Hi
I have just downloaded the 1.9 beta version from the website and installed it, but is has a virus
\arduino-PR-beta1.9-BUILD-116\tools\mdns-discovery.exe is infected with Trojan.GenericKD.41636109 and was moved to quarantine.
Hi
I have just downloaded the 1.9 beta version from the website and installed it, but is has a virus
\arduino-PR-beta1.9-BUILD-116\tools\mdns-discovery.exe is infected with Trojan.GenericKD.41636109 and was moved to quarantine.
To be sure I have passed the issue along.
Can you add any extra details ?
You may want to READ THIS for future reference.
It will help you get the best out of the forum.
Bob.
The beta versions was downloaded from https://www.arduino.cc/en/Main/Software. The virus has been detected and removed during the installation using Bitdefender total security. Is it more safe to download the Beta software or form GitHub ?
Gert
They are checking as we speak.
My own suggestion is that unless you have a very specific requirement for the BETA version then just for now dont download.
Bob.
You may also want to download the free version of Malwarebytes and run a full sweep.
Bob.
Hi there, thanks for the report. We have checked it and believe it's a false positive. We've submitted an appeal to Microsoft and other AVs and it's recovering as we speak.
Source code of the mdns-discovery.exe binary that we compile from (our) sources: mdns-discovery/main.go at main · arduino/mdns-discovery · GitHub
Can you please let me know which AV did notify you about it? Was it Windows Defender or others?
Looking forward to hearing from you.
Gianluca
Hi, I using Bitdefender total security - was it a fake detection or?
Gert
It was a "False Positive"
The team has sent out the requests to have it dealt with by the security companies.
New software can often throw out these types of issue so not just Arduino.
It is safe to use.
Bob.
FatFatHd:
Hi, I using Bitdefender total security - was it a fake detection or?Gert
Hi, Yes - it was a false positive. We've received confirmation the detection is being removed from the AV's definitions. It may take up to 72 hours to reflect on all other AVs using the same database.
Thanks for the patience,
Gian
Hi Gian
Just for information.
Bitdefender has detected arduino-PR-beta1.9-BUILD-116/tools/serial-discovery.exe as Trojan.GenericKD.41196648
Gert
@gvarisco -- just thought I would mention that the latest BitDefender definitions (as of 2020/06/09) still appear to trigger on "serial-discovery.exe" (MD5: 361264A6D0E6341CE3901699DBF46663), so it may be worth another followup with the AV vendors at some point (it wasn't clear if your original appeal may have only whitelisted "mdns-discovery.exe").
For other BD users (assuming this is indeed a false positive): one can go to the BitDefender app, navigate to the Protection -> Quarantine page, locate the "\tools\serial-discovery.exe" entry and click on Restore in order to undo the quarantine.
It may be worth noting that a number of users will likely be trying to install the beta in the next few days as a result of today's recent Arduino startup issue (GitHub: Arduino Issue #10332).