Seafile-applet / seafile-drive try to stop antivirus service ?!

Hello,

i use Seafile Server 6.0.3 on a raspberrry and the actual client version 6.0.1 for Windows on various machines.

on a machine that i got from my employer i also installed the seafile client (first install 5.4.1 or so). i got a call recently that mcafee reported issues to the it department about a service called “seafile-applet.exe” tries to stop “updaterui.exe” which is the update application of mcafee antivirus as well as “mcafeetray.exe” wich is just the tray icon.

i have had a look in various logs and found an entry in the on access scan log of mcafee wich look (part of) like this:

<ScannerSoftware ProductName="VirusScan Enterprise" ProductVersion="8.8" ProductFamily="TVD"><EngineVersion>0</EngineVersion><DATVersion>0</DATVersion><ScannerType>OAS</ScannerType><TaskName>OAS</TaskName><ProductFamily>TVD</ProductFamily><ProductName>VirusScan Enterprise</ProductName><ProductVersion>8.8</ProductVersion><BlockedBehaviourInfo><EventID>1092</EventID><Severity>2</Severity><GMTTime>2017-01-09T11:09:23</GMTTime><UTCTime>2017-01-09T10:09:23</UTCTime><RuleName>Common Standard Protection:Prevent termination of McAfee processes</RuleName><ProcessName>C:\PROGRAM FILES (X86)\SEADRIVE\BIN\SEADRIVE-GUI.EXE</ProcessName><FileName>C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\X86\MCTRAY.EXE</FileName><Source>_</Source><ActionsBlocked>9</ActionsBlocked><szActionsBlocked>_</szActionsBlocked></BlockedBehaviourInfo></ScannerSoftware>

Above is only the version where i already have uninstalled seafile client software and replaced it with the new seadrive application. Unfortunaltely seadrive-gui.exe causes the same issue.

Any help here would be appreciated because i couldn’t use the sync for the time the issue remains.

cheers

UPDATE:

I found another log:

09.01.2017 10:41:39 Blocked by Access Protection rule %USER% C:\PROGRAM FILES (X86)\SEAFILE\BIN\SEAFILE-APPLET.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\X86\UPDATERUI.EXE Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
09.01.2017 10:41:40 Blocked by Access Protection rule %USER% C:\PROGRAM FILES (X86)\SEAFILE\BIN\SEAFILE-APPLET.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\X86\MCTRAY.EXE Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
09.01.2017 10:53:33 Blocked by Access Protection rule %USER% C:\PROGRAM FILES (X86)\SEAFILE\BIN\SEAFILE-APPLET.EXE C:\PROGRAM FILES (X86)\MCAFEE\VIRUSSCAN ENTERPRISE\SHSTAT.EXE Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
09.01.2017 10:53:35 Blocked by Access Protection rule %USER% C:\PROGRAM FILES (X86)\SEAFILE\BIN\SEAFILE-APPLET.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\X86\UPDATERUI.EXE Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
09.01.2017 11:09:23 Blocked by Access Protection rule %USER% C:\PROGRAM FILES (X86)\SEADRIVE\BIN\SEADRIVE-GUI.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\X86\UPDATERUI.EXE Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
09.01.2017 11:09:23 Blocked by Access Protection rule %USER% C:\PROGRAM FILES (X86)\SEADRIVE\BIN\SEADRIVE-GUI.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\X86\MCTRAY.EXE Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
09.01.2017 11:53:53 Blocked by Access Protection rule %USER% C:\PROGRAM FILES (X86)\SEAFILE\BIN\SEAFILE-APPLET.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\X86\UPDATERUI.EXE Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate
09.01.2017 11:53:53 Blocked by Access Protection rule %USER% C:\PROGRAM FILES (X86)\SEAFILE\BIN\SEAFILE-APPLET.EXE C:\PROGRAM FILES (X86)\MCAFEE\COMMON FRAMEWORK\X86\MCTRAY.EXE Common Standard Protection:Prevent termination of McAfee processes Action blocked : Terminate

Same here - seafile-applet.exe tries to tamper with my F-Secure service:
Access to process was blocked.
Application path: C:\Program Files\Seafile\bin\seafile-applet.exe
Target path: C:\Program Files (x86)\F-Secure\PSB\fshoster32.exe

Why is this? What does it try to access the antivirus processes for?
Both seafile drive and sync do this…

We don’t know why it’s identified as so. Seafile client and SeaDrive don’t have such behavior built in.