Julia blocked by CylanceUI

I’m currently running Julia 1.2.0. Here is a screen shot of what exactly is happening when I try to run Julia. The REPL will actually launch, but the first command will kill the program.

My computer is running Cylance 2.0.1530.505

Looks like I can only share one image per post as a new user:

Here is another screenshot of Cylance showing the details behind killing Julia:

Does this also happen when you put

using InteractiveUtils

println(versioninfo())

in a file (e.g. tmp.jl) and run the file via the commandline (with julia tmp.jl)?

IIRC folks have worked around this false positive in the past by getting their IT to whitelist Julia. It’d be great to report this directly to Cylance themselves, but I think you — as a Cylance customer — need to be the one to do that.

4 Likes

It seems to work when I run it through a file on the command line, although I’m getting an error, not sure if’s related to Cylance:

$> julia tmp.jl
Julia Version 1.2.0
Commit c6da87ff4b (2019-08-20 00:03 UTC)
Platform Info:
  OS: macOS (x86_64-apple-darwin18.6.0)
  CPU: Intel(R) Xeon(R) CPU           X5670  @ 2.93GHz
  WORD_SIZE: 64
  LIBM: libopenlibm
  LLVM: libLLVM-6.0.1 (ORCJIT, westmere)
ERROR: LoadError: ArgumentError: `nothing` should not be printed; use `show`, `repr`, or custom output instead.
Stacktrace:
 [1] print(::Base.TTY, ::Nothing) at ./show.jl:587
 [2] print(::Base.TTY, ::Nothing, ::Char) at ./strings/io.jl:48
 [3] println(::Base.TTY, ::Nothing) at ./strings/io.jl:75
 [4] println(::Nothing) at ./coreio.jl:4
 [5] top-level scope at /Users/mcdodj/tmp.jl:4
 [6] include at ./boot.jl:328 [inlined]
 [7] include_relative(::Module, ::String) at ./loading.jl:1094
 [8] include(::Module, ::String) at ./Base.jl:31
 [9] exec_options(::Base.JLOptions) at ./client.jl:295
 [10] _start() at ./client.jl:464
in expression starting at /Users/mcdodj/tmp.jl:4

Ok, that’s good - I get the same error and I’m not running Cylance, so that’s unrelated (but should probably be fixed nonetheless). That at least rules out core julia (well, and InteractiveUtils) and localizes the problem to the REPL, if I’m not mistaken.

Julia uses multiple stacks to implement coroutines (aka tasks), which is a fundamental feature of the language. If Cylance thinks that what Julia does is an attack that’s somewhat understandable, but it’s perfecrly legitimate for programs to have multiple stacks. You can try the JULIA_COPY_STACKS environment variable in the upcoming Julia 1.3 release to avoid actually jumping to any stacks but the main one at the cost of reduced performance of task switching. The real solution here is for Cylance to have better precision when detecting what is an attack and what isn’t.

5 Likes

Ah, gotcha!

1 Like

I have a stack of filed issues with my IT department for this. I still have to get each release of Julia whitelisted. I haven’t been able to file a complaint directly to Cylance because I’m technically not the customer so I cant file a log through their official channels

2 Likes

Even though you can’t officially file a complaint, you can submit a case at https://support.cylance.com/s/?language=en_US. Perhaps if enough folks do that, they’ll take notice even if we’re not Cylance administrators.

2 Likes

This may be useful, but I still think that the best way to solve this is people affected by this asking their IT to open a ticket a Cyclance. They are, after all, paying for a product, for which they should get support.

Has anyone here done this?

So I’ve been going back and forth higher and higher in the IT department. I finally caught someone from our department IT team in a lecture hall and sent him an email while sitting next to him and said “I’m sending you an email about this issue so you have another official ticket but here are the problems…”.

I was sent an email that my IT issue ticked had been closed and that the downloads of Julia needed to be a signed binary or we would have to manually whitelist each release. So I sent him this link (which was sent to IT in the 3rd iteration of me trying to get this fixed in May).

My IT issue ticket has now been updated to “waiting for support”. Meanwhile, I’ve been updated to exasperated.

4 Likes

I’m in the same boat as you. I emailed Cylance and CC’d the head of our IT, I attached this thread to my IT request. I got a guy to supposedly unblock it, but when I went to update my Cylance policy nothing happened.

What does it take to make it a signed binary? I’m just curious why I don’t have this problem with every other language I can freely download.

If you follow the link above it takes you to where I was kindly shown that it is a signed binary. I don’t know if this has different meanings though. I’m pretty skeptical of Cylance as a whole though and read something a while ago that seemed like a pretty poor way automating what gets whitelisted.

Finally got a response last night from IT and they claim Julia is now white listed by Cylance. I was able to get the latest release candidate running on my laptop. I’ll try it on my work desktop today to see if they actually fixed it or just white listed it for my computer (which is what they did before for individual releases).

If anyone has the time and opportunity it would be nice to see if they could build Julia on a Cylance monitored machine. This was also impossible to do without the operation being aborted prematurely by Cylance.

3 Likes

Also, anyone ever noticed the similarity between Cylance and Cylon?

Sounds like great news! Does this mean that Cylance has whitelisted Julia in a version-independent manner globally? Or simply that your IT department has set a whitelist rule for specific versions for your organization?

I was specifically told that the request was sent to Cylance and not just someone in our department that has the power to whitelist programs. Here was exactly what I received in an e-mail.

The Julia certificate was added to the Cylance exception list.

I’m being very careful about making any claims at this point because I’ve been misled by IT on this multiple times. I confirmed that it works on other computers at my university that have Cylance but I can’t really check anything beyond that.

2 Likes

I appreciate your caution, but thank you for pushing on this regardless! Hopefully, it does turn out that this is a global solution. Folks like myself who are in industry (not academia) won’t be able to publish these sorts of details in public due to cyber security privacy reasons, so your sharing is appreciated.

Of course! If it’s any consolation, I never had trouble with official releases once they’d been out for a couple of weeks-months. In that case it’s unlikely to be problematic for anyone using your Julia based program by the time it’s ready. I’m fairly convinced up to this point it’s been a combined issue of my IT department and Cylance ignoring me up to this point, not how Julia seems to work in any other situation.