JuliaPro v1.5.3-1 and Julia v.1.5.4 quarantined by Cisco AMP as ransomware

Event Type: Threat Detected
Hostname: XXX
Detection: W32.MAP.Ransomware.rewrite
File: julia.exe
File path: \?\C:\Users\XXX\AppData\Local\JuliaPro-1.5.3-1\Julia-1.5.3\bin\julia.exe
Detection SHA-256: 8faf21bdf85d88a4560b103181f79fc533a379e5882145252ca9715b0c193134
By Application: JuliaPro-1.5.3-1_build-319.exe
Severity: Medium
Timestamp: 2021-03-15 17:04:52 +0000 UTC

The same thing happens when Julia v1.5.4 is installed and then called by Atom/Juno. While pre-compiling packages, Cisco AMP quarantines julia.exe.

We have reported this to Cisco. Hopefully they will fix this?

This will explain some odd behavior on managed computers, as julia.exe keeps disappearing.

JuliaPro 1.4.1-1 seems okay, but it is possible that a new install of this version would also get flagged.

I believe this issue might have just recently been addressed - but I am unsure if your copy of AMP has the most recent checks installed.


Try it out Today to see if it works. If not: try again next week.

More suggestions

Try out Julia v1.6.3 (non-pro) first. That one works for me.