Open Closed

ABP Studio & Antivirus Suspicious Activities #8810


User avatar
0
emil.essa created
  • UI Type: Angular

  • Database System: EF Core SQL Server

  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

  • Exception message and full stack trace:

  • Steps to reproduce the issue:

Something went wrong with me, as my antivirus Kaspersky catch this file from ABP Studio as a Trojan.

image.png


3 Answer(s)
  • User Avatar
    0
    enisn created
    Support Team .NET Developer

    Hi,

    Where did you installed the ABP Studio? We have different signing certificate right know on the Microsoft Store. Can you try the same operations after installing from Microsoft Store?

    By the way, if possible can you share ABP Studio logs right after this warning? Which operation causes this detection?


    Your support ticket is refunded

  • User Avatar
    1
    emil.essa created

    Hi
    Thank you for your respone and for refunded the ticket.

    Where did you installed the ABP Studio?
    I have installed the ABP studio from your site from a while but I don't use it I was use the ABP suite but yesterday I try to upgrade my application from ABP 8.2.3 to ABP 9.0.5 . but in the morning I faced the problem with my antivirus as you can see.

    Can you try the same operations after installing from Microsoft Store?
    We don't use the Microsoft Store according to our policy but I will try to contact them to give it a try.

    if possible can you share ABP Studio logs right after this warning?
    Unforionatly, Antivirus was remove ABP studio from my device so I can't send to you the ABP logs but if you have another option to do that let me know.

    Which operation causes this detection?
    I don't use it at all it's already close at this moment I just used it yesterday.

    Update: I have find this log in abp-studio-backend-logs.txt may it's useful for you as it's happen today before the antivirus warning :
    2025-02-16 21:08:14.401 +02:00 [INF] Request starting HTTP/2 POST http://localhost:38271/IStudioBackendHub/Connect - application/grpc null
    2025-02-16 21:08:14.475 +02:00 [INF] Executing endpoint 'gRPC - /IStudioBackendHub/Connect'
    2025-02-17 09:40:20.412 +02:00 [INF] Executed endpoint 'gRPC - /IStudioBackendHub/Connect'
    2025-02-17 09:40:20.417 +02:00 [INF] Request finished HTTP/2 POST http://localhost:38271/IStudioBackendHub/Connect - 200 null application/grpc 45139199.9903ms
    2025-02-17 09:40:20.420 +02:00 [INF] Connection id "0HNAENL1N02Q1", Request id "0HNAENL1N02Q1:00000001": the application completed without reading the entire request body.

  • User Avatar
    1
    andrescarranza created

    Screenshot 2025-02-17 161440.png

    I am reaching out to report that our security tool has detected a possible Trojan (PDM:Trojan.Win32.Generic) in the ABP Studio executable. Below are the details of the alert:

    Event: Malicious object detected
    Application: ABP Studio
    User: lucas
    Component: Proactive Watchdog
    Detection Result: Detected
    Type: Trojan
    Name: PDM:Trojan.Win32.Generic
    Threat Level: High
    Object Type: Process
    Object Path: C:\Users\lucas\AppData\Local\abp-studio\current
    Object Name: volo.abp.studio.ui.host.exe
    Reason: Database signatures
    Database Release Date: 02/11/2025 03:06 PM

    Since ABP Studio is a tool actively used in our company for development, we need to verify whether this detection is a false positive or if there is a genuine security issue with the installation. To justify the review with our IT security department, we kindly request a detailed report that confirms the legitimacy of this executable.

    We appreciate your prompt response and any recommendations on how to proceed in this matter.

    Looking forward to your reply.

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v9.2.0-preview. Updated on March 25, 2025, 11:10