CryptoPrevent is blocking SQRL client


Status
Not open for further replies.

Donn Edwards

New member
Mar 7, 2019
3
0
Hi Steve
The CryptoPrevent client prevented me from installing the sqrl client on Windows, and now I get random notifications about it blocking
C:\Users\<usrname>\Appdata\Local\sqrl-fork.exe
Please can you get CryptoPrevent guys to put in a rule to ignore this activity?
Thanks in advance
Donn
 

PHolder

Well-known member
May 19, 2018
1,227
205
As a workaround, try installing SQRL with the CryptoPrevent temporarily disabled. The fork is just a temporary measure during the install. Once it is installed, it shouldn't complain... (probably until there is an attempt to install an update.)
 

Donn Edwards

New member
Mar 7, 2019
3
0
I did disable CryptoPrevent in order to install it, but re-enabled it afterwards. I have also added C:\Users\<usrname>\Appdata\Local\sqrl-fork.exe to the CryptoPrevent whitelist and rebooted, but I still get notified from time to time about sqrl-fork.exe getting blocked. Weird. There hasn't been a new client release since then either.
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
Donn: I recall that we had problems early on with CryptoPrevent. It's buggy and not very well written, as I recall. I installed it back when working on the SQRL install code and I came away unimpressed. But Paul's correct about sqrl-fork.exe -- it is (should be) an install-time-only thing. But perhaps CryptoPrevent prevented the install from completing and left a copy lying around?? And so it's continuing to be annoyed by it?

You might try:
  1. Disable CryptoPrevent
  2. Open a Command Prompt and change to the C:\ directory (cd c:\)
  3. Scan the C: file system for any "sqrl" fragments: dir sqrl*.exe /s
  4. If anything "forky" turns up, go delete it! :)
 

AlanD

Well-known member
May 20, 2018
128
23
Rutland, UK
I had this problem many months ago. Initially, I was temporarily disabling Crypto-Prevent each time, but I now have a whitelist entry "C:\Users\alan\appdata\local\sqrl*.exe" That seems to solve the problem.
 
  • Like
Reactions: gernswd

PHolder

Well-known member
May 19, 2018
1,227
205
I had this problem many months ago. Initially, I was temporarily disabling Crypto-Prevent each time, but I now have a whitelist entry "C:\Users\alan\appdata\local\sqrl*.exe" That seems to solve the problem.
This works great until the malware authors get wind of SQRL and decide to impersonate it for any of a number of reasons... :-/
 

Steve

Administrator
Staff member
May 6, 2018
1,016
307
www.grc.com
This works great until the malware authors get wind of SQRL and decide to impersonate it for any of a number of reasons... :-/
True. This is a useful workaround, but the permanent solution is to also check the publisher's Authenticode certificate.
 

Donn Edwards

New member
Mar 7, 2019
3
0
The only files that begin with sqrl*.exe is this one: C:\Program Files (x86)\GRC\sqrl.exe
I just got another notification from CryptoPrevent about blocking sqrl-fork.exe, even after whitelisting the file.
If this file is only created during the install process then I will write it off as a bug in CryptoPrevent, because it doesn't show up in CryptoPrevent's own event log. Weird.

Does the sqrl.exe check its own certificate? I assume so.
 

PHolder

Well-known member
May 19, 2018
1,227
205
The only files that begin with sqrl*.exe is this one: C:\Program Files (x86)\GRC\sqrl.exe
You're on Windows 10? (It doesn't really matter, except my instructions won't be quite right.) Right click on the Start button and select "Command Prompt (Admin)" then into the command prompt type (without quotes) "C:" enter "CD \" enter "DIR /s SQRL*.EXE" enter. (Case doesn't matter, I am just putting them in upper case to make them stand out here.) This will show every file starting with SQRL on your whole system. It should show you where there might be any pesky files hiding.

If there aren't any other files... then I'm guessing it's because SQRL has detected an upgrade, is downloading it, and failing to install it. If that is the case, then you're going to have to temporarily fully disable CryptoPrevent while you run SQRL long enough for it to download and install and configure it's update. You may then want to disable the option for SQRL to auto-start on system startup... so that you can tie events in the future to your choice to launch it.
 

AlanD

Well-known member
May 20, 2018
128
23
Rutland, UK
The problem that I found with CryptoPrevent was only with sqrl-fork.exe. Once I had disabled CryptoPrevent and installed SQRL, I could re-enable CryptoPrevent and use SQRL with no problems. CryptoPrevent does not object to programs running from their own directories, e.g. C:\Program FilesSQRL, but on the install or upgrade sqrl-fork.exe runs from c:/users/{name}/AppData/Local/Temp, that it what Crypto Prevent objects to as it is the usual location for downloaded programs, including viruses. This location is designed for "run once and delete yourself" programs, which is what a lot of viruses are.
 
Status
Not open for further replies.