I am having some trouble with cmdstanr and the compilation of code. This is an error that has been discussed previously here. When I try to compile a model mod <- cmdstan_model(...) I get the same error as the linked page.
Error in `process_initialize(self, private, command, args, stdin, stdout, …`:
! Native call to `processx_exec` failed
Caused by error in `chain_call(c_processx_exec, command, c(command, args), pty, pty_options, …`:
! create process 'D:/Projects/AABA2024/analyses/code/probit_cop.exe' (system error 5, Access is denied.
) @win/processx.c:1040 (processx_exec)
Type .Last.error to see the more details.
I know the access denied portion is tied to permissions to run arbitrary executables. The issue is I am an admin on the machine - I have full read,write,edit, etc. access to files on my machine (although I am still working on a “university-imaged” desktop. What is even weirder - when I run the above function, the .exe file does show up in the designated folder AND if I exit R and come back and run the same function - mod <- cmdstan_model(...), I recieve no errors and get the normal message executable is up to date.
I have wracked my brain and I for the life of me cannot figure out what is going on here. Any suggestions from the community or devs?
The processes are being launched via R, so they only have the permissions that R itself has. You probably need to launch R with admin privileges if you need R to initiate processes that also have admin privileges
It looks like you’ll need to contact your IT department for instructions on adding permissions for running arbitrary executables. There’s not really anything we can do from the cmdstan/cmdstanr side unfortunately
Just filling you in on the update for any future issues that may arise for others-
It is related to the antivirus software through the university and I found it after going through Window’s Defender protection history. It reads as follows:
App or process blocked: "mod.exe"
Blocked by: Attack Surface Reduction
Rule: Block executable files from running unless they meet a prevalence, age, or trusted list criteria
Now IT is arguing there is nothing they can do because the security policy is set “company-wide”…
We continue to have the same issues as cwolfe with cmdstan at our university (and our IT tries, but doesn’t know anything about Stan and has bigger fish to fry). Unfortunately it means we cannot teach classes using cmdstan. I wonder if this is a bigger issue that is limiting the use of cmdstan? Is there a possible fix coming in future updates?
The specific issue @cwolfe mentioned above is due to this Windows Defender rule, which involves a heuristic provided by Microsoft from their cloud servers to determine if a executable is trusted. This means that is is a moving target, and one that any user-compiled program is unlikely to pass. I don’t anticipate there being anything Stan could do to get around this
@jswesner I had my university whitelist a folder on my machine where executables could be excluded from the firewall. Basically, anything I do in Stan goes into this folder. I also had them whitelist a separate folder where I kept cmdstan (I have cmdstan on the C: and I work locally from D:). I do this for anything the Defender may flag. There is no other work around given the set-up between Windows and the University.