not allowed to use wine

Hello George Paraloffsky,

denied access
is the outcome. Access is denied in response to a detection and the detection might or might not be the correct. Just that on-access scanning [recently] started to deny access doesn't prove that the detections are false positives. What are the names of the detections?

I have tried in vain to use -exclude
neither exclusions nor completely disabling on-access should be the action of choice  You should make sure it's indeed an FP by sending a sample. Even if it turns out to be an FP exclusions should normally be only a temporary measure as in most cases detections amended accordingly .

Christian

Hello Christian,

All reported files are part of WINE and that is why I suspect them to be FP.

https://www.4shared.com/photo/XgcQjtwoea/Screenshot_from_2021-01-20_21-.html

https://www.4shared.com/photo/ZgpFzItcea/Screenshot_from_2021-01-25_10-.html

George

Hello George,

the analysis of Mal/FakeAV-CS suggests to send a sample as it's more or less generic. Generic detections are by nature more prone to FPs - OTOH it doesn't look like Mal/FakeAV-CS has recently been updated. Could it be that the DLLs have recently been changed?

Christian

Hello Christian,

I do not understand much. I even re-installed Manjaro to no avail. How could the file (and there are may of them) be changed as I just install WINE? It is a pity there is no exclusion in on-access scanner.

George

Hello George,

if I understand correctly you were able to run Windows applications with WINE but "suddenly" Sophos blocked some (or many) DLLs. Did you perhaps upgrade WINE to 6.0 which has been released just the other day?

Christian

Hello Christian,

You understand quite correctly my bad description of the problem. And yes, WINE is version 6.0. I was thinking of downhgrading it although I do not know howm but I shall look for a solution to it unless you have a better proposition.

George

Hello George,

seems that the new builds of the core modules (DLLs) have some characteristic that triggers these detections. As said, you should send in a few samples. I assume that WINE is deemed legitimate and sufficiently popular so that chances are good that the detections will be amended as necessary.

Christian

Hello Christiam,

With my lomitd knowledge, I assume that Sophos gives FP warnings. WINE is a trusted software and the antivirus simply overplays here. I have just been given a warning about iexplorere.exe. Jere is anothe link of screenshot: https://www.4shared.com/photo/pXJwmblViq/Screenshot_from_2021-01-27_10-.html

Unfortunately, the page for sending samples is temporarily unavailable.

I hope that your team will soon take care of WINE!

George

Hello George,

it's not my team, I'm not Sophos. I'm pretty sure they won't take care of WINE unless someone sends in samples (I have, BTW, no problems accessing the submission page). Labs don't take care of arbitrary applications, it's not their job to make them work.
Every sample (you can submit several files in a single archive) goes through an automated analysis and triage, those not unambiguously categorised are passed to a technician for further analysis. If necessary a new detection definition is created or an existing one amended. It doesn't hurt and it works. So, please, take a bunch of these DLLs, zip them up (note the 25MB limit) and submit them.

Christian

Hello George,

it's not my team, I'm not Sophos. I'm pretty sure they won't take care of WINE unless someone sends in samples (I have, BTW, no problems accessing the submission page). Labs don't take care of arbitrary applications, it's not their job to make them work.
Every sample (you can submit several files in a single archive) goes through an automated analysis and triage, those not unambiguously categorised are passed to a technician for further analysis. If necessary a new detection definition is created or an existing one amended. It doesn't hurt and it works. So, please, take a bunch of these DLLs, zip them up (note the 25MB limit) and submit them.

Christian

Hello Christian,

I submitted as you advised. Let me hope there will be a solution.

George