'Lockdown' malicious behavior prevented

Hi All,

Tried to install the Win32 version and Sophos blocked the install:

‘Lockdown’ malicious behavior prevented in certbot-beta-installer-win32.exe

Any advise?

1 Like

Hi @pwilco,

Since the official Windows version of Certbot is pretty new, its interactions with antivirus software haven’t been tested much. Do you have support of some sort from Sophos so that you could ask them what kind of behavior by the Certbot installer it’s complaining about? Is it possible that it wants the binary to be signed with a code-signing certificate confirming that it originated from EFF?

I’m not familiar with Sophos, but a quick check says it scan Windows PowerShell and blocks some software from executing that it “believes” to be malicious. There should be some way of whitelisting the certbot installer. Have you tried the Sophos community forum for help? This seems to be more of a Sophos problem than a CertBot problem. :neutral_face:

Hi Schoen,
We might be able to reach out to them, but from my experience they’re usually the last to fix things like this. I can make an exception although I’d prefer not to. In the meantime I can run this under a VM without AV/Network access to generate the Certs.
If I hear back I can reply to this post; Cheers.

1 Like

Well, it’s conceivable that a future version of this installer will have a signature that this AV (or OS) will recognize to reduce warnings about unknown software origins. I think this early release doesn’t, so you’re relying on the integrity of how you downloaded it. (At the very least, make sure you got it over HTTPS from an official source.) Sorry for the inconvenience!

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.