ExcelDna icon indicating copy to clipboard operation
ExcelDna copied to clipboard

Published 20 hours ago verified publisher icon Excel-DNA

The ExcelDna.ManagedHost.AddInInitialize.Initialize call failed / ExcelDna.Integration.dll 1.5.0 flagged as containing malware by Windows Defender

Open gmichaud opened this issue 2 years ago • 14 comments

The Add-in Loader fails to initialize due to ExcelDna.Integration.dll getting flagged as malware by Windows Defender

image

Issue does not affect previous versions of ExcelDna.

The problem started happening today with the latest Windows Defender updates. I have reported this to Microsoft as a false positive already, but this is likely going to bite other ExcelDNA users here!

See here for VirusTotal report: https://www.virustotal.com/gui/file/02f05760666bda9018b95e442486c504cb67f02f5603406be55effc6dbf5c592/details

gmichaud avatar Nov 09 '21 23:11 gmichaud

@govert we were running on 1.5.0rc1 and my first idea was to check if a more recent build is available; I see 1.5 final is published by the file is exactly the same :(

A simple workaround for the problem if Microsoft doesn't correct this quickly could be to just recompile the library with a few changes to ensure the hash is different -- I think it's just a signature-based check.

gmichaud avatar Nov 09 '21 23:11 gmichaud

Hi @gmichaud - thanks for the heads-up.

A few days ago the list of anti-virus vendors detecting a problem with the file was longer and Microsoft was not on the list (see the end of this thread https://github.com/Excel-DNA/ExcelDna/issues/403 ). Now it seems only Microsoft is having a problem. As you point out, the binary is the same as from the -rc1 version, so had been around for a while (since early June). On my machine with Defender the bad detection only happened with the update of signatures from yesterday to today.

I don't think it helps to make extra binaries - they just muddy the issue. Best is if the file is seen and reported as OK from many places.

I have no idea what one does with this except to allow the files on the machine ('Restore' them in Defender terms) and wait for the storm to pass.

govert avatar Nov 09 '21 23:11 govert

This looks like a good url to report the false positive: https://www.microsoft.com/en-us/wdsi/filesubmission

govert avatar Nov 10 '21 00:11 govert

@govert everyone at Velixo reported it already using this link. We have also documented how to whitelist the file for now here https://help.velixo.com/en/articles/5718835-error-a-problem-occurred-while-the-add-in-was-creating-an-isolated-application-domain

gmichaud avatar Nov 10 '21 02:11 gmichaud

I also got this error when trying to build new project on Windows 11, with latest update v1.5.0

datvq avatar Nov 10 '21 04:11 datvq

Same here.

Rand-Random avatar Nov 10 '21 11:11 Rand-Random

Same problem. FWIW, the workaround posted by @gmichaud didn't work for me since nothing is showing in my "Current Threats" section (even after a quick scan). I was able to work around this by disabling Real-time protection (but that's not a good long term solution, of course).

lafritay avatar Nov 10 '21 12:11 lafritay

@lafritay we have updated our instructions for customers, the problem shows up under current threats only while the message box is visible in Excel. That’s probably because the file gets loaded from the XLL and wiped out after you close.

gmichaud avatar Nov 10 '21 13:11 gmichaud

You could also define an exclusion to the file/folder your self. https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26

if the file already got deleted you would need to manually restore it.

Rand-Random avatar Nov 10 '21 13:11 Rand-Random

We are using ExcelDna for a quant finance course I teach related to .NET programming and Excel integration. I went through the link that Rand-Random posted above and elaborated on it so that students would be able to work through it. I'm posting it here as well, just to fill in some of the gaps. This worked for me. Hope this helps.

High level, what you need to do is:

  1. Define an exclusion of the library file ExcelDna.Integration.dll in Windows Defender

  2. Uninstall ExcelDna from your Visual Studio project using the NuGet Package Manager Console (same place you used to install it). Just type Uninstall-Package ExcelDna at the prompt.

  3. You will be prompted to close and reopen VS to complete the ExcelDna package removal -- do this.

  4. After VS is reopened, reinstall ExcelDna.

  5. Rebuild your solution.

Now, for the finer details of step 1, the following lists the steps in the Microsoft support link in more detail:

a) Go to Start > Settings > Update & Security > Windows Security > Virus & threat protection.

b) Select Virus & threat protection settings from the main section (not the left margin).

c) Scroll down to Exclusions, and select the link Add or remove exclusions.

d) Click on +Add an exclusion, and select File from the drop-down menu. This will open a File Explorer instance.

e) In the File Explorer that opens, locate the directory where your library project is.

f) Drill down to the subdirectory ..\packages\ExcelDna.Integration.1.5.0\lib\net452

g) Select the file ExcelDna.Integration.dll

h) Click on Open at bottom right of File Explorer.

i) Rebuild your project/solution. It should build properly now.

QuantDevHacks avatar Nov 11 '21 01:11 QuantDevHacks

FYI, in the other issue this was posed https://github.com/Excel-DNA/ExcelDna/issues/403#issuecomment-965973159

Rand-Random avatar Nov 11 '21 11:11 Rand-Random

As of this morning, Windows Defender is no longer considering ExcelDna.Integration as malware: https://www.virustotal.com/gui/file/02f05760666bda9018b95e442486c504cb67f02f5603406be55effc6dbf5c592/detection

gmichaud avatar Nov 11 '21 14:11 gmichaud

I went through the last 4 non-preview releases and they are all at some level affected. See below table. If you have any idea how to flag these as false positive to different antivirus companies please share the info.

Version Issues (3rd March 2022) File Url
1.5.1 0 ExcelDna.Integration.dll https://www.virustotal.com/gui/file/2634ee8fb742fd2adf8ec7490203321daa228180a09f36373f66dabc17d8a870
1.5.1 19 ExcelDna.xll https://www.virustotal.com/gui/file/b633b6bfbd8bb2f99ddc98b2e9755a133ccdbc10309dea9a301f2cd63d27f5cd
1.5.1 7 ExcelDna64.xll https://www.virustotal.com/gui/file/90cb95264d0b555fe9a760de404196ac183a958c9cc1aad0689598e35fbb0c3b
1.5.0 1 ExcelDna.Integration.dll https://www.virustotal.com/gui/file/02f05760666bda9018b95e442486c504cb67f02f5603406be55effc6dbf5c592
1.5.0 16 ExcelDna.xll https://www.virustotal.com/gui/file/c5fed569b699e5d5da8dd9510727436668f557e39bb0cf6742973a8b93923a9a
1.5.0 20 ExcelDna64.xll https://www.virustotal.com/gui/file/9c1190de31efac42912b2914df3099a124469b94587377c957e80778aa618465
1.1.1 0 ExcelDna.Integration.dll https://www.virustotal.com/gui/file/eac5f84f57148036844ade6a207cc199ae41a56dbf11e3f7f7001378a62d40a6
1.1.1 3 ExcelDna.xll https://www.virustotal.com/gui/file/b9ec0d7f24cf91fef68c4aaac5e330c5bdfe32e11e4ddf4511e50e489398f080
1.1.1 6 ExcelDna64.xll https://www.virustotal.com/gui/file/2cbcfdf0d8239ed8393f3d4c9f9641bf03aa786a4f7814dcf62bdd8633f75bbf
0.34.6 0 ExcelDna.Integration.dll https://www.virustotal.com/gui/file/a010d7332de6590aa5367e402894778d8d932ab34676e61b2c3c3c6448d3e628
0.34.6 2 ExcelDna.xll https://www.virustotal.com/gui/file/36bb53a9e0c35744f467a0d9c128815f71e9b2687aabac391e8000d719a77d8b
0.34.6 3 ExcelDna64.xll https://www.virustotal.com/gui/file/ccd11f76d8745fd96209414daa8a745f8bcc7e47be30bc22ed903ece9ae476c3

gigi81 avatar Mar 03 '22 12:03 gigi81

@gigi81 Maybe this PR is for you: https://github.com/Excel-DNA/ExcelDna/pull/431

Rand-Random avatar Mar 03 '22 12:03 Rand-Random