Why does Cylance antivirus terminate IntelliJ IDEA?

Completed

In my workplace, we use Cylance antivirus our official company-wide antivirus. Ever since then I have observed that IntelliJ gets terminated whenever I run or debug any project that I am working on. Cylance seems to mark the IntelliJ process as "Malicious payload".

I have raised a ticket to add an exception but since the process is marked as a malicious exploit, our admin team is reluctant to whitelist IntelliJ without proper justification. Therefore, I need to know what exactly does IntelliJ do that Cylance detects as malicious? I know that this is false positive somehow, but I still need to provide proper justification before it's whitelisted by our admin team.

1
9 comments

Hi Desmond David, could you please clarify the IDEA and Cylance versions you are currently using?

Thank you.

0

The IDEA version is 2020.3.1

The Cylance version is Cylance PROTECT 2.1.1574.39

0

Hi Desmond David, thank you for the provided information.

I've checked the idea64.exe file with the VirusTotal. It seems that all antivirus engines, including Cylance, haven't detected anything malicious: https://www.virustotal.com/gui/file/44038746ce49b61e7a197a8cf6952f5c7d1add73e37b800c9b0a0c2b408ad124/detection.

Could you please check your idea64.exe as well and share the results link?

Thank you.

0

What do I check and how?

Besides there are many threads in this forum of people having trouble running IDEA with Cylance and people have confirmed that Cylance causes issues with IDEA.

References:
https://intellij-support.jetbrains.com/hc/en-us/community/posts/360003263739-IntelliJ-crashes-while-running-but-debug-works-fine
https://intellij-support.jetbrains.com/hc/en-us/community/posts/360003285319-IntelliJ-crash-when-Maven-build-launched

So, I think Jetbrains is already aware of this issue. But there is no resolution for this yet.

Edit: I checked my idea64.exe file on Virustotal and the results are the same as yours, including the same hash.

1

Hi Desmond David,

I suggest uploading your version of idea64.exe to the VirusTotal portal at https://www.virustotal.com/gui/ to make sure that it's exactly the same file as https://www.virustotal.com/gui/file/44038746ce49b61e7a197a8cf6952f5c7d1add73e37b800c9b0a0c2b408ad124/detection.

If it is, I would recommend contacting Cylance support to report a false-positive because there is nothing we can change on the IntelliJ IDEA side.

Thank you.

1

Ok, I just checked on Virustotal and the results are the same as the one you have shared, even the same hash.

I understand that I need to get this sorted out by Cylance support, but I cannot contact them directly. We have an admin team who have access to the Cylance control panel and who can whitelist the tool. However, I need to provide some reason as to why Cylance has flagged IDEA with malicious payload before they can add IDEA to the whitelist. That is why I created this thread, to get some insight.

0

Hi Desmond David,

Thank you for the comment.

Unfortunately, we are not aware of the Cylance PROTECT algorithms used for malware detection. Thus, we can't comment on why Cylance has flagged the IntelliJ IDEA executable as a malicious payload.

I also believe that checking the executable on the VirusTotal confirms that there are no malicious payloads within the idea64.exe and can be provided as evidence to the Cylance support team.

Thanks.

0

That makes sense I suppose. Thank you for your time.

0

Where you able to resolve this?

I when to the virus total and my file its fine.

0

Please sign in to leave a comment.