Plugin "caught" as a virus

I just learned about this app, “Arduino Create.” Never heard about it before. I logged in, downloaded the app, and got a “Application performing dangerous activity characteristic of malware” from my Kaspersky Virus tool. It found this: Detected:PDM:Trojan.Win32.Generic." It wants me to “Disinfect and restart the computer.” I’ve seen this error before and for those apps it was spot-on.

This kinda … “scary.” Anyone else had this problem? Thanks.

I have the same thing going on.

Hi, thank you for reporting this.

We already had this problem once: the way the connection between Arduino Create Editor and the Arduino Create Plugin works can be detected by some antivirus as potentially dangerous. This is necessary for properly connection between the Editor and the Plugin and is not malicious.

But we take the issue seriously, and we would like to perform some additional steps to check on this.

Could you please provide: - operative system version - antivirus version - antivirus detailed report about the file

I tried uploading latest version to virustotal as a check and this is the report: https://www.virustotal.com/#/file/508680f85465c78b4dde92aa712be1d238383f6a94f194406ef613304abacf6c/detection As you can see only 4 out of 67 are detecting it as unsafe and no one is detecting it as a trojan.

Could you please upload it too virustotal too and share the resulting link with us?

Thank you, Edoardo

I am using Mcafee LiveSafe and this is a constant problem. I have excluded the file from RealTime Scanning but there is no option to do this for scheduled scans. It is a disruption to your train of thought when you are mid code and find you need to do some housekeeping to keep the system alive.

Is it possible to resolve this, possibly by contacting Mcafee?

Hello @andywb, generally this should not be an issue! We strive as much as possible to avoid and remove false positives, but they still happen sometimes.

May you submit your agent binary to https://www.virustotal.com/gui/ and report the link here? I'll have our security team give a look at it and check for mitigations.

Uploaded and report states six engines detect this file, could it be the way it is installed?

This is the link

https://www.virustotal.com/gui/file/adfbdda69c6258d5e4c179c1752a6f4c360151f987b1960c7b71e169a794d843/detection

andywb: Uploaded and report states six engines detect this file, could it be the way it is installed?

This is the link

https://www.virustotal.com/gui/file/adfbdda69c6258d5e4c179c1752a6f4c360151f987b1960c7b71e169a794d843/detection

Thank you for your VT submission. I'm reporting this false positive to the antivirus vendors. I hope they update their db soon.

Thank you for your help and speedy responses, your assiatnce is appreciated.

KR's Andy B

Hi,

I'm using McAfee Antivirus on my system.

I'm still facing the problem where during the installation, McAfee Total Protection deletes / quarantines the file.

Need help.

@kinshukmustafi

You simply need to add it to the McAfee exclusions list.