours.
oof did they even acknowledge there's an issue? like... Virus Total flags the file with 26/61 vendors marking it malicious
Not really. Mostly just told me it was a legit file and got a brief response after I suggested that they reach out to MS. The file in question is a reverse proxy and I don't think it's one that they built as I don't see it in their repo. It's possible that the app is being used by malicious software. Why use your own reverse proxy when you can pull one down for free? But without knowing where it comes from, it's difficult to say. I've switched to using a different front end for testing SD but I'm curious what Norton says.
@JaCraig , looks like my submission to Norton has gotten it on the whitelist. I don't know for sure as the whole process is a bit confusing. But frpc is no longer triggering AV warnings.
Flagged by Kaspersky also. "can be used by criminals to damage your computer or personal data"
Confirmed. It is quarantined by Windows Defender and listed as unsafe by various sec vendors: https://www.virustotal.com/gui/file/c9db0db0f0f41ce3fe84f92a785d4ba0ab351ee231ce9e53924a168889a525fd/detection
Just to add some clarification to anyone seeing this.
This IS a false possitive SPECIFICALLY IN THIS CASE, but the file can be used for malicious intent. The concept is simple, this is a fast reverse proxy, this means it can connect somewhere and allow someone to access your program from the outside (sounds familiar?) this is EXACTLY what you guys are trying to do when you use the "--share" flag, you want to be able to use your program from the outside, this is considered unwanted behaviour because normal/average users do not use this.
As it is stated, that file "has potentionally unwanted behaviour" but it also has potentially wanted behaviour, you do want it. I do not believe it is tagged because of who signed it but because of what it does. And to be fair, it makes sense that the file is flagged as dangerous. Just like a knife is dangerous and you wouldn't want just anyone using it.
Now I do not think this is going to be excluded from the unwanted_app list in most AVs because it does make sense. And if you are intentionally using it you can whitelisted locally and it then reinstall the python package "gradio".
Can confirm, the same issue right after --share flag was used. Is it possible we get it whitelisted for Windows Defender?
Edit: Note that --share is not the only option available. You can instead use --listen and --port xxxx to possibly avoid this issue. It's in the wiki but perhaps good for reference for this issue.
whitelisted for Windows Defender
https://www.makeuseof.com/how-to-whitelist-files-windows-defender/
