Calamari.exe is not executing

hi,

We are seeing some Calamari.exe error when executing one of the deploy process as shown in the attached screenshot. The weird thing is that the previous deploy process which is almost similar to this failed step on the same server was successful and suddenly we started seeing this error after this process.

Hi,

Thanks for getting in touch! This is an interesting issue you have here. From the information you have provided, our guess would be that perhaps there is an issue with an antivirus software on that server interfering with Calamari.

To confirm this, could you please remove calamari from the server with the issue. Once it is removed could you run a Health-Check to reinstall Calamari. Once that is finished, could you check to see the exact size of the Calamari directory that is created by Octopus. Could you then compare this to a directory on a working server and let me know if they are different or the same?

Looking forward to hearing from you and getting to the bottom of this. :slight_smile:

Best regards,
Daniel

Hey Daniel,

Thanks for looking into this issue. I didn’t perform the reinstall of Calamari but directly went into the event logs to see what happened during that time frame when we saw that Calamari.exe was deleted and I did find the following AntiVirus log:

Application HeuristicSONAR.AM.E!g8 in File: d:\octopus\calamari\3.4.15\calamari.exe by: SONAR scan. Action: Quarantine was partially successful… Action Description: Quarantine was partially successful.

Why is Symantec thinking this is a threat? What do you think are the next steps here?

Regards,
Vijay Dubey
Sr. App Ops Engineer | IDG Ops & SRE Team

Adding one more screenshot from our Symantec application on this server for details about this risk.

Hi Vijay,

Thanks for getting back! Whilst I can not say why Symantec thinks Calamari is a threat, I can help you get it sorted and working.

The first step would be to white-list C:\Octopus in Symantec. The next step would be to delete the folder inside the Calamari directory manually. After that, you can try to run the Health-Check again and get Calamari installed.

Let me know how you go.

Best regards.
Daniel

Hey Daniel,

Are you asking us to whitelist Octopus folder in Symantec on all of our servers manually? As this solution does not seems to be feasible and scalable to me. Either Intuits Security team should white list Octopus in Symantec at Enterprise level (like group policy) or Octopus should work with Symantec directly to whitelist them as this issue can happen with your other clients too. Please let me know how to proceed.

Regards,
Vijay Dubey
Sr. App Ops Engineer | IDG Ops & SRE Team

Hi Vjay,

Thanks for getting back! It is a very new development for Calamari to be picked up by antivirus. We are currently in the process of submitting the issue to Symantec. Hopefully we can have the issue rectified quickly

As for white-listing C:\Octopus, you should be able to do so organisation wide, from the Symantec Endpoint Protection server.

Hope that helps. :slight_smile:

Best regards,
Daniel

Seeing the same message from Symantec on calamari version 3.6.48. The files aren’t getting quarantined, but we are seeing very slow extraction process when deploying.

Vijay, were you able to get white listing to work? It seems very inconsistent on my end. Only turning off the proactive threat scanning, SONAR, seems to work reliably.