And Windows Defender keeps telling me every minute (literally - unless I kill flyctl in Task Manager), that there is some execution blocked from either “LenovoVantage-(LenovoBoostSystemAddin).exe” or “IntelConnectivityService.exe” - those are the two, and the Element in question is always: “C:\Users<my Username>.fly\bin\flyctl.exe”
Most oddly, sometimes it just works (for the installation for example, plus I also do have a deployed app which I updated several times yesterday). But now I have been trying for an hour and it doesn’t seem to work anymore.
Windows Defender can get over-protective, and sometimes isn’t a big fan of folks just downloading and running arbitrary executables. It’s hard to say why that might change from one day to the next, but I suspect a pattern of instructions in whatever build of fly.exe you’re currently running is likely similar enough in appearance, if not function, to an existing pattern Defender scans for in its malware database, and either an update on our end or a new malware database is making Defender unhappy.
The best fix is to add the directory containing fly.exe to Defender’s list of exclusions. Obviously don’t do this if you don’t trust us, but as a Windows user myself I’ve had to do this in a few occasions. I’m just super careful what I allow to run in Defender’s excluded directories.
Why is the flyctl.exe blocked/accessed/involved, when other executables are run? (this really grabs most of my curiosity)
Why did I get this Defender Notification every minute until I killed flyctl.exe from the Taskmanager? (I suspect that this is related to the above and some other exe(s) are just running regularly. I remember to have seen some Lenovo App as well as an Intel Service)
Speculating some here since I haven’t dug deeply into the release process or the agent:
It’s hard to say why Defender flags something–it’d lose usefulness if scammers knew and could work around it–but sometimes it finds false positives. I’m guessing something in a recent flyctl build or Defender update introduced this. Might be worth us paying closer attention to Defender false positives in the coming days, but make sure all Windows updates are applied on your end, and be sure to have the latest flyctl. If we’re lucky it’ll just fix itself.
Does it happen reliably on-schedule? I.e. exactly once per minute, or close enough? Maybe there’s a keepalive or something in the agent, though I haven’t dug into that code yet so there’s my speculation.
Sorry this is happening. Adding a Defender exclusion should help, as long as you trust that we’re not sending you malicious code.
Yea, it’s exactly every minute. But based on what I understand, it is not related to flyctl being active, but rather another app doing something and somehow flyctl getting involved as well (which then get’s blocked and flagged).
Honestly, this is also the only thing making me feel uneasy about just excluding it from the Defender List. If it was just throwing the error when I run the launch command or similar, it would make more sense. But now I am really confused as to why it is tagged on to all the other exes being run…
