Hello - Warning! This post contains profanity!
We just discovered something very disturbing in the installation packages preventing Pro installs of 2.1 - 2.3.x. Running the install as an administrator from the installation package, or running an un-install from control panel on windows 10 machines - both the install and and uninstalls fail in a very disturbing location.
Specifically, the install / uninstall fails at this location during the runtime:
I'm sure everyone understands what letters the '**' is referring to.
The file is inaccessible through any js or readers like notepad ++, even with admin rights. Regardless, I wouldn't care that the name contains profanity only that this is where install - uninstalls are failing!
First off, what developer would ever name a directory and a js file with that name??!!
Someone at esri needs to look into this ASAP!
Solved! Go to Solution.
Thank you for bringing this to our attention. We have been including an open source Python merge module that contains a folder/file named with an offensive English word for multiple releases. Esri apologizes for this. This is not malware and we are not aware of any security vulnerabilities caused by this file at this time.
For more information on this file please see the following. We will release more information as it becomes available.
- David Watkins, ArcGIS Pro Product Manager
Not sure what you mean as the BS. BF has been around for some time. Any of its variants aren't part of the install if is 'malware' or something else is involved, it shouldn't be there either.
In any case, I informed Kory and it is being dealt with.
Have a good weekend
Right so ok this is not a hack and yes, the name is legit if 'esoteric' But at the same time, the name violates a label rule in our enterprise McAffee. We are working with our security team to make a specific exception for this pathway. I am editing the title of this post.
Greatest. Post. Ever.
Check out C:\Program Files\ArcGIS\Pro\bin\Python\envs\arcgispro-py3\Lib\site-packages\jupyterlab\staging\yarn.js line 91128, just be glad THAT text isn't part of the EULA!
ESRI has little (no) control over the content/name of the Python Packages that get baked into the install.