"flyctl launch" not working due to Access Restriction Error & constant Windows Defender Alerts

I had it since day 1 (yesterday ;-)) - I am sometimes not able to run flyctl launch in my Admin Windows Power Shell.

The response I get is this:

Fehler beim Ausführen des Programms “flyctl.exe”: Zugriff verweigertIn Zeile:1 Zeichen:1

  • flyctl launch

In Zeile:1 Zeichen:1

  • flyctl launch
  •   + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
      + FullyQualifiedErrorId : NativeCommandFailed

And Windows Defender keeps telling me every minute (literally - unless I kill flyctl in Task Manager), that there is some execution blocked from either “LenovoVantage-(LenovoBoostSystemAddin).exe” or “IntelConnectivityService.exe” - those are the two, and the Element in question is always: “C:\Users<my Username>.fly\bin\flyctl.exe”

Most oddly, sometimes it just works (for the installation for example, plus I also do have a deployed app which I updated several times yesterday). But now I have been trying for an hour and it doesn’t seem to work anymore.

Does anyone have any idea?

Guys, this is becoming freaky…

Now for almost every app that launches (just now PowerToys.PowerLauncher.exe) I get the info, that a dangerous action has been blocked…

And it always tells me that the element in question is “C:\Users<USERNAME>.fly\bin\flyctl.exe”

What is causing this?

Windows Defender can get over-protective, and sometimes isn’t a big fan of folks just downloading and running arbitrary executables. It’s hard to say why that might change from one day to the next, but I suspect a pattern of instructions in whatever build of fly.exe you’re currently running is likely similar enough in appearance, if not function, to an existing pattern Defender scans for in its malware database, and either an update on our end or a new malware database is making Defender unhappy.

The best fix is to add the directory containing fly.exe to Defender’s list of exclusions. Obviously don’t do this if you don’t trust us, but as a Windows user myself I’ve had to do this in a few occasions. I’m just super careful what I allow to run in Defender’s excluded directories.

1 Like

Thanks for this reply.

What really makes me curious are two things:

  1. Why is the flyctl.exe blocked/accessed/involved, when other executables are run? (this really grabs most of my curiosity)
  2. Why did I get this Defender Notification every minute until I killed flyctl.exe from the Taskmanager? (I suspect that this is related to the above and some other exe(s) are just running regularly. I remember to have seen some Lenovo App as well as an Intel Service)

Does anyone have any explanation for this?

Speculating some here since I haven’t dug deeply into the release process or the agent:

It’s hard to say why Defender flags something–it’d lose usefulness if scammers knew and could work around it–but sometimes it finds false positives. I’m guessing something in a recent flyctl build or Defender update introduced this. Might be worth us paying closer attention to Defender false positives in the coming days, but make sure all Windows updates are applied on your end, and be sure to have the latest flyctl. If we’re lucky it’ll just fix itself. :slight_smile:

Does it happen reliably on-schedule? I.e. exactly once per minute, or close enough? Maybe there’s a keepalive or something in the agent, though I haven’t dug into that code yet so there’s my speculation. :slight_smile:
Sorry this is happening. Adding a Defender exclusion should help, as long as you trust that we’re not sending you malicious code.

1 Like

Yea, it’s exactly every minute. But based on what I understand, it is not related to flyctl being active, but rather another app doing something and somehow flyctl getting involved as well (which then get’s blocked and flagged).
Honestly, this is also the only thing making me feel uneasy about just excluding it from the Defender List. If it was just throwing the error when I run the launch command or similar, it would make more sense. But now I am really confused as to why it is tagged on to all the other exes being run… :thinking:

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.