Equalify detected as malware by Crowdstrike


Problem description:
Spotify is consistently flagged by Crowdstrike as malicious software, and shut down when I hit “play”, when Equalify is installed and running. As soon as I uninstall Equalify, everything runs smoothly.

Please fix this. I have no control over Crowdstrike, as it is managed by my Company.

Operating system:
Windows 10

Soundcard:
Intel (MB built-in)

Spotify version
Latest - 1.1.53.608.g7ed9c03a

Equalify Pro version
Latest - 1.4.7

Any special software or hardware you might have installed:
Crowdstrike

Hello,

Crowdstrike / Crowdstrike Falcon does not have any issues with Equalify. I tested all the files against them just now. So this is your IT dpt. setting up restrictive rules as to what they want to allow on their network.

There is nothing i can do about that unfortunately. You would have to contact your IT dpt. and ask them to allow it.

Thank you for the swift reply. It is is actually being detected as Ransomware:

detectName: Ransomware,
detectDescription: Follow Through - A file with a known ransomware extension was created.,

file_id: Spotify.exe,

tactic: Impact,
technique: Data Encrypted for Impact,

I’ll check with my IT dpt. to see if there is anything they can do about this, as I don’t have further visibility about which rules were enforced. In any case, suggestions are welcome.

Best regards,
Tiago

detectName: Ransomware,
detectDescription: Follow Through - A file with a known ransomware extension was created.,

Equalify itself is a .dll file, and Equalify contains an auto updater that will download the updated .dll if needed. So i guess its the auto update that is triggering the detection.

Blocking all .dll files because some malware has been i .dll files sounds excessive.
But… if I was running a large company network, I would probably also block unknown executables and dlls just to be on the safe side.

All software uses dlls though and windows itself contains hundreds of them :slight_smile:

I have switched the update mode from auto, to optional now.
If you try to install Equalify from the website now, you should get a question about updating instead of it automatically doing it in the background when you start Spotify(and play music).

If you press “later” everything should be fine, but if you hit “install update” i assume Crowdstrike would … strike… again and block it.

Thanks, but the issue doesn’t happen on install (no issues there), but on playback: as long as equalify is installed, as soon as I press Play on Spotify, Crowdstrike shuts it (Spotify) down, and I get a corresponding message about the Ransomware detection.
If I uninstall equalify, I can use Spotify normally.
I suspect it has something to do with the audio being routed through equalify, but you’ll know better than me.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.