Hello,
I use Arduino cloud a lot, love it. I just started working on saved sketch this AM and my AVG anti virus picked up a new attempted infection of IDP.ARES.Generic via Agent.
Never seen anything like this. I then tried to reinstall the Agent, and got the same thing so I quarantined it. So now I don't have an agent and cant upload to my Uno.
Does anyone know what is going on?
I have a sense that the agent zip file from Arduino direct is infected, but dont know for sure.
Steven Lightfoot
Thanks for your report @steven_lightfoot.
I uploaded the latest ZIP files downloaded from Arduino's server via the Arduino Create Agent installation wizard on Arduino Cloud to the VirusTotal service. It ran a malware scan on the file using most major antivirus software and did not get any detections:
The "WIN64" version:
https://www.virustotal.com/gui/file/38867715087198fa6fd25e47e43feb2d503f68f6b9f40e5a58a675770799e621
The "WIN32" version:
https://www.virustotal.com/gui/file/95b5ac279bf3163d993adf4452f55c9b0dd5a7095578ce28139a135db5579adf
I also tried it with the installed Arduino_Create_Agent.exe file:
https://www.virustotal.com/gui/file/c137f059f98b5f56a3b4d35607759ea94d422bc10790385201a39808c8362bea
I am going to ask you to upload the file from your computer to VirusTotal and then share the link to the results page for the file on VirusTotal. This will allow us to understand whether there are any alterations to the file on your computer compared to the one on Arduino's download server, and whether the scan done by VirusTotal gets the same detection result as the security software on your computer. Please try this:
It didn't seem to fag anything. I rebooted my computer, I will try to install the download agent again.
The name of the downloaded agent file is: ArduinoCreateAgent-1.3.2-windows-amd64-installer-edge
This time AVG caught it again, but this it claimed to have completed the install, unlike last time where it stopped the process. At first it looked like the Agent icon was in the task bar, but when I tried to look at it, it disappeared. So it does not appear to be installed. The web editor still says it is NOT installed, and I get the yellow notice.
Please advise if I can do anything else. I am kind of stuck now.
I see the checksum of your ArduinoCreateAgent-1.3.2-windows-amd64-installer-edge.exe file is the same as what I got, which means the file on your computer is the same as the one on Arduino's download server.
I notice that AVG is making the detection on the application executable Arduino_Create_Agent.exe rather than on the installer executable ArduinoCreateAgent-1.3.2-windows-amd64-installer-edge.exe. Can you try uploading that Arduino_Create_Agent.exe file to VirusTotal, following the same instructions I provided in my previous reply?
That's so true I would also like to express my view in this.
10 Days back I genrally use IDE software only but I wonder to just give a try to online editor also. For the proper working I need to install Arduino Agent which gives me a lot of fake pop ups during the download I don't know why my antivirus and windows defender both stop me to install it but yet I anyhow manage it to download.
Now the story starts here.
Many additional driver and software is been download with the Agent and after that my laptop starts heating a lot.
20 virus is been installed to my system also which cause me a significant loss also some of the virus got enter into System32 too.
I have to clear my data and my laptop sucks.
After that my microsoft licesnese stop working and also which never happen instanly BIOS update is been started without any notification.
That was so frustrating with the help of QUICK HEAL WHICH SAVED ME I manage to recover my data
Developers please look into it what is the problem @ptillisch
I can try, I am not sure how to isolate that file. When I click on ArduinoCreateAgent-1.3.2-windows-amd64-installer-edge.exe it seems to proceed automatically and transparently, its not like I see separate files extracted from a zip so I can isolate. I am computer literate broadly high level, but not expect, can you advise more?
I looking to find the version in AVG quarantine, I will come back.
More info - I am still trying to find the exe file you mentioned. BUT I realized that before AVG acted Window Defend came on before. Btw I have done this before, a few times, never had an issue. I will keep looking for the exe file...
I too got the same
OK look at this - VirusTotal - File - 7445739a97e71fa1a93328c7d6dd88aa406a6edac6595f4091f836f356a66524
I managed to get the exe file out of AVg Quarantine, and isolate it, here is a screen shot of the isolated file....
I have gone as far as I can, can you advise what to do next? I will wait.
I went ahead and installed AVG on a virtual machine and I am able to reproduce the detection so it is not specific to your installation.
I have notified Arduino's security team of your report. I will post an update here if I receive any news from them.
Thanks for bringing this to our attention.
I don't have the qualifications to advise you on whether you should take this detection seriously or ignore it as one of the false positives that are generally common to encounter with software like AVG.
The safest approach will be to use Arduino IDE to upload your sketches to your Arduino board instead of the Arduino Cloud web interface. Arduino IDE 2.x has an integration with your Arduino Cloud sketchbook, so you can open any sketch you have saved on Arduino Cloud in Arduino IDE, do development work in the IDE editor, compile and upload the sketches to your Arduino board using Arduino IDE, and push any changes or new sketches you made in Arduino IDE back to your account on the Arduino Cloud server. You can learn more about that here:
You can work with Arduino IoT Cloud Thing sketches in Arduino IDE. You should use the Arduino IoT Cloud web interface to set up your variables and to edit or view your dashboards, but those operations don't required Arduino Create Agent to be running. Arduino Create Agent is required to create new Arduino IoT Cloud Devices so you will be limited to using the devices you already created. In case you do need to provision new Devices, there is an alternative command line tool for advanced users:
Thank you, I will seriously consider using IDE 2.0. You mean the downloaded version on my PC right, and just no longer use web editor?
I would be happy to investigate this, but I would need details about the problems you experienced in order to do that because, other than this "IDP.ARES.Generic" detection by AVG, I don't experience any problems when installing and using Arduino Create Agent. I can't investigate something I can't reproduce and don't have sufficient information about.
Are you still able to reproduce the problems now?
