Microsoft Defender blocking dbt.exe

Hi,

Just testing out dbt to see if it is feasible for our purposes.

First issue I’m encountering is the dbt.exe file getting blocked by Microsoft Defender. This is in a corporate environment and Defender is blocking it due to the ASR rule “Block executable files from running unless they meet a prevalence, age, or trusted list criterion”. It’s normally blocked for 24 hours, and then dbt.exe works. However if a plugin is added, the hash of dbt.exe file changes and I’m blocked for another 24 hours. Was wondering if anyone else has experienced this issue and come up with a solution other than whitelisting dbt.exe.

Also does the hash of dbt.exe change for any other reasons.

Thanks

Are you only seeing this when you download and install an update to the dbt Cloud CLI?

this is just when I “pip install dbt-core”. The install is fine, then if I was to run “dbt --version” for example, it’s is blocked by Defender.

If you’re running pip install dbt-core, I don’t think you’ll be getting dbt.exe, you should be getting a python module.

dbt.exe comes from installing the Cloud CLI executable file which you can download from GitHub.

What do you mean by plugin? The last release of dbt Core (1.8.2) was 2 weeks ago, and plugins (I assume you’re meaning Python dependencies) aren’t dynamically added to dbt.

image

This is what I mean by plugins.

I believe dbt.exe gets installed when dbt-core is installed. In ~Python312\Scripts.

Thanks

OK got it! Those plugins are the adapters for different warehouses.

When new versions of an adapter are released, they aren’t installed on your computer and MS Defender won’t have any knowledge of them. You would need to install them with pip install --upgrade dbt-fabric before any new code would appear on your computer.

Likewise for patches to dbt Core v1.7 - dbt-core 1.7.16 was released on 5 June, so when you installed that for the first time it’s possible that Defender would have picked it up. But you shouldn’t see anything from Defender in response to an update unless you explicitly install that update.

My main issue here is the hash of dbt.exe changing.

I have just tested the following:
-pip install dbt-core - results in the creation of dbt.exe, with a specific hash
-pip install dbt-sqlserver - results in the changing of the hash for dbt.exe

My question is apart from these plugins/dependencies and any updates to dbt-core, will anything else change the hash of dbt.exe?

I’m not a windows expert, but unless you run pip install ... you’re not going to get any new software on your computer so I don’t see how the hash would change.

Thanks for your help Joel.

1 Like