GVWIN not working

All of a sudden, GVWIN.exe was not working. So for the time being I am using the GVWIN64.exe that I have found in the GVWIN folder. Hope that's OK.

What is happening?

Could you describe what you mean by "not working"?

I have had two clients report this yesterday. It's due to a Microsoft Essentials automatic update that thinks GVWIN.EXE is a virus and removes it.

This is something Softrak is going to have to deal with.

Steve

The Softrak Folder should be excluded from the anti virus scan and we don't recommend using MS Essentials at all.

Four clients have now called. This is a nightmare.

Apparently a lot of people use MS Essentials and that isn't going to change. And it has nothing to do with excluding the Softrak folder - Essentials finds it anyway and just removes it - no matter what I rename GVWIN.EXE to or where I put it.

Steve

Have the same problem last night, re-loaded grid view but when the first personal loaded gridview, the file was deleted,

Starting yesterday, MSSE has marked GVWIN.exe and LedgerFinRep.exe on my system and two of our client's systems as infections. Specifically, it is calling it TrojanSpy Win32/Nivdort.CW.

MSSE is in wide use with our clients because they rarely maintain any product that requires a subscription and all the other free AV products nag incessantly to become paid versions.

On the off chance that I actually have a virus I'm waiting on the results of a scan from a boot CD.

Hi, Everyone,

MSSE. Before we panic, please follow Andrew's advice about ensuring that the Softrak folder is excluded from scanning whether or not it resolves this particular issue. It is good advice.

I'm interested in the results of the scan that was in process above.

Antivirus software has, at various times, interfered with Adagio and other programs. A couple of years ago, when MSSE had the 'Real-time scanning' option enabled, it caused data to be corrupted when OE DE was run. But MSSE isn't the only AV software that has on occasion caused programs problems.

I'm curious, is this option enabled or not? The more real information we have, the better chance we have of being able to deal with the issue without sites having to change their AV software.

I have one dealer who spent yesterday working on this (unaware of what is being posted here today) who feels 'Bill & company owe me a day'.

We are looking into this to see if we can get this 'white listed' as it is a false positive that is being reported by MSSE.

I use microsoft defender, it's part of Windows 10 and it quarantined the finreporter as well. My client that called today with the issue, is using a different system on their server and had the same experience. I was able to restore my file and exclude it, but IT departments are hesitant to exclude program files. Just my experience. I can get them to exclude the data a bit more easily.

Hi, Everyone,

MSSE is deleting the executables as it is reporting a false positive on GVWIN.exe and LedgerFinRep.exe.

Please refer to this other forum thread (see link below) wherein ICBM provides some solutions they found with respect to MSSE targeting the LedgerFinRep.exe. Perhaps these can be used against the threat the false positive poses to the GVWIN.exe also.

http://softrak.com/ubbthreads/ubbthreads.php/topics/48549#Post48549

I am having the same issue.
Thinking it may be infected I reinstalled GV, this obviously had no effect as MS Defender is the culprit. turning off real time protection and excluding both the softrak and gvwin directories doesn't help even after restoring quarantined files. Gridview attempts to open and then disappears similar to it's behavior when you don't have a password for your adagio login.

Of our affected clients and internal PCs, all have MSSE's "real time scanning" enabled. One of the workarounds I am trying is to disable real time scanning on client PCs. This changes the MSSE icon in the taskbar to red and alerts the user that the PC is "At risk". It works to solve the issue under Windows 7. A new wrinkle is Windows 10's built in Defender is also detecting these two Adagio programs as viral. You can turn off real time scanning temporarily, but the Windows Defender settings screen warns that Windows will revert that to on automatically eventually.

Telling MSSE to exclude the folders containing Softrak programs doesn't work, the moment the GVWIN.EXE or LedgerFinRep.exe program is executed, even from an excluded folder, it is detected as viral and quarantined.

I have uninstalled MSSE on one client PC and replaced it with AVG Free edition, then replaced their LedgerFinRep.exe file and all is good. On the client using Windows 10, installing AVG disables Windows Defender.

I can also confirm that excluding the program location will not prevent MSSE from quarantining the files if real-time scanning is on.

The trojan must be permitted for every running instance of MSSE on the network, otherwise they will all take turns finding and quarantining the files.

This is likely a false-positive, but if the users run into the real version I don't think SE would worry about that either, so I am suggesting SE be replaced to anyone who calls our office with this issue.

Hi again, Everyone.

All of our executables are 'signed files' and 'signed files' can't have viruses. Unfortunately, this is a false positive that is being reported and we are working with Microsoft to try and get the issue resolved. Unfortunately, these things do not happen as quickly as any of us would like them to.

Steve:

This is why we ask our clients not to use Microsoft Essentials. You are asking Softrak to spend money to fix a problem caused by someone else's free software. Doesn't seem like an appropriate use of limited resources.

Hi Doug

It's not just MS Essentials

Steve

(from - http://softrak.com/ubbthreads/ubbthreads.php/topics/48542/Financial_Reporter#Post48542)

From Microsoft's site:
TrojanSpy:Win32/Nivdort.CW
Alert level: Severe
Also detected as: Trojan.Win32.Agent.ihpl (Kaspersky), Trojan-FHOH!885352259A4D (McAfee), Troj/Nivdort-BV (Sophos), TROJ_BAYROB.SM4 (Trend Micro),

Avast is also picking it up.

We have the corporate version of MS "System Centre Endpoint Protection" and of course it removes it too.
_________________________
Dan Desautels
BDO Canada LLP
Thunder Bay, ON

Doug,

As I previously reported in the other thread, this is not exclusive to MSSE. I have clients that have been affected using Avast as well. And it has nothing to do with "free" software. We use MS System Center Endpoint Protection and I currently have no access to Financial Reporter.
I assure you BDO pays a large amount of money for SCEP. It has everything to do with the AV definitions.

Also, as reported by Micrososft:
"TrojanSpy: Win32/Nivdort.CW
Also detected as: Trojan.Win32.Agent.ihpl (Kaspersky), Trojan-FHOH!885352259A4D (McAfee), Troj/Nivdort-BV (Sophos), TROJ_BAYROB.SM4 (Trend Micro)"

Simply telling clients not to use MSSE is not a solution considering Avast and Microsoft are #1 and #2 in terms of AV market share worldwide.

For what its worth here is why I disagree:

1. I support more end users than any other Adagio dealer
2. We ask our clients not to use Microsoft Security Essentials or other free and/or inexpensive AV solutions
3. We have had one client with this problem. They are using Microsoft Security Essentials against our advise.

You have to ask these questions:

1. Would you prefer to spend money on a proper AV solution or spend money to solve the problems caused by a free AV solution?
2. Would you prefer that Adagio spend money so that you can use a free AV solution or would you prefer that Adagio spend money improving the features in Adagio.

You could substitute 'inexpensive' for the word free as the AV solutions that we have the most problems with are the ones that are free (Avast & Microsoft) or inexpensive. Kaspersky was a huge pain until be figure out how it needs to be configured (and then we almost never see it), McAfee and Sophos we almost never see so I have no experience, and the managed version of Trend Micro doesn't seem to cause any issues when installed and configured correctly.

We recommend Symantec Endpoint Protection (a managed solution), we use this solution internally, and many of our clients use this solution as well. Yes it costs money to buy and more money every year for maintenance (as its important to keep the AV software current) but we never have a problem with it.

Quote:
"2. Would you prefer that Adagio spend money so that you can use a free AV solution or would you prefer that Adagio spend money improving the features in Adagio."

There is absolutely nothing Softrak can do to retroactively fix an EXE shipped in 2014 to stop a Virus Checker shipped in 2016 from reporting a "false positive".

We have done all we can, reported the issue of the "false positive" to Microsoft and it is our hope they can do something to correct their "virus database". Time will tell.

Hi Douglas

How many of your clients have tried to use GridView or Financial Reporter today? I have a feeling that every day this problem will continue to grow and it will affect your clients too.

I have 200 Adagio installs and I heard from about 10 clients today.

I'm not interested in assessing blame to users who chose a cheap AV solution or to dealers who didn't demand that their clients use better AV solutions or to Softrak for not reading Microsoft's mind.

I'm interested in being able to get back to my life, which is very hectic in mid-January with year-ends, new installs, and payroll issues. I'm also interested in making my clients happy with whatever solution to this problem is easiest for them and absolutely works. I'm not sure yet that switching to a different AV solution will absolutely work.

Steve

Steve:

Given that it's the 'financial report generation' time of the month I would assume that my experience should be similar to any other Adagio dealers, so if lots of your clients are running the FR today so should lots of mine. For sure the one thing that will generate a phone call faster than anything else is not being able to print financial statements when management is expecting one.

Based upon Michael's response and give the snails pace that Microsoft is likely to address (though every once in a while I get surprised) this issue I would say that this problem will have to be fixed at either the end user end or Softrak's. If Softrak was convinced to spend resources to solve this problem there would be no quick fix or even any guarantee that after spending a pile of money that a fix could be found (after all, how do you fool the AV software that thinks you are a virus into not thinking you are a virus when this only seems to be a problem for some AV software?).

I only had one client complain about FR; all of the others were trying to use GridView.

I've logged in to a few of my other clients after hours, and sure enough one of them was hit too. And they are using Kapersky, definitely not Essentials. The only reason I haven't heard from them yet is that they haven't tried to run a GridView or Financial Report.

Try logging in to a few of your clients and see for yourself. If you don't see the GVWIN.EXE or LedgerFinRep.EXE file where it should be then your clients are in the same boat as mine.

I myself use Microsoft Essentials, but I have auto-update turned off, and I haven't updated in a while, so I was spared. But that was just luck.

Steve

For Gridview you can use

..\Softrak\GVWin\X64\GVWin64.exe

The virus checker is not complaining about that exe.

This from Microsoft:
=========================
Thanks for the report, this in indeed a false positive. I've disabled the signature and it will take effect in signature release version 1.213.2988.0 and above.
Sorry for any inconvenience this caused.
Geoff
=========================

Michael:

That's good and surprisingly quick news. Do we know how frequently they issue the releases? And do we know if this has any effect on the other AV vendors?

Hi,
We had a related occurrence with our client's Kaspersky immediately after we upgraded our entire client site to 9.2 in December, so it's not just MSE.

The symptoms that we faced, were all LanPaks (30) were gone after 10 users had logged into the system in GL and AP.

We also had Kaspersky conflicts with printing to PrintBoss drivers where the printing of checks lost the connection to PrintBoss.

We resolved by quickly excluding the local Softrak footprint on the user workstations, and excluding the Softrak and data folders on the server.

I suppose we should have reported these situations earlier, but we've been busy.

We do not know if this was related to a Kaspersky update, but we know definitely that the situation started immediately on the first morning after we did an evening upgrade to 9.2. We have drawn our own conclusions and will be moving quickly to ensure every 9.2 site will be excluding these folders, if they have not already been excluded. Normally, our best practices would exclude these folders from AV scanning.

For the people who have been asking, we also use Trend for our protection which works very well if set up properly. This is not an endorsement of the product that we use or to say that your AV selection is good or bad, although with free software, you sometimes get what you pay for.

And we do not recommend Essentials to any of our site clients because of noted above issues with OE that we also discovered several years ago. But this new noted issue is not isolated to Essentials.

Brian

I uninstalled the MSSE from all workstations and now it's back to normal.

Fong:

I hope you installed some other antivirus software to replace the MSSE you uninstalled. Otherwise you have left yourself vulnerable to a virus.

Thanks. We are using ClamWin now.

As far as we can ascertain, Microsoft has updated their anti-virus definitions and this problem should no longer occur.

MSSE on Windows 7 with definition 1.213.3251 (Jan 18th 2016) leaves my GVWIN.exe and LedgerFinRep.exe files alone.

Thanks for the external confirmation.