ngrok icon indicating copy to clipboard operation
ngrok copied to clipboard

Published 20 hours ago verified publisher icon inconshreveable

Killed: 9 - ngrok exe deleted after running once.

Open bterbs opened this issue 4 years ago • 2 comments

Whether I install with brew cask install ngrok or npm install -g ngrok in the terminal, my first command of which ngrok returns /usr/local/bin/ngrok but then if I attempt to execute the binary with ngrok http 3000 the process is killed and returns Killed: 9 and then it appears the exe is deleted. I can't find support around this anywhere - has anyone else experienced this or have a solution???

bterbs avatar Aug 12 '20 15:08 bterbs

Was there a resolution to this?

ceresti-mrw avatar Feb 29 '24 13:02 ceresti-mrw

I found the issue. In my case Bitdefender was deleting the ngrok executable. It identified the threat as Trojan.MAC.Generic.117739.

ceresti-mrw avatar Feb 29 '24 14:02 ceresti-mrw

I found the issue. In my case Bitdefender was deleting the ngrok executable. It identified the threat as Trojan.MAC.Generic.117739.

How did you solve the issue? Seems like it's happening to me and team as well.

rapito avatar May 02 '24 11:05 rapito

Unfortunately I didn't solve it. I just stopped using ngrok. I suspect the next build of ngrok will eliminate this problem because a new executable will be produced with a different byte sequence. My theory is that the ngrok executable had a specific byte sequence that triggered Bitdefender. I could be completely wrong here but it's my theory. I figured once a new release was distributed I could try it again. As you can see I'm not a heavy user of ngrok.

ceresti-mrw avatar May 02 '24 17:05 ceresti-mrw

Unfortunately I didn't solve it. I just stopped using ngrok. I suspect the next build of ngrok will eliminate this problem because a new executable will be produced with a different byte sequence. My theory is that the ngrok executable had a specific byte sequence that triggered Bitdefender. I could be completely wrong here but it's my theory. I figured once a new release was distributed I could try it again. As you can see I'm not a heavy user of ngrok.

I see.. thanks for your answer though!!

rapito avatar May 02 '24 17:05 rapito

I was having the same problem. I've worked around it by using the docker container docker run -p 4040:4040 -it -e NGROK_AUTHTOKEN={token} ngrok/ngrok:latest http host.docker.internal:5000.

drewburlingame avatar May 04 '24 22:05 drewburlingame

Thank you for opening this issue! As of April 2016, the ngrok service has permanently moved to https://ngrok.com/. To join the community and file bug reports or feature enhancements for the ngrok agent, please go to https://github.com/ngrok/ngrok.

This repository is no longer actively maintained and will be archived soon to reduce confusion with the latest ngrok versions. We thank you for the continued support of ngrok and look forward to seeing you over at ngrok.com and the ngrok Community Repo.

russorat avatar May 09 '24 19:05 russorat

Hi all, if the ngrok binary is getting deleted, then it is most likely some sort of company antivirus sweeper that has incorrectly flagged the ngrok binary as malware. We try to proactively submit our binaries as false positives, but are struggling to get re-classified. If you have the option to submit one of the ngrok binaries as a false positive with your antivirus software, please do.

russorat avatar May 15 '24 22:05 russorat

Hi all, if the ngrok binary is getting deleted, then it is most likely some sort of company antivirus sweeper that has incorrectly flagged the ngrok binary as malware. We try to proactively submit our binaries as false positives, but are struggling to get re-classified. If you have the option to submit one of the ngrok binaries as a false positive with your antivirus software, please do.

That was the case for us. We ended up sending samples to Bitdefender so they would remove it from their lists.

rapito avatar May 15 '24 22:05 rapito

I'm also having this issue and gets deleted by Microsoft Defender in MacOS: Title: HackTool:MacOS/Ngrok!MTB

I fixed it by doing the following:

  1. open Microsoft Defender > Manage settings > Exclusions > Add or Remove Exclusion
  2. click Add New > Process (I tried Folder or File but I can't select this path /opt/homebrew/bin/ngrok):
  3. type ngrok:
Screenshot 2024-05-20 at 6 24 38 PM

hpelitebook745G2 avatar May 20 '24 10:05 hpelitebook745G2

Hi all, if the ngrok binary is getting deleted, then it is most likely some sort of company antivirus sweeper that has incorrectly flagged the ngrok binary as malware. We try to proactively submit our binaries as false positives, but are struggling to get re-classified. If you have the option to submit one of the ngrok binaries as a false positive with your antivirus software, please do.

That was the case for us. We ended up sending samples to Bitdefender so they would remove it from their lists.

An update on this:

They allowed it then blocked it again.

rapito avatar May 20 '24 12:05 rapito