Windows defender failed to scan payara5-2022.3 since Sept 16.
Hi @jim-zhang,
Could you please provide some more details about the issue you are facing? Was this happening before September 16th with Payara 5.2022.3?
Could you also please share some details from Windows Defender on why the scan failed? I have been able to reproduce this, but I would like to confirm the flag is for the same reason. This information will greatly help us reproduce and fix the issue.
Best Regards,
James
Hi @jim-zhang,
This has been escalated to our development team under the internal ID FISH-6553. Your patience while we investigate this issue is much appreciated.
Thanks,
James
Hi JamesHillyard,
Previously, the Payara5-2021.3.zip was used in our system, but this version contains a security vulnerability, as reported from Payara side in August.
We downloaded and installed Payara5-2022.3 in Windows 10 and Linux system in August. The payara5 server was working well under Window10 before Sept 16, 2022, but the server suddenly cannot restarted yesterday (Sept 16) with error message of some files containing virus or vulnerability.
I tried to download the most recent build of Payara5-2022.3.zip from the below website,
https://www.payara.fish/downloads/payara-platform-community-edition/
After the Payara5-2022.3.zip was downloaded onto Windows 10 local file system, and trying to unzip this file, Windows defender detected some of virus or vulnerability. The Payara5-2022.3.zip was automatically deleted by windows system.
Hi @jim-zhang,
Thank you for providing more contextual information on this, we have reviewed the error reported by Microsoft Defender internally and identified this is a false positive, there is no vulnerability here in Payara Server.
I recommend marking the file as safe, or adding an exclusion for this CVE into Microsoft Defender on your local machine, and re-extracting Payara Server. You should then receive no warning from Defender, and Payara Server will start correctly.
Best Regards,
James
Thanks JamesHillyard for this confirmed info.
This will be very helpful for us to move forward to deploy our applications in Parara-2022.3.