CrowdStrike Falcon is an endpoint protection enterprise software package (i.e. virus scanner run from company servers on all client PCs). It appears that LabVIEW 2018 executables may not be compatible with CrowdStrike. I noticed some of my deployed applications at a customer site (I am a LV consultant) were being "quarantined". The symptom is not pretty: attempting to run the EXE results in the file being "deleted" from Windows Explorer and Windows showing a dialog implying that the file lacks the correct permissions or otherwise is missing. In fact, the program is not really deleted (it is recoverable by the IT department running the CrowdStrike admin tools), but to the user it is effectively gone (and of course can't be run).My point of posting here is:1. To see if anyone else is running on systems with CrowdStrike deployed and has experienced similar issues (or perhaps is running with CrowdStrike and has not experienced issues?).2. Assuming the answer to 1 is No (I could not find any existing forum threads mentioning CrowdStrike), to provide a starting point for future folks searching the forums for information about this issue.3. Perhaps there is a way to build the EXE to avoid the problem, if so I'll update this thread with any information about the workaround.4. If NI R&D gets involved, provide a place for updates as to any action NI has taken to resolve the issue.Here is a little bit more detail about what we have discovered so far.Only LV2018 built EXEs have demonstrated the issue. I have built identical programs with both LV2016 and LV2017 and they do not get quarantined. You might think the issue is "What exactly is the program doing?". But, my test application literally does nothing. It is an empty VI panel, with an empty diagram. This single VI is built into an Application using the default options and run. That's it. If you do this in 2016/17, no problem (the blank panel launches and is done). In 2018, it is quarantined.CrowdStrike has been sent some test applications. They ran and analyzed the programs and claim that they exhibit "malware-like behavior". This includes disk access, network access, kernel access, etc. (I won't get into all the technical details now, but might add more in a later post). CrowdStrike Falcon is "behavior based" protection. It doesn't do traditional file scanning to find viruses, it actually observes the behavior of the program itself as it starts to run. The location of the file does not matter. You can copy the EXE to a different location and it exhibits the same behavior (despite the Windows dialog implying you don't have correct file permission- this is a standard dialog that results from the file "disappearing" from the system).I have tried this using all the "flavors" of LV2018 (2018, 2018f1, 2018f2, 2018SP1), and all exhibit the same problem.I have tried disabling VI Server in the INI file.The LabVIEW 2018 IDE itself seems fine- the issue is only with a built EXE Application using the RTE. I have also built similar programs into shared libraries (this is something I do quite often in my distributed systems), and these run fine. It is only the stand alone EXEs that demonstrate the issue.I am attaching my test project and the built EXEs in 2016/17/18. Eric Behrs Behrs Engineering Services Certified LabVIEW Developer

LabVIEW

LabVIEW 2018 issues with CrowdStrike

Eric,

My CrowdStrike is 4.23.8603 and it is still attacking all LabVIEW executables. Thus, particular version of CS is not a defining factor at this point. However, creating an installer with debugging option ON is still working for me.

Message 11 of 11

(539 Views)

LabVIEW

LabVIEW 2018 issues with CrowdStrike

Re: LabVIEW 2018 issues with CrowdStrike