[PUP-8956] puppet agent doesn't run properly when avast anti-virus running Created: 2018/06/24  Updated: 2018/06/27

Status: Accepted
Project: Puppet
Component/s: Windows
Affects Version/s: PUP 5.5.2
Fix Version/s: None

Type: Bug Priority: Normal
Reporter: Geoff Williams Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows 10 x64

Avast anti virus active


Attachments: PNG File pupp-bug-3.png     PNG File pup_win_bug_1.png    
Template: PUP Bug Template
Team: Windows
Method Found: Needs Assessment
CS Priority: Reviewed
QA Risk Assessment: Needs Assessment

 Description   

Overview

Unable to run puppet agent on windows 10 when Avast anti-virus is active

 

Expected result

Expect puppet agent to work without error

 

Actual result

Tons of errors all over the place where the AV agent blocks puppet

C:\WINDOWS\system32>puppet agent -t
Info: Caching certificate for bpm-r1.lan.asio
Info: Caching certificate_revocation_list for ca
Info: Caching certificate for bpm-r1.lan.asio
Info: Using configured environment 'production'
Info: Retrieving pluginfacts
Info: Retrieving plugin
Notice: /File[C:/ProgramData/PuppetLabs/puppet/cache/lib/facter]/ensure: created
Notice: /File[C:/ProgramData/PuppetLabs/puppet/cache/lib/facter/aio_agent_build.rb]/ensure: defined content as '{md5}cdcc1ff07bc245c66cc1d46be56b3af5'
Notice: /File[C:/ProgramData/PuppetLabs/puppet/cache/lib/facter/aio_agent_version.rb]/ensure: defined content as '{md5}d05c8cbf788f47d33efd46a935dda61e'
Error: ReplaceFile(C:/ProgramData/PuppetLabs/puppet/cache/lib/facter/archive_windir.rb, C:/ProgramData/PuppetLabs/puppet/cache/lib/facter/archive_windir.rb20180624-10408-1ezfsm4): Unable to remove the file to be replaced.
Error: /File[C:/ProgramData/PuppetLabs/puppet/cache/lib/facter/archive_windir.rb]/ensure: change from 'absent' to 'file' failed: ReplaceFile(C:/ProgramData/PuppetLabs/puppet/cache/lib/facter/archive_windir.rb, C:/ProgramData/PuppetLabs/puppet/cache/lib/facter/archive_windir.rb20180624-10408-1ezfsm4): Unable to remove the file to be replaced.

 

Analysis

Disabling all avast shields, Puppet agent works as expected (see screenshot)

 

Workaround

Remove anti-virus or set exclusions



 Comments   
Comment by Josh Cooper [ 2018/06/25 ]

ping Larissa Lane, Ethan Brown. I'm guessing it doesn't like something about our call to ReplaceFile, assigning to Windows team. It would be good to come up with a minimal reproduction.

Comment by Larissa Lane [ 2018/06/25 ]

Thanks Josh Cooper. Do you know if this is a regression?

Comment by Larissa Lane [ 2018/06/25 ]

Would appreciate CS input on the customer impact of this issue.

Comment by Ethan Brown [ 2018/06/25 ]

Larissa Lane this doesn't seem like a regression. Sometimes overly aggressive AV software can get in the way of Puppet performing work. Since Puppet should be behaving like a SYSTEM management / configuration process, it performs actions that AV probably doesn't believe usermode software should be performing.

 

I'm not sure there's much we can do from the engineering side on this one, as this seems like more of a documentation problem. We could probably write code to probe the system in an effort to determine if specific APIs will fail and immediately fail / warn, but it seems like we might be chasing our tail a bit given the number of AV products out there and an incomplete understanding of what they all do.

 

 

Comment by Josh Cooper [ 2018/06/25 ]

Larissa Lane I don't think it's a regression, but it could be. The one change I know of in that area was PUP-7394, first released in 5.4.0.

Comment by Geoff Williams [ 2018/06/25 ]

Customer for this ticket is just me - I have a lab of Windows machines and figured the info might be useful to someone

Comment by Ethan Brown [ 2018/06/26 ]

Geoff Williams the info is definitely useful. It would also be useful to know if you could test an older version of Puppet, prior to 5.4.0, to see if you see the same issue?

Comment by Geoff Williams [ 2018/06/26 ]

Ethan Brown I ended up uninstalling avast to let puppet run. I'm out of time to spend looking at this issue myself unfortunately

Generated at Sun Jun 16 15:45:51 PDT 2019 using JIRA 7.7.1#77002-sha1:e75ca93d5574d9409c0630b81c894d9065296414.