Malwarebytes thinks JDT LS is executing an exploit

[vasiltabakov]

About a week ago I've noticed Malwarebytes complaining about some Java exploit while I was running the JDT LS but thought it's something different (as other Java code ran alongside with the LS does have similar executions).

While investigating a LS NPE today I found this error line in the log:

[04/08/2019 16:48:28.731] [LOG]    
window:  
Aug 4, 2019 4:48:28 PM 
Parent process stopped running, forcing server exit

Tracked down the message to ParentProcessWatcher.java where the cmd is created and executed.

Here's what Malwarebytes shows:

I've managed to adjust Malwarebytes but wonder if this can be avoided from within JDT LS or whether this should be mentioned in the Wiki.

If this helps here's some more log after the event:

[04/08/2019 16:48:28.731] [LOG]    window:  Aug 4, 2019 4:48:28 PM Parent process stopped running, forcing server exit
[04/08/2019 16:48:28.732] [LOG]    window:  Aug 4, 2019 4:48:28 PM Shutdown received... waking up main thread
[04/08/2019 16:48:28.741] [LOG]    window:  Aug 4, 2019 4:48:28 PM class org.eclipse.jdt.ls.core.internal.JavaLanguageServerPlugin is stopping:
[04/08/2019 16:48:29.277] [LOG]    window:  Aug 4, 2019 4:48:29 PM The workspace will exit with unsaved changes in this session.

[snjeza]

You can try the following property:

"java.jdt.ls.vmargs": "-DwatchParentProcess=false -noverify -Xmx2G -XX:+UseG1GC -XX:+UseStringDeduplication"

[vasiltabakov]

Thanks, I'm using your suggested config now, much better also because the IDE handles shutting down the LS before it quits.

[snjeza]

See also #991

[rgrunber]

Closing as this seems to have been resolved. The language server shuts down when the client sends a shutdown, followed by an exit. In some cases, we've observed this may not happen, and so we have the ParentProcessWatcher to ensure subsequent restarts/failed shutdowns of the language server do not leave the processes idling. As mentioned though, the option can be configured if it is unwanted.