msys2-runtime icon indicating copy to clipboard operation
msys2-runtime copied to clipboard
verified publisher icon msys2

`msys-runtime` update blocked and removed by thread protection (updated 2025-06-18)

Open ousia opened this issue 6 months ago • 10 comments

I have been using MSYS2 without any problem for a long time (I think almost five years [according to my first issue]).

I have been using MSYS2 on a computer at running Windows 7 and (later) Windows 10 (both administered by my organization, not by myself).

My platform has always been MinGW64. I have a shortcut icon which runs C:\msys64\msys2_shell.cmd -mingw64 -use-full-path (starting at C:\msys64).

Almost every workday, I update MSYS2 by double-clicking the MinGW64 icon and type pacman -Syu && pacman -Scc.

As many other times, a msys-runtime update was available this morning and I updated it (2025-07-18, about 8:30AM CEST). After restarting, other packages were available to download (mainly GStreamer, its Python bindings and its good, bad and ugly plugins).

I just downloaded it, they were installed, but the update ended abruptly just after extracting the files from last package (not even being able to reach the second part of pacman -Syu && pacman -Scc). So I quit the program.

I double-clicked the MinGW64 icon again and Windows only showed a message about missing msys-2.0.dll.

I’m not the administrator on this computer (and this is remotely managed from another office), but I found out that there is some “virus and thread protection” in Windows Security that considered MSYS2 (not because it mentioned it, but from the time of the logged incident) a high thread and blocked it (apparently with file removal).

This is some automatic rule, but I wonder what has caused the current msys-2.0.dll to be considered a high thread to Windows Security (the first one during the whole time I had been using MinGW64 [since I cannot use it now]).

ousia avatar Jul 18 '25 14:07 ousia

Thanks, sadly not much we can do: https://www.msys2.org/docs/faq/#my-antivirus-flagged-an-msys2-file-as-malicious-what-should-i-do

Report for the current msys-2.0.dll (nothing flags it): https://www.virustotal.com/gui/file/ec6e9b45b825fb432ed8821ce5d00b910a58b5d75a1ea1a4eb3be0c3ada60a91

lazka avatar Jul 18 '25 20:07 lazka

Many thanks for your reply, @lazka.

I think Windows Security handled it as a thread, not as a virus.

I thought that 23a25d49e3b8c18f12ce588869d4cb24de9f2454 might have caused the block and removal.

But I’m totally lost here, so I’m likely wrong).

ousia avatar Jul 21 '25 16:07 ousia

I think Windows Security handled it as a thread, not as a virus.

I see. I can send a report to MS requesting it to be reviewed (no idea if that actually helps), but I need to select the product that flagged it:

  • System Center Endpoint Protection
  • Microsoft Defender Antivirus (Windows 11)
  • Microsoft Defender Antivirus (Windows 10)
  • Microsoft Defender Smartscreen
  • Smart App Control
  • Windows Intune
  • Microsoft DaRT
  • Microsoft Forefront Client Security
  • Microsoft Forefront Endpoint Protection 2010
  • Microsoft Forefront Protection for SharePoint
  • Microsoft Forefront Server Security
  • Microsoft Security Essentials
  • Office 365 and Exchange Online Protection
  • System Center 2012 Endpoint Protection
  • Windows Defender (Windows 8)
  • Windows Defender (Windows 7, Windows Vista, or Windows XP)
  • Windows Server Antimalware
  • Other

lazka avatar Jul 21 '25 16:07 lazka

I thought that 23a25d4 might have caused the block and removal.

Unlikely. This patch has been with MSYS2 since v3.5.7, it has not been newly-introduced into v3.6.4: 7878787624144cd3b9cbd8a41b25d7d266b7173c.

there is some “virus and thread protection” in Windows Security

Surely you meant "threat", not "thread". Please be more precise. I have this on my machine:

Image

And when I click on that, I see:

Image

I have updated my MSYS2 runtime last Wednesday, therefore it was included in the scan.

dscho avatar Jul 22 '25 08:07 dscho

there is some “virus and thread protection” in Windows Security

Surely you meant "threat", not "thread". Please be more precise. I have this on my machine:

Sorry, thread instead of threat was poor orthography when translating from Spanish (Windows language).

Image

I don’t get as much info as displayed before.

I have updated my MSYS2 runtime last Wednesday, therefore it was included in the scan.

So I have to conclude it was a rule included by my organization, haven’t I? (Just for confirmation to close the issue.)

ousia avatar Jul 22 '25 17:07 ousia

I see. I can send a report to MS requesting it to be reviewed (no idea if that actually helps), but I need to select the product that flagged it:

  • Microsoft Security Essentials

Many thanks for your reply and your help, @lazka.

Since it may be a rule imposed by my organization, it is not so relevant which program applied it.

ousia avatar Jul 22 '25 17:07 ousia

If all fails you can try using an older msys-2.0.dll, and work with that for now. That's no supported of course, but should still work fine mostly, and better than nothing.

lazka avatar Jul 22 '25 17:07 lazka

@lazka, many thanks for your suggestion, it is an interesting workaround.

But where do I find already compiled msys-2.0.dll (in different versions)?

Many thanks for your help.

ousia avatar Jul 23 '25 14:07 ousia

The easiest is probably from the last installer (all files there contain it one way or another): https://github.com/msys2/msys2-installer/releases/tag/2025-06-22

lazka avatar Jul 23 '25 15:07 lazka

Many thanks for the tip, @lazka.

BTW, just in case this worked, is there any way to update everything but msys-runtime.exe?

ousia avatar Jul 24 '25 18:07 ousia