Repeated Malwarebytes Exploit Alerts on SR

Hi Echelon,

I run Malwarebytes on the Windows 10 machine that runs SickRage. Lately, particularly when I am trying to login to SR, or it is going about its routine business, I get warnings about a blocked exploit: T1003 - Credential Access.

Specifically, the Malwarebytes is flagging the following as the culprit:

Affected Application: C:\Program Files\Python38\python.exe
Protection Layer: APT Behavior Protection
Protection Technique: T1003 - Credential Access
File Name: C:\Program Files\Python38\lib\site-packages\oauthlib\oauth2\rfc6749\grant_types\

I’m getting about one of these a minute since about a day or two after Christmas. I’m not certain whether there has been a change in anything that may have trigged this but am flagging it to you as it does impact my install when Malwarebytes blocks it. Sometimes I can’t login to SR, other times it is unresponsive, etc.

Any chance you know what might be the issue here? Happy to be told it isn’t SR that’s causing this of course. SR is one of the few things using Python38 on my system. Is this a matter of simply updating Python perhaps? Curious to hear your thoughts.

That particular package is not ours, SR does use it but its maintained by someone else, oauthlib · PyPI

If malwarebytes is blocking this then it certainly would cause issues with login’s

Well, it appears to be blocking it selectively. I get repeated warnings of credential access attempts. I’ve tried whitelisting the specific directories and files to see if that helps but no success. Any chance this is a compromised third party package?

I do not believe so, I think the issue is that SR currently uses a confidential access type for SSO and thus stores a secret key in its code to pass to the SSO server when making a request for a token, SR v10 does not do this and should by assumption not cause Malwarebytes to trip this false positive.

I can put together a installer for the develop branch as well but need to decide ultimately how I wish to have the flow of that go, either to make it a separate installer or bundle into the same existing and make it a feature that can be chosen during install, will need to decide.

Thanks for the detailed explanation and the clear course forward. I’ll look forward to the end result!