We just swapped our old and powerful Win10 workstation with a new 20core heavy-duty machine.
While migrating all services, we also migrated SYNOLOGY Cloud Station and the Sync thereof.
All of a sudden we were constantly notified by Windows 10 Virus Defender that we had a virus. Bing, bing, bing, bing …. (like Trump)
It was almost every second that we were notified of these virus threats (Zbevdo.B), so even opening up the details of the threat itself was impossible.
We figured out, that it happened during the sync process of cloud Station drive and the source was the Working directory of Cloud Station
C:/users/####/CloudStation/.SynologyWorkingDirectory
We researched a long time but could only find one effective solution:
The Synology support recommends to add the relevant folder (.SynologyWorkingDirectory) to the exception list of the virus scanner.
And voilà no more annoying bings and the proof that the Synology sync protocol looks like a virus to Windows Defender.
Run into similar situation today. Using Synology Drive client syncing some folders on the NAS. Used this for years, but all of a sudden all these popups with virus notifications from Windows 10 Defender. Very frustrating was the Virus notification popup in the left bottom corner in front of the taskbar where the Drive Icon sits to exit/pause the sync…
Anyway. The virus it says it finds is: Trojan:AndroidOS/RevMob!rfn and the folder is the .SynologyWorkingDirectory as a subfolder in one of the folders in Sync(Software).
Example:
file: D:\Software\.SynologyWorkingDirectory\1wiqZyOt
Adding this folder “.SynologyWorkingDirectory” to the exceptions is tricky ofcourse. Because this will make the system vulnerable for a real virus in this folder…
Why was this working for years without even showing this “.SynologyWorkingDirectory” directory on the local drive and now it shows up all of a sudden?