Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Antivirus software reporting #3230

Closed
monkeycc opened this issue Feb 18, 2023 · 25 comments
Closed

Antivirus software reporting #3230

monkeycc opened this issue Feb 18, 2023 · 25 comments

Comments

@monkeycc
Copy link

微信截图_20230218104922

gradio\frpc_windows_amd64

https://weishi.360.cn/jisu/

https://www.360totalsecurity.com/

@abidlabs
Copy link
Member

Hmm thanks for reporting. I'm not sure if there's anything we can do here except to confirm that frpc_windows_amd64 is not a virus, it's needed to set share=True.

@ecker00
Copy link

ecker00 commented Mar 9, 2023

Also got this reported, and it's flagged by 36 of 68 vendors on VirusTotal: https://www.virustotal.com/gui/file/c9db0db0f0f41ce3fe84f92a785d4ba0ab351ee231ce9e53924a168889a525fd

What exactly is this file, and why would it be flagged?

@abidlabs
Copy link
Member

abidlabs commented Mar 9, 2023

Hi @ecker00 it's a file that allows you to create a public link for your Gradio app (when you set share=True in your launch() method)

@erhanX
Copy link

erhanX commented Mar 29, 2023

@abidlabs It is also detected by Defender and quarantined so it is not really helping on Windows unless you give instruction how to whitelist the file or get it out of the virus DBs or just don't care. ;)

@abidlabs
Copy link
Member

@erhanX
Copy link

erhanX commented Mar 29, 2023

I know how to whitelist. It is not about me. I am just notifying you that any normal Windows user will have this problem. Maybe it was not detected before by Defender when the other person reported it.

Maybe make it an optional package which first gets installed when public=True is used first time and put this information there. Or leave it as it is because people who dont use it will not notice anyway.

@abidlabs
Copy link
Member

Maybe make it an optional package which first gets installed when public=True is used first time

That is the current behavior actually

and put this information there

That's a good idea, we'll do that, thanks!

@robertbozsa
Copy link

Avast also sees this file as malware and moves it to quarantine.

File: frpc_windows_amd64_v0.2
Threats: FileRepMalware & Win64:Malware-gen
Path: C:\Users\user1\AppData\Local\Programs\Python\Python310\Lib\site-packages\gradio\frpc_windows_amd64_v0.2

Although it is moved to quarantine the application still seems to work. Is this file necessary for something?

This was installed as part of the process to setup a custom knowledgebase for ChatGPT.

https://beebom.com/how-train-ai-chatbot-custom-knowledge-base-chatgpt-api/

@gitihobo
Copy link

gitihobo commented Jun 8, 2023

Multiple anti-virus detect as riskware, anything that can be done about that? How about another script that removes any unnecessary components if you wish to make your environment completely offline?

@ayoubachak
Copy link

Maybe make it an optional package which first gets installed when public=True is used first time

That is the current behavior actually

and put this information there

That's a good idea, we'll do that, thanks!

Can you please add a warning for corporate computers, the file singlehandedly blocked every activity in my computer ( antivirus detected it ), now it's taken for maintenance.
I'm pretty sure I won't be the only one who had this issue, I have to mention that I myself went and downloaded the file and it wasn't detected as a malware in the beginning.

@carlthome
Copy link

The enterprise security department where I work also alerted on this.

@niccokingdom
Copy link

Same here, flagged by corporate, isn't it possible to fix the file, that seems like one of the main straightforward features to be able to share apps? Thanks

@salvasisua2
Copy link

image

McAfee detect...

@Woahai321
Copy link

SentinelOne also reports this as malware.

@danmack
Copy link

danmack commented Jun 5, 2024

crowdstrike falcon also quarantines this as Adware/Malware.

@mulder1
Copy link

mulder1 commented Jun 12, 2024

Frp component is a reverse proxy written by a Chinese programmer.
It's like saying welcome to trouble if you install it on your computer. No sane corporate environment will allow that

@nucklearproject
Copy link

Same problem here 😴
image

@jblouin
Copy link

jblouin commented Aug 3, 2024

Symantec also reports this as a security issue
symantec_gradio_frpc_issue

@xarical
Copy link

xarical commented Aug 14, 2024

Can I get a confirmation that "Misleading:Linux/FRP.B!MTB" is related to this issue? All I know is that I was in the process of downloading my Gradio project (that uses share=True) for archiving. Heart stopped for a sec when I got the warning from the AV (it didn't mention what triggered the warning, so I can only guess that it's what I had just downloaded) and I'm still trying to figure out whether or not I'm screwed

@cartolid
Copy link

Cytomic EPDR also reports it as PUP/generic (and deletes it).

@FurkanGozukara
Copy link

my kaspersky antivirus reporting as like this perhaps they can be modified to not report

not super important but just reporting

Today, 29/09/2024 13:11:53;G:\Kosmos-2\venv\Lib\site-packages\gradio\frpc_windows_amd64_v0.2;Not processed;Disinfection not possible;not-a-virus:HEUR:NetTool.Win64.FRP.gen;Postponed;File;G:\Kosmos-2\venv\Lib\site-packages\gradio;frpc_windows_amd64_v0.2;Not processed;Legitimate software that can be used by intruders to damage your computer or personal data;Low;Partially;SECoursesPC\Furkan;Active user

@SH4DY
Copy link

SH4DY commented Oct 1, 2024

Also just ran into this on my corporate machine. Crowdstrike on Apple Silicon.

@rsxdalv
Copy link

rsxdalv commented Nov 6, 2024

I don't think this issue should be closed since antiviruses still report it. I'd also prefer if frpc was an optional module so that users can install it, rather than everyone getting a warning.

@sunilagarwal2007
Copy link

Has anyone experienced any issues with the Gradio library being flagged as potentially malicious?

While using Gradio on my corporate machine for learning and experimenting with Machine Learning models, it identified a malicious application/tools on system.:

/lib/python3.9/site-packages/gradio/frpc_darwin_arm64_v0.2

I'd appreciate any insights on why this might be occurring, Is Gradio has anything malicious library running at backgroud ?

@rsxdalv
Copy link

rsxdalv commented Nov 17, 2024

Has anyone experienced any issues with the Gradio library being flagged as potentially malicious?

While using Gradio on my corporate machine for learning and experimenting with Machine Learning models, it identified a malicious application/tools on system.:

/lib/python3.9/site-packages/gradio/frpc_darwin_arm64_v0.2

I'd appreciate any insights on why this might be occurring, Is Gradio has anything malicious library running at backgroud ?

Unless you use --share option, I think you can just delete the frpc file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests