Trend Micro reporting malware in teamcity 2020.1 java.exe

Answered

We had a new installation of Teamcity broken because Trend Micro reported malware in Java.exe when a Build agent was run. We believe this was a false positive as the server was recently setup and hardly used but because of the way anti-virus is administered, it is impossible to disable/remove the a/v or even whitelist java.exe. We downloaded a new Java.exe from Amazon (Corretto 11 - same version as the one installed with Teamcity). and it has worked since then without issue.  

The replacement java.exe was bigger (50 KB vs 38KB) and it contained digital signatures which the version installed with Teamcity didn't. we have a suspicion that Trend Micro might not check software with digital signatures quite so rigorously.    

1 comment
Comment actions Permalink

Hi,

 

thanks for your report. We have recently started using a java tool to remove parts of the JVM that are completely irrelevant to our tool so that we can reduce size of the full package, particularly since most large installations which could use plugins that use more extensively the jvm will typically have their own java versions installed.

 

The workaround is, as you experienced, to replace the JRE with a validated one. We have created an issue in our tracker to investigate the exact reason and put a solution so that it's not required going forward: https://youtrack.jetbrains.com/issue/TW-66532 . Please feel free to vote for it and leave any comment you would think as useful. If you could provide trend micro version at least that could be useful for us in replicating.

0

Please sign in to leave a comment.