Positron kernel supervisor error in the newest version

[ntluong95]

System details:

Positron and OS details:

Positron Version: 2025.01.0 (system setup) build 152
Code - OSS Version: 1.95.0
Commit: 66aa3fb
Date: 2025-01-06T02:53:20.465Z
Electron: 32.2.1
Chromium: 128.0.6613.186
Node.js: 20.18.0
V8: 12.8.374.38-electron.0
OS: Windows_NT x64 10.0.22621

Interpreter details:

R 4.4.2 and Python 3.12.4

Describe the issue:

I noticed that after the installation, kcserver.exe is still in the folder. But when I start Positron, it was disappeared. I think it was killed by the Windows Defender

Were there any error messages in the UI, Output panel, or Developer Tools console?

2025-01-07 23:12:20.064 [info] Positron Kernel Supervisor activated
2025-01-07 23:12:20.064 [info] Kallichore server PID 5588 is not running
2025-01-07 23:12:20.064 [info] Could not reconnect to Kallichore server at http://localhost:64376. Starting a new server
2025-01-07 23:12:20.064 [info] Failed to start Kallichore server: Error: Kallichore server not found (expected at c:\Program Files\Positron\resources\app\extensions\positron-supervisor\resources\kallichore\kcserver.exe)
Kallichore server PID 5588 is not running
Could not reconnect to Kallichore server at http://localhost:64376. Starting a new server
Kallichore server PID 5588 is not running
Could not reconnect to Kallichore server at http://localhost:64376. Starting a new server

[jmcphers]

I could not reproduce this, even with a manual scan, on Windows 11, with the same Positron version. But it's possible there are different policies/settings/versions in place. You can enable an exclusion for now, and reinstall:

https://superuser.com/questions/1458660/how-to-prevent-windows-defender-antivirus-from-deleting-a-file-of-a-program

This particular false positive is a problem for many independently developed apps. :-(

https://answers.microsoft.com/en-us/windows/forum/all/defender-shows-that-our-software-contains/10572dee-514e-4716-90cb-cdc54e1c03c3

https://answers.microsoft.com/en-us/windows/forum/all/windows-defender-win32wacatacbml-false-positives/32bbe95f-2165-4559-806f-0f3386d897b7

https://answers.microsoft.com/en-us/windows/forum/all/overly-eager-heuristics-for-trojanwin32wacatacbml/6f2a72f3-3978-48ac-9fb7-fbe82c686ae3

It may be possible that there's something we can do with this binary to reduce the odds of getting flagged by Defender, but as the scan is heuristic and all the logic is owned by Microsoft it might be difficult.

See also: #5800, #5350, #5533

[ntluong95]

Thanks. I was able to restore the file and make it work. I am using a work computer so there might be some policies there from the organization. I didn't encounter this problem before

[davyzhu]

Same issue.

[lijiaqi-github]

Me too.

[johannvk]

Same issue for me here on my first installation of Positron. Seems to work after I reverted the Windows Defender action and restored the flagged file:

[jmcphers]

Thanks all for the reports. I have opened a case with Microsoft and sent kcserver.exe to them to report it as a false positive.

Depending on their response it may also be possible for us to figure out what is tripping the scanner in this version of the supervisor so we can avoid it in the future.

[e-kotov]

I have opened a case with Microsoft and sent kcserver.exe to them to report it as a false positive.

@jmcphers It's not just Microsoft. F-secure/WithSecure also quarantines it, maybe others too.

[atsyplenkov]

Thanks all for the reports. I have opened a case with Microsoft and sent kcserver.exe to them to report it as a false positive.

I've encountered a similar issue with the following Positron build. Since my PC is managed by the organization, adding a new exclusion to Windows Defender isn't that straightforward for me (tbh, nearly impossible). Thanks for reporting the issue to Microsoft—it would be great if future builds could prevent this problem!

Positron Version: 2025.01.0 (user setup) build 152
Code - OSS Version: 1.95.0
Commit: 66aa3fb7f98eb8d19155cb7220856154f6ede8b3
Date: 2025-01-06T02:55:40.743Z
Electron: 32.2.1
Chromium: 128.0.6613.186
Node.js: 20.18.0
V8: 12.8.374.38-electron.0
OS: Windows_NT x64 10.0.19045

[e-kotov]

Latest Windows build (2025.01.0-159) does not get quarantined anymore (at least by F-Secure/WithSecure), but the server does not start.

I will post the logs in the relevant issue: #5910

[juliasilge]

If we get more reports of this, we can try out #5800 as an option to mitigate these kinds of challenges with Windows machine configuration.