Jump to content

avr-g++.exe blocked by Malware.AI


Recommended Posts

Hi,

I use Arduino a lot for development and today MB started blocking 'avr-g++.exe'.

There wasn't an update that I know about making this program new or anything, and looking at the Arduino main release notes their 1.8.13 release was put out in June 2020.

I'm not sure if the Malware.AI was updated recently and that caused it to start blocking the avr-g++.exe or if there is something I should actually be worried about.

I tried reinstalling the library as well as deleting and reinstalling, and looking through the Arduino avr core Github page and found that 'avr-g++' is specified as a compiler requirement,

but MB blocks the .exe every time it is ran or downloaded anyways.

Unfortunately it seems I do need the avr-g++.exe to be able to compile in the Arduino IDE but I don't want to allow the file access until I know it's trusted at the least, or maybe MB is flagging it because of what it could be used for rather than what it's currently doing.

 

I don't think there is anything malicious going on with the avr-g++.exe but I just want to make sure. I haven't verified the SHA sums or anything and am just relying on the Arduino IDE to download the correct files and place them where they need to go. I did see a post where Neshta.A virus was calling itself avr-gcc so that kinda made me feel uncomfortable.

 

  • Thanks 1
Link to post
Share on other sites
21 minutes ago, devincarpenter said:

avocado123 Did this just start happening for you today? Maybe since it's an AI it has picked up some item that causes it to be a flagged as a virus now. Good to hear I'm not the only one.

Yes, it just started a few hours ago.

I guess something went wrong with their AI detection. Almost every post in the last few hours is about potential Malware.AI false positives.

Link to post
Share on other sites
7 hours ago, devincarpenter said:

avocado123 Did this just start happening for you today? Maybe since it's an AI it has picked up some item that causes it to be a flagged as a virus now. Good to hear I'm not the only one.

 

4 hours ago, Epistemon said:

+1

Arduino toolchain is quarantined as of this morning at 9:10 when MB was updated.

I can't see how to contact MB and raise a support ticket. Any ideas?

 

Malwarebytes it doesn't detect avr-g++ anymore. However, Malwarebytes detects "avr-objcopy.exe" in the directory "Arduino/hardware/avr/bin" as Malware.AI now.

Do you also have this detection?

 

sha256: 5bc07336d3dc78ef13a36db73b66ca206447fc9a40035ba8f481901084f737d5

Link to post
Share on other sites
1 hour ago, avocado123 said:

 

 

Malwarebytes it doesn't detect avr-g++ anymore. However, Malwarebytes detects "avr-objcopy.exe" in the directory "Arduino/hardware/avr/bin" as Malware.AI now.

Do you also have this detection?

 

sha256: 5bc07336d3dc78ef13a36db73b66ca206447fc9a40035ba8f481901084f737d5

Yes I got the same once.

I'm an Arduino noob but use other IDEs/toolchains for work. My guess is that my source hadn't changed so the so the compiler (avr-g++?) wasn't called and moves straight on to the linking stage (avr-objcopy.exe?).

Anyway, I contained the problem by adding C:\Program Files (x86)\Arduino to the allow list so it doesn't bug me for the time being.

I also raised a ticket with MB. I'll report back on its progress.

 

  • Like 2
Link to post
Share on other sites
9 hours ago, Epistemon said:

Anyway, I contained the problem by adding C:\Program Files (x86)\Arduino to the allow list so it doesn't bug me for the time being.

I also raised a ticket with MB. I'll report back on its progress.

 

I updated MB and was able to compile just now onto my arduino Uno. I updated the AVR boards package, and used both Arduino IDE 2.0 beta-5 as well as the normal supported 1.8.13 IDE.

Seems as though the problem is fixed for me, I didn't have MB ignore anything and it seems to now recognize those .exes as safe. I'll keep checking to see if anyone else reports back or if Epistemon hears back on their support ticket.

  • Like 1
Link to post
Share on other sites

The support team got back to me and said the latest database fixes the issue so looks like they fixed it. I removed Arduino from the allow list and it seems to work now. I guess these things happen. They can't test every file I suppose.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.