Author Topic: Support WSL pico processes  (Read 982 times)

0 Members and 1 Guest are viewing this topic.

Offline WSLUser

  • Newbie
  • *
  • Posts: 11
Support WSL pico processes
« on: March 09, 2018, 03:44:27 PM »
Avast. much like Windows Defender currently requires the entire Linux distribution to be exempted in order to run pico processes. This is an unacceptable risk to security in any corporate environment. What Avast needs to do is treat Pico processes the same way as Windows processes. Microsoft will soon be releasing an update to Windows Defender in "Skip-Ahead Insiders" builds that manage rules at per process/port level. Avast should implement a similar setup. There is a blog from 2016 Microsoft has provided to assist third-party vendors such as Avast to integrate with WSL. Here's the blog: https://blogs.msdn.microsoft.com/wsl/2016/11/01/wsl-antivirus-and-firewall-compatibility/

If further support is needed from Microsoft, see this WSL Github issue: https://github.com/Microsoft/WSL/issues/1852 and reply on there to start the conversation with Microsoft. They are willing to assist in the integration process if needed.

Also, with the release of Kali Linux to the Windows Store, some connections are automatically blocked when trying to install some penetration testing tools by Avast. I don't want wide open connections or having to create exemptions. Can you whitelist the Kali archive servers needed to download these Linux packages? This will still most likely be needed for other distros as well when downloading certain packages ( I have experienced this for a project I was building in Ubuntu). Since a gpg key is required to connect to the servers and also for the distro to install updates or new packages, a secure connection is already in place and you always are able to verify the hash. Therefore connections made using apt, yum, zypper, rpm, git, etc. should be trusted by Avast. I do have SSL scanning enabled but in this case, I think the user should verify hashes manually. Also since you can kill a linux distro, thus wiping everything on it (including any malicious data), the risk to Windows is minimal (Regular scanning on Windows for projects built that are stored on Windows using WSL will prove sufficient with exception of needing to put Linux updates into the A/V engine, boot-time scan, etc. that will only be downloaded after checking that WSL is installed to ensure any Linux files residing in Windows land can still be properly scanned (but not killed instantly or ignored either).

Note: With the arrival of AF_Unix on Windows and also Linux metadata able to be preserved on Windows directories, this could assist supporting WSL.

« Last Edit: March 20, 2018, 07:41:20 PM by WSLUser »

Offline WSLUser

  • Newbie
  • *
  • Posts: 11
Re: Support WSL pico processes
« Reply #1 on: March 20, 2018, 07:38:47 PM »
An official response to this from the Avast team would be greatly appreciated. Not supporting this risks losing profit to anyone who wishes to utilize WSL. I know I'd be perfectly content to wait for Microsoft to bring WSL support for Defender and ditch this if that's what I have to do to develop without Avast bothering me. I've been an Avast customer for years and utilize the most feature-filled version (Premier at this time), so I would rather Avast did something about this but if they want to throw this to the wayside then I can in good conscience throw Avast to the way side as well once my subscription is up.