SeaDrive crashes when a "virus" is found in the data

[01/12/17 06:19:47] loaded 1 accounts
[01/12/17 06:19:47] seadrive gui started
[01/12/17 06:19:47] Using disk leter S:
[01/12/17 06:19:47] starting seadrive daemon: seadrive.exe “-d” “C://seadrive/data" “-l” "C://seadrive/logs/seadrive.log” “S:”
[01/12/17 06:19:50] Switched to account http://* * 269c04d
[01/12/17 16:54:46] Seadrive daemon process crashed with code -1073741819
[01/12/17 16:54:46] Exiting with error: SeaDrive exited unexpectedly
[01/12/17 16:54:47] failed to get sync notification: ‘]’ expected near end of file

[01/12/17 16:58:48] loaded 1 accounts
[01/12/17 16:58:48] seadrive gui started
[01/12/17 16:58:48] Using disk leter S:
[01/12/17 16:58:48] starting seadrive daemon: seadrive.exe “-d” “C://seadrive/data" “-l” "C://seadrive/logs/seadrive.log” “S:”
[01/12/17 16:58:51] Switched to account http://* * 269c04d
[01/12/17 16:59:49] app event loop exited with 0

[01/12/17 16:59:49] Unmounting before exit
[01/12/17 16:59:52] [Daemon Mgr] stopping seadrive daemon
[01/12/17 16:59:52] Seadrive daemon process exited normally with code 0
[01/12/17 16:59:52] Exiting with error: SeaDrive exited unexpectedly
[01/12/17 16:59:57] [ext] Failed to read command from extension(), error code 232

[01/12/17 16:59:57] [ext] Failed to read command from extension(), error code 232

[01/12/17 16:59:57] [01/12/17 16:59:57] failed to write response to shell extension: De pipes wordt gesloten.

failed to write response to shell extension: De pipes wordt gesloten.

[01/12/17 17:00:45] loaded 1 accounts
[01/12/17 17:00:45] seadrive gui started
[01/12/17 17:00:45] Using disk leter S:
[01/12/17 17:00:45] starting seadrive daemon: seadrive.exe “-d” “C://seadrive/data" “-l” "C://seadrive/logs/seadrive.log” “S:”
[01/12/17 17:00:49] Switched to account http://* * 269c04d
[01/12/17 17:35:30] loaded 1 accounts
[01/12/17 17:35:30] seadrive gui started
[01/12/17 17:35:30] Using disk leter S:
[01/12/17 17:35:30] starting seadrive daemon: seadrive.exe “-d” “C://seadrive/data" “-l” "C://seadrive/logs/seadrive.log” “S:”
[01/12/17 17:35:33] Switched to account http://* * 269c04d
[01/12/17 17:41:59] trying to log out account http://* * 269c04d
[01/12/17 17:42:00] Deleted account http://* * 269c04d
[01/12/17 17:42:03] handleListRepos: account is not valid
[01/12/17 17:42:04] request failed for http://*/api2/auth-token/: {“non_field_errors”:[“Two factor auth token is missing.”]}

[01/12/17 17:42:06] handleListRepos: account is not valid
[01/12/17 17:42:10] handleListRepos: account is not valid
[01/12/17 17:42:13] handleListRepos: account is not valid
[01/12/17 17:42:16] handleListRepos: account is not valid
[01/12/17 17:42:19] handleListRepos: account is not valid
[01/12/17 17:42:22] handleListRepos: account is not valid
[01/12/17 17:42:24] Switched to account http://* * a866a2a
[01/12/17 17:45:59] failed to read request from shell extension: De pipe is be?indigd.

I’ve added an exception in the AV in the meanwhile.

What do you see when you get “SeaDrive crashes”? Is a windows system dialog saying “The program SeaDrive has just crashed”? Can you paste a screenshot? Thanks!

Yes it is. SeaDrive stopped unexpectedly.

What does this mean? :pensive: I cannot read or translate it…

btw, have you tried 0.5.0 version? That may improve your situation with Keepass.

Sorry, translated:

SeaDrive doesn’t work any longer.

There occured a problem as a result of which the program not longer works as it should. The program is being terminated and a notification will be given when there is a solution available.

I installed 0.5.0 today so I will keep you up to date.

It went fine until it crashes again with the same error.

The path of the file is now:
Device\Volume{d6cc17c5-1734-4085-bce7-964f1e9f5de9}\DATA\DOWNLOADS*

You cannot exclude such a path in the AV.

S: is also not mentioned in the windows mountvol:

Possible values for VolumeName along with current mount points are:

\\?\Volume{8df06f12-6507-4ec5-a54f-68acec42b0ef}\
    D:\

\\?\Volume{e9f1b3df-dc72-42a8-b826-09a1fbee033a}\
    C:\

\\?\Volume{81c81d2f-b74e-44aa-9565-e7cb78d5ffae}\
    *** NO MOUNT POINTS ***

\\?\Volume{f69b84a3-ece7-4eb1-847c-ef9416288fa3}\
    *** NO MOUNT POINTS ***

\\?\Volume{8cca6917-5cfc-11e6-a983-806e6f6e6963}\
    E:\

\\?\Volume{8cca6918-5cfc-11e6-a983-806e6f6e6963}\
    F:\

\\?\Volume{8cca6919-5cfc-11e6-a983-806e6f6e6963}\
    G:\

\\?\Volume{8cca691a-5cfc-11e6-a983-806e6f6e6963}\
    H:\

\\?\Volume{8cca6912-5cfc-11e6-a983-806e6f6e6963}\
    I:\

What do you have in the logs?

seadrive-gui.log:

[01/19/17 12:41:07] Seadrive daemon process crashed with code -1073741819
[01/19/17 12:41:07] Exiting with error: SeaDrive exited unexpectedly
[01/19/17 12:41:07] failed to get sync notification: ‘[’ or ‘{’ expected near end of file
[01/19/17 12:41:07] failed to get global sync status: ‘[’ or ‘{’ expected near end of file
[01/19/17 12:41:08] failed to get global sync status: end of file expected near end of file
[01/19/17 12:41:09] failed to get sync notification: ‘[’ or ‘{’ expected near end of file
[01/19/17 12:42:02] [ext] Failed to read command from extension(), error code 232
[01/19/17 12:42:02] failed to write response to shell extension: De pipes wordt gesloten.
[01/19/17 12:42:02] [ext] Failed to read command from extension(), error code 232
[01/19/17 12:42:02] failed to write response to shell extension: De pipes wordt gesloten.
[01/19/17 13:18:34] Seadrive daemon process crashed with code -1073741819
[01/19/17 13:18:34] Exiting with error: SeaDrive exited unexpectedly
[01/19/17 13:18:34] failed to get sync notification: ‘[’ or ‘{’ expected near end of file
[01/19/17 13:18:34] failed to get global sync status: ‘[’ or ‘{’ expected near ‘’
[01/19/17 13:19:50] [ext] Failed to read command from extension(), error code 232
[01/19/17 13:19:50] failed to write response to shell extension: De pipes wordt gesloten.
[01/19/17 13:19:50] [ext] Failed to read command from extension(), error code 232
[01/19/17 13:19:50] failed to write response to shell extension: De pipes wordt gesloten.

seadrive.log:
no errors

Which AV software do you use? Perhaps we can try to reproduce your problem.

Symantec Endpoint Protection 14 (Build 1904)

Any luck with reproduction?

We’re in Chinese new year recently. We’ll try it after back to work.

Any update? Thanks. :slight_smile:

Not yet. I want to get more information before testing.

What files are being deleted by Symantec? Are they really virus?

It is always the same file. It is a keygen. No files are being deleted by Symantec. It seems that SeaDrive is crashing before Symantec can remove it.

Unfortunately I find that it’s quite hard to deploy Symantec (requiring a license and requiring a group policy setup). Tried for a while and had no success installing it. Could you exclude the S: drive from Symantec? Actually it’s generally not a good idea to let AV software scan the virtual drive, as it’ll download all the files into your local disk.

I did, but the problem is that you cannot exclude “Device\Volume{d6cc17c5-1734-4085-bce7-964f1e9f5de9}” from the scan as it does not show in the windows mountvol.

Do you mean you cannot select the S: drive even when SeaDrive is still running? So Symantec doesn’t recognize the virtual drive? I assume the volume ID represents the S: drive.

Indeed. Windows does not recognize the virtual drive, so Symantec doesn’t either.

It is not listed:

Possible values for VolumeName along with current mount points are:

\\?\Volume{8df06f12-6507-4ec5-a54f-68acec42b0ef}\
    D:\

\\?\Volume{e9f1b3df-dc72-42a8-b826-09a1fbee033a}\
    C:\

\\?\Volume{81c81d2f-b74e-44aa-9565-e7cb78d5ffae}\
    *** NO MOUNT POINTS ***

\\?\Volume{f69b84a3-ece7-4eb1-847c-ef9416288fa3}\
    *** NO MOUNT POINTS ***

\\?\Volume{8cca6917-5cfc-11e6-a983-806e6f6e6963}\
    E:\

\\?\Volume{8cca6918-5cfc-11e6-a983-806e6f6e6963}\
    F:\

\\?\Volume{8cca6919-5cfc-11e6-a983-806e6f6e6963}\
    G:\

\\?\Volume{8cca691a-5cfc-11e6-a983-806e6f6e6963}\
    H:\

\\?\Volume{8cca6912-5cfc-11e6-a983-806e6f6e6963}\
    I:\