X-Recipient: archive-cygwin@delorie.com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; q=dns; s=default; b=H8kYz
	QsqWh1wWUY6pLE2TOH7LRH62fYook6kT7nxcS+zTX68i0Iz+RIf1Hw7kUpAEv8AO
	Xw5d6Ay7jXO1NYif/KWZBjFchuL+FfM3++8EYoeEctEQESq1ygsXPYOaXY+EAe/p
	Q1I9zOB2NafV6Z6YO4b7pbP+uMKcj9Vclx9dXA=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:references:date:in-reply-to
	:message-id:mime-version:content-type; s=default; bh=UIGYopQSRIf
	9JJlDsO3CVzTBXKc=; b=qlXnb67s7WJwaGKLhSORkSmXpgZ/sKfkxwWgcE3YjlW
	5inSjOrL3HKhgXl0lcebHMbvWEwCwX6xMdfz5r8rqjwjA9CCHzdkW7hq8VHJHFe7
	1FMRCmAjxrhXqQ0E2riNKMYoo4TOh2XNd/xC56lnzPVxT4HC8D3xTpw/IDcoEJnQ
	=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin@cygwin.com>
List-Help: <mailto:cygwin-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Delivered-To: mailing list cygwin@cygwin.com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-6.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2
X-HELO: mail-in-03.arcor-online.net
X-DKIM: Sendmail DKIM Filter v2.8.2 mail-in-14.arcor-online.net 832639BE47
From: Achim Gratz <Stromeko@nexgo.de>
To: cygwin@cygwin.com
Subject: Re: Cygwin install crashes & reboots without leaving a trace
References: <5423D681.9000707@utwente.nl>	<20140925101803.GA9828@dinwoodie.org> <5424082F.7020709@utwente.nl>
Date: Thu, 25 Sep 2014 17:59:52 +0200
In-Reply-To: <5424082F.7020709@utwente.nl> (Arend Rensink's message of "Thu,	25 Sep 2014 14:18:55 +0200")
Message-ID: <87zjdn8zd3.fsf@Rainer.invalid>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3.93 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain

Arend Rensink writes:
>> 25-9-2014 10:54:05	Quarantined	legal software that can be used by
>> criminals to damage your computer or personal data
>> PDM.Worm.P2P.generic	C:\CYGWIN\SETUP-X86.EXE
>
> (I don't suppose there is a worm, but you might be interested in knowing
> about this false positive.)

Clearly a false positive based on an overly broad heuristic.  Since it
looks it is behavioral based, you could try to separate the download and
install part.  Also it might help if you strip setup.exe of the "I was
downloaded from the big bad Internet" information that Windows slaps on
it (most easily by copying it to a FAT32 partitioin, such as a USB
stick).

> Well, if I knew *where* (during with package install) this is triggered,
> it might still help circumvent the problem. I'm pretty sure this is
> deterministic. However, AFAIS no log file is generated - probably due to
> the abrupt termination. Can you suggest any way I can obtain a log?
> For instance, can I reroute logging to stdout?

If you start setup-exe from a CMD window you'll get plenty of output.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple