0-byte Executable and SmartScreen Error on Windows

[Taminoful]

Issue: 0-byte Executable and SmartScreen Error on Windows

Victor from the Symfony Casts team suggested opening this issue for further discussion and possible improvement. I am willing to help implement potential solutions to the issue.

Summary

On Windows systems, running the tailwind:init or tailwind:build command sometimes fails due to potential interference from antivirus software (such as Avast or even Windows Defender). Instead of downloading the expected TailwindCSS executable, the process results in a 0-byte .exe file being created in the var/tailwind/ directory. When the system later attempts to execute this empty file, it triggers the Windows SmartScreen error: "This app can't run on your computer" with an "Access denied" message in the console.

Potential Root Cause

The antivirus software aggressively blocks or quarantines the executable during the download step, without any explicit warning to the user. The downloader ends up creating an empty file (0 bytes), which persists between attempts because the bundle assumes the presence of the file indicates a successful download, and does not re-download or validate its integrity.

Steps to Reproduce

1. Use Windows 10 (e.g. 22H2 or higher) with active antivirus software (e.g. Windows Defender 1.1.25080.5 or higher).
2. Install the bundle composer install symfonycasts/tailwind-bundle in a new skeleton project
3. Attempt to run php bin/console tailwind:init and tailwind:build.
4. The antivirus potentially silently blocks or breaks the download, resulting in a 0-byte .exe file in var/tailwind/.
5. Subsequent attempts to run the command throw a SmartScreen error due to executing an empty file.
6. Disabling or uninstalling the antivirus and deleting the broken file, then retrying, allows the download and execution to succeed.

Temporary Workaround

• Remove the bundle via composer.
• Disable antivirus software.
• Reinstall the bundle.
• Run tailwind:init and then tailwind:build to download the executable successfully.
• Re-enable antivirus software.

Suggestions

Since this issue affects multiple users and is related to common antivirus behaviors (false positives on downloaded executables), it may be beneficial to:

• Add file size or integrity checks such as a hash digest check after download. If the binary is 0 bytes or otherwise invalid, force a re-download and display a clear error. For this the downloadExecutable() needs to be slightly rewritten and use the GitHub API endpoint instead of downloading over the releases page, this should be changed anyway and shouldn't be too much work.
• Document the issue and workaround in the README or troubleshooting guide, highlighting the need to temporarily disable antivirus or whitelist the binary download location.
• Investigate whether the download process can be made more robust against antivirus interference, or alert the user more clearly when a corrupted download is detected.

References

• Related closed issue #98
• Multiple reports from Ondrej-Vasicek, Lemin-J, and myself on the Cosmic Coding with Symfony 7 Course

[bocharsky-bw]

Hey @Taminoful , good descriptive issue!

I agree to mention this somewhere in the docs, if you have any ideas how to mention it - feel free to create a PR and we will discuss further on it.

About checking 0-size - yes, agree, I think the best would be to double-check it after it was downloaded... though I'm not sure if that would be enough though because Antivirus may corrupt the downloaded file with some delay maybe? 🤔 If we can just check after it's downloaded - it would be great. If 0-size - let's just throw a clear message mentioning antivirus. Users will be able to turn it off and try again. We can probably remove the bad file so that on the next command run it would re-download again. I don't think we should retry if 0-size after the first download attempt - IMO it would be pointless, if 1st attempt failed - 99% the 2nd will fail too, so user should take some actions before trying to re-dowload. If you agree on it and want to proceed with some PRs - go for it! ❤️

[Taminoful]

Hey @bocharsky-bw,

I don't think we should retry if 0-size after the first download attempt - IMO it would be pointless, if 1st attempt failed - 99% the 2nd will fail too, so user should take some actions before trying to re-dowload.

I agree, I think checking against the checksum of the file provided by the GitHub API endpoint is the way to go and giving the user a clear error message with a small description.

Are there any existing code guidelines or stucturing guides that are required by the project?
I'd create another file in doc/ for troubleshooting information and a more detailed description of the short error in the console, too.

If that looks good to you I'd start working on this and provide the PR. :)

[bocharsky-bw]

I agree, I think checking against the checksum of the file provided by the GitHub API endpoint is the way to go and giving the user a clear error message with a small description.

Sounds like a robust way to go 👍🏼

Are there any existing code guidelines or stucturing guides that are required by the project?
I'd create another file in doc/ for troubleshooting information and a more detailed description of the short error in the console, too.

Hm, let's create a section in the index.rst better for now, somewhere at the end of it probably. And later we can think about splitting into different files if the doc will grow much. For now, I don't think we need it yet

If that looks good to you I'd start working on this and provide the PR. :)

PR on this is warmly welcome, thank you! ❤️

[Taminoful]

As a heads-up, I started working on this PR a couple of days ago. You'll be able to follow the progress here.

For now the initial download over the GitHub API is done and a simple file integrity check. Next steps will be cleaning it up a bit, and then I'll take a look to see if the test cases will need work. When that is done, I'll document the code where it's necessary to explain certain decisions or the logic and follow it up with the troubleshooting in index.rst.

If you already have suggestions or anything else is up for questioning, let me know. :)

[bocharsky-bw]

Cool! Thanks for starting to work on it! Your plan sounds good 👍🏼