Windows Defender: Unauthorised Changes Blocked

[Miss Chief]

Sorry not 100% this is in the right place. I did search the forum to see if someone else had posted about this first and I didn't spot anything so again sorry if it's a duplicate

After the recent Windows update I am getting the following error when converting books in Calibre.

Code:

Unauthorised Changes Blocked:
Controlled folder access blocked C:\...\calibre-parallel... from making changes to the folder G:\...\Calibre Library ....

Picture of error:


I have added all the exe files in C:\Program Files\Calibre2 but I'm still getting it.

It is super annoying as I can't expand that error message to see the file location and if I click on it it just takes me to the 'Allow an App through Controlled Folder Access' page and the error disappears (Stupid MS!).

Like I said I have added all the exe files in the Calibre directory to this list already, as you will see here C:\Program Files\Calibre2\calibre-parallel.exe is already in the allowed list:



I figured it might be a common/shared file that isn't in the aforementioned directory, although I find it highly unlikely that it would have the same name as a file that is in the main directory but I did a search (including hidden files etc.) for 'calibre-parallel' just to be on the safe side and all that comes back is the file already added to the allowed list and a prefetch file.

I will of course raise the fact that Defender seems to be ignoring the 'Allowed App' list with Microsoft but I am just wondering if anyone else had this issue and fixed this?

I have done a workaround by excluding my Calibre Library directory from this feature but ideally I would like to fix it... grr (I hate when things don't work as intended).

[theducks]

It is the workers spawned by Calibre.exe.
But my question:What version of defender (and definitions) on what OS version?
I have not seen this on W10 pro x64 V1803

[DNSB]

Quote:

Originally Posted by Miss Chief

Sorry not 100% this is in the right place. I did search the forum to see if someone else had posted about this first and I didn't spot anything so again sorry if it's a duplicate

After the recent Windows update I am getting the following error when converting books in Calibre.

Code:

Unauthorised Changes Blocked:
Controlled folder access blocked C:\...\calibre-parallel... from making changes to the folder G:\...\Calibre Library ....

Picture of error:

You might want to turn off Controlled Folder access in Windows Defender. The alternate (and what new installs of calibre now do) is to move your calibre library outside of the Documents folder.

You can do this by exiting calibre, creating a new folder under your user, moving the library there and then starting calibre. After starting calibre, use Switch/create library to select your new library location. See attached screenshot for a sample of my setup.

[Miss Chief]

Quote:

Originally Posted by theducks

It is the workers spawned by Calibre.exe.
But my question:What version of defender (and definitions) on what OS version?
I have not seen this on W10 pro x64 V1803

Windows 10 Pro 64-bit

Like I said this is caused by the last Windows update, which added Ransomware protection to Windows Defender.

Quote:

Originally Posted by DNSB

You might want to turn off Controlled Folder access in Windows Defender. The alternate (and what new installs of calibre now do) is to move your calibre library outside of the Documents folder.

You can do this by exiting calibre, creating a new folder under your user, moving the library there and then starting calibre. After starting calibre, use Switch/create library to select your new library location. See attached screenshot for a sample of my setup.

As I said I have created an exclusion for my Calibre Library, that wasn't why I was posting, I was wondering if anyone has actually fixed the issue rather than this workaround.

[BetterRed]

Quote:

Originally Posted by Miss Chief

As I said I have created an exclusion for my Calibre Library, that wasn't why I was posting, I was wondering if anyone has actually fixed the issue rather than this workaround.

There is nothing to fix - the user must do one of: a) turn off the ransomware check entirely, b) allow calibre programs to access controlled folders, or c) move your calibre libraries to uncontrolled folder.

In your first post you indicate you've done option b) - so you've fixed it

BR

[stumped]

the simple fix is to not rely on windows defender, and to use something better behaved

I note that I have not had do to any of a or b or c; probably because I am using the free version of panda AV which has sensibly turned OFF defender for me. My W10 is fully updated and my library is still within my docs, with no issues

[itimpi]

Quote:

Originally Posted by stumped

the simple fix is to not rely on windows defender, and to use something better behaved

I note that I have not had do to any of a or b or c; probably because I am using the free version of panda AV which has sensibly turned OFF defender for me. My W10 is fully updated and my library is still within my docs, with no issues

It is interesting to describe a AV tool that does not attempt to protect against Ransomware as ‘better behaved’. In the modern world ransomware is of increasing concern to average users. Once one understands the reasons behind Windows Defender’s action it is easy enough to take a sensible way forward and avoid the issue in Calibre’s case. I think the mistake on Microsoft’s part is not providing clearer information to user’s of the rationale and effect of this change.

[stumped]

Quote:

Originally Posted by itimpi

It is interesting to describe a AV tool that does not attempt to protect against Ransomware as ‘better behaved’. .

Well for that, I have malwarebytes pro, and ad blockers for drive-by malware sites. And sufficient common sense to never click on socially engineered email attacks.

i would sacrifice some claimed ransomware prevent benefits in defender to get rid of it regularly screwing up its updates and thus blocking other windows update actions with failed to download/install loops. Maybe that has improved since I quit using it, but it used to be a real pain.

and shoudl you trust the ransomware detect abilities of software that thinks calibre worker processes are ransomware ?

[BetterRed]

@stumped - AFAIK Defender and MWB take two different approaches to Ransomware protection, and both can peacefully coexist - well on my rigs they can

Since I switched to Win7 in late 2008 (couldn't wait to get off XP) I can't recall having any MS update related problems. Prior to that, problems such as you describe were legion of course.

I've also been running MS Security Essentials/Defender together with MWB Pro since then. IIRC Avast was the last of many AVs I used on XP - they were all nightmares. What I like about my current combination is that I hardly know they are there, both from an interrupt and a performance perspective. And, apart from an obscure weather gadget, I have never had to explicitly exclude any software or data from either of them.

Good grief I just realised I've been running MS AV and MWB together for more than a decade.

BR

[DoctorOhh]

Quote:

Originally Posted by stumped

Well for that, I have malwarebytes pro, and ad blockers for drive-by malware sites.

I have been using Ad blockers, Defender and Malwarebytes Pro together for many years. They work fine together.

Quote:

Originally Posted by stumped

Maybe that has improved since I quit using it, but it used to be a real pain.

Possibly it has improved. In the 10 years I've using calibre I don't recall Defender ever getting in the way. Then again I also haven't had calibre in the Documents folder in that time either.

Quote:

Originally Posted by stumped

should you trust the ransomware detect abilities of software that thinks calibre worker processes are ransomware?

Call me old fashioned, but any process that attempts to alter files in a restricted folder should be consider potentially malicious until directed or proven otherwise.

[DoctorOhh]

Quote:

Originally Posted by BetterRed

@stumped - AFAIK Defender and MWB take two different approaches to Ransomware protection, and both can peacefully coexist - well on my rigs they can

My rigs too.

Quote:

Originally Posted by BetterRed

Good grief I just realised I've been running MS AV and MWB together for more than a decade.

You and I both.

[Quoth]

Quote:

Originally Posted by itimpi

It is interesting to describe a AV tool that does not attempt to protect against Ransomware as ‘better behaved’. In the modern world ransomware is of increasing concern to average users. Once one understands the reasons behind Windows Defender’s action it is easy enough to take a sensible way forward and avoid the issue in Calibre’s case. I think the mistake on Microsoft’s part is not providing clearer information to user’s of the rationale and effect of this change.

AV is stupid. A better protection is script blocking in a browser. uMatrix, noScript etc.
Also disable remote content in email viewer.

Indeed it's Stupid MS is the problem. Why they EVER thought "Autorun", ActiveX in Web browser, remote content on by default in Outlook, VBA on by default in Office or hiding file endings was a good idea is a mystery.

[Miss Chief]

Quote:

Originally Posted by BetterRed

There is nothing to fix - the user must do one of: a) turn off the ransomware check entirely, b) allow calibre programs to access controlled folders, or c) move your calibre libraries to uncontrolled folder.

In your first post you indicate you've done option b) - so you've fixed it

BR

My post is to point out that doing option B doesn't work.

If this is the most helpful you can be (i.e. summarising what I already said and posting in it a patronising way) I'd prefer you not bother.

What I want is to know if anyone has found a fix where my calibre library IS protected and Calibre works!

[stumped]

Quote:

Originally Posted by Miss Chief

What I want is to know if anyone has found a fix where my calibre library IS protected and Calibre works!

protected from what exactly?

there is no way that using calibre's add books to library will import ransomware !

AFAIK, it is impossible to plant dangerous malware inside of an epub or AZW book, and there is no way that calibre would actually execute any malware that did somehow make it into the library folder.

so treat the library as a black box owned and managed by calibre, use only calibre functions to access content, and nothing can go wrong.


FWIW my calibre library is proected by panda and MAlwarebytes products AND my calibre library works fine, AND I am using windows 10.

so as I said several posts back, just get a better free AV and turn off defender OR learn how to set folder exclusions IN defender; it's not rocket science - just ask Google

PS criticizing those who try to help is a good way to get yourself ignored.

[Quoth]

Or just put noscript or uMatrix in a Firefox or Waterfox browser and actually turn off all AV except turn it on before insertion of a USB stick, USB HDD drive or CD/DVD etc.

You can still scan downloads before use.

How does malware get on a computer? Either via the Web Browser or plugged in storage. The idea of "real time" scanning or folder protection does little and with those settings the biggest risk is the AV software breaking something after a "definitions update". All AV software is poor, slows the computer a lot and has little to no protection from Zero Day Exploits. Disabling all autorun and blocking third party scripts using noscript or uMatrix in a web browser is better. Also important is to disable uPNP, especially on your Internet modem/router box. If you only use Mobile to connect to the Internet get a Router/Modem that takes the 3G/4G USB stick and then you have a proper firewall and port protection.