Running BOINC 7.16.5 (x64) on Windows 10 Home with Intel i7-2600. Acronis True Image 2020 build 25700 apparently has Active Protection running which blocked process C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_opn1_autodock_7.17_windows_x86_64 because several folders were modified with a suspicious pattern. The files were C:\ProgramData\BOINC\slots\5\wcg_checkpoint.dat
wcg_ad4-result_sub.xml
receptor.CI.map
receptor.C.map
receptor.Br.map
receptor.A.map
If that process and files are normal, this may not be a problem. Not knowing, I blocked (blacklisted) this program. Does this seem normal?

Running BOINC 7.16.5 (x64) on Windows 10 Home with Intel i7-2600. Acronis True Image 2020 build 25700 apparently has Active Protection running which blocked process C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcgrid_opn1_autodock_7.17_windows_x86_64 because several folders were modified with a suspicious pattern.
...
If that process and files are normal, this may not be a problem. Not knowing, I blocked (blacklisted) this program. Does this seem normal?

The chances of malicious activity are extremely rare. BOINC projects do a lot of writing to many sub folders within each specific projects data folders / directories. You should EXCLUDE ALL BOINC DATA FOLDERS from any antivirus / anti-malware scans to prevent false positives.

If you have any questions about World Community Grid possible suspicious activity please post a question on the projects forum. They can reassure you that everything is going to be fine.
Forum: OpenPandemics - COVID-19 Project

The same happens from time to time with CPDN files. In the past this has been down to a small section of code matching a code section in a virus. I imagine that with the number of lines of code written and then compiled this happens occasionally in most projects. It is worth reporting this to the anti-virus people as a false positive so they can mark the file as safe.

Though of course excluding boinc folders from the scans will solve the issue locally.

With the amount of data written, it's inevitable that occasionally virus scanners get triggered (with a false positive), but it's also possible that a data bit errored, and the virus scanner confirmed a real virus.. You never know.
If your AV has a cloud upload option (to further analyze the 'positive'), you should enable that.
Hopefully more false positives will be removed, and AV scanners will continue to allow certain bit-combinations without being triggered.

I also believe that AV scanners have moved on a long way beyond simple pattern-matching of bit strings in files stored on your hard disk. Two other things they do (there may be more):

1) Monitor internet traffic, especially file downloads. If they spot a problem there, the file will never reach your hard disk. No amount of folder exclusion will make any difference, but your BOINC tasks will fail.

2) Test-run executable files in a sandbox environment. Some of the things that the BOINC client does (communicates over the internet; downloads and runs executable files; doesn't have a visible user interface - that's in the separate Manager) look to AV very suspicious and very much like a virus.

Things you can do:

a) If AV objects to a file, submit it for further analysis.
b) Whitelist BOINC and project domains as trusted download sources.
c) Wait a few days before you download any new version of anything. Particularly the 'heuristic' (test-run) warnings are often triggered when the AV company has not seen this version of a program before. It goes into lockdown until further information is available. Well-known and popular applications are allowed to pass unhindered - it takes a while for BOINC and project applications to reach this status.

I would agree on whitelisting the directory.
Should it be a real virus, expanding beyond the whitelisted directory, then I would become suspicious.
But even if it's a virus, if it's trapped inside one directory, it'll probably be able to do very little damage.

The server that BOINC talks to runs Linux, so if that's hacked to provide viruses the project has a far greater problem than that it's sending out viruses to BOINC clients.
And even then, the clients that talk to the server don't all run Linux as well, some do Windows, others FreeBSD, others Android, others Mac OS, others other exotics. This makes the chance that your system gets a virus that can run on your system pretty low. Because the payload is either for Linux, or Windows, or Mac OS or... and those can't run on other OSes.

Yes, it's possible a project is hacked and it sends out viruses for Windows systems only, but the chance that it does that for long is pretty slim.

---