or Create a profile

Home Beta

gpg-agent Killed by Cylance AV during message signing

Greg's Avatar

Greg

11 Nov, 2015 02:20 PM

GPGMail 2.6b2

I am currently using Cylance for threat detection on Mac and when using GPG Tools to sign outgoing messages, Cylance kills the gpg-agent due to "Exploit Attempt" specifically Stack Pivoting.

ADDED   PROCESS NAME    PROCESS ID  TYPE    ACTION  USER NAME
11/06/15 9:36 AM    /usr/local/MacGPG2/bin/gpg-agent    50022   Stack Pivot Terminated  ghuff
11/06/15 9:36 AM    /usr/local/MacGPG2/bin/gpg-agent    50021   Stack Pivot Terminated  ghuff
11/05/15 8:29 AM    /usr/local/MacGPG2/bin/gpg-agent    47163   Stack Pivot Terminated  ghuff
11/05/15 8:29 AM    /usr/local/MacGPG2/bin/gpg-agent    44646   Stack Pivot Terminated  ghuff

Any thoughts on why this is happening? I apologize in advance for not having additional technical details on what exactly is going on.

  1. Support Staff 1 Posted by Steve on 12 Nov, 2015 02:23 PM

    Steve's Avatar

    Hi Greg,

    first time hearing of Cylance. So to move this forward, we'd have to test, if the problem persists if you use the gpg-agent "as is" directly from gnupg.

    To do that

    • uninstall GPGTools
    • install homebrew
    • brew install gpg2
    • re-install GPGTools but use "Customized install" and de-select MacGPG2

    Then let us know if the problem happens as well.

    Would be great if you could test this. Let me know if the steps are detailed enough to make something useful out of them.

    All the best,
    steve

  2. 2 Posted by wingman on 13 Nov, 2015 10:17 AM

    wingman's Avatar

    Can you submit samples to Cylance as FP? if yes you might be able to get the app and submit it to them

  3. 3 Posted by Greg on 04 Jan, 2016 05:42 PM

    Greg's Avatar

    Steve,
    Your solution seems to have remedied the situation. Thank you for your help.

  4. Support Staff 4 Posted by Steve on 01 Feb, 2016 02:52 PM

    Steve's Avatar

    We have a ticket for this problem. I connected this discussion with the existing ticket. That means, should this discussion get closed, it will be re-opened as soon as the ticket is closed. That way you'll stay in the loop and get notified as soon as we have news. Feel free to open a new discussions should you run into further problems or need assistance.

    Kindly,
    steve

  5. Steve closed this discussion on 01 Feb, 2016 02:52 PM.

  6. Steve closed this discussion on 19 Jun, 2017 04:57 PM.

Comments are currently closed for this discussion. You can start a new one.

  • New Issue

  • Conversation Started

  • The discussion is closed

    No more actions from GPGTools or the discussion starter are required.

    #681 state: closed

  • Re-open the discussion

Private Permissions

This discussion is private. Only you and GPGTools support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

01 Oct, 2023 05:24 PM Support for macOS Sonoma
29 Sep, 2023 06:39 PM Got your email about Sonoma support
25 Sep, 2023 04:27 PM vem pra nave
15 Sep, 2023 05:46 PM System Crash (Lost Secret Key) - can I recover the secret key by just having the public key and passphrase?
13 Sep, 2023 11:44 AM GPG Mail: Recipients cannot read encrypted mails after migration to Microsoft365

Recent Articles

GPG Mail not in Manage Plug-ins list after installation or doesn't remain active
Upload and verify your public key
GPG Mail can't decrypt message
OpenPGP solutions for all operating systems
Add self-signature to an old key which does not have one