I started up Arduino IDE v2.3.2 today, and windows is blocking "C:\Users\myname\AppData\Local\Arduino15\packages\builtin\tools\serial-discovery\1.4.1\serial-discovery.exe" from running.
I never had this happen before. I checked the file with virustotal and it complains about serial-discover.exe having malware. Has anyone noticed this recently?
I checked another PC that I hadn't used arduino IDE in a week or so. Before opening it, I went into the dir:
"C:\Users\myname\AppData\Local\Arduino15\packages\builtin\tools\serial-discovery"
I noticed only the directory 1.4.0 existed. However, when I started arduino, it immediately did some updates which then added:
"C:\Users\myname\AppData\Local\Arduino15\packages\builtin\tools\serial-discovery\1.4.1"
This is where the new serial-discovery.exe was added, which both windows won't run now, and virustotal has multiple red flags on.
Arduino logs show the update that added the 1.4.1 directory:
2024-05-23 20:16:39 2024-05-24T02:16:39.654Z daemon INFO time="2024-05-23T20:16:39-06:00" level=info msg="Starting download" url="https://downloads.arduino.cc/discovery/serial-discovery/serial-discovery_v1.4.1_Windows_64bit.zip"
2024-05-23 20:16:40 2024-05-24T02:16:40.056Z daemon INFO time="2024-05-23T20:16:40-06:00" level=info msg="Installing tool" Tool="builtin:serial-discovery@1.4.1"
2024-05-23 20:16:40 2024-05-24T02:16:40.092Z daemon INFO time="2024-05-23T20:16:40-06:00" level=info msg="Skipping tool configuration." Tool="builtin:serial-discovery@1.4.1"
2024-05-23 20:16:40 2024-05-24T02:16:40.092Z daemon INFO time="2024-05-23T20:16:40-06:00" level=info msg="Tool installed" Tool="builtin:serial-discovery@1.4.1"
I assume others will notice this issue?
Hi @medtech1. Thanks for your report. I have notified the Arduino Security Team of your report. I will post an update here if I learn anything more about the situation.
The "Attack surface reduction" feature that blocked Arduino IDE's use of the serial-discovery tool version 1.4.1 is a feature of the Microsoft Defender for Endpoint security software, which is used on managed machines in an enterprise environment (i.e., a work computer). I don't have access to a machine running Microsoft Defender for Endpoint so I'm not able to reproduce the problem. I did check on a machine running the standard "Windows Security"/"Microsoft Defender" software and it doesn't have any problem with serial-discovery 1.4.1. It is likely that a smaller portion of the Arduino userbase have machines with Microsoft Defender for Endpoint, so this explains why others have not reported this problem before you.
This is expected. The serial-discovery tool provides Arduino IDE with the list of serial ports present on your computer. On startup, Arduino IDE checks to see if a newer version of serial-discovery is available than the one currently installed. If so, it automatically updates the tool. Arduino released version 1.4.1 of serial-discovery earlier today, and all Arduino IDE users receive the update upon starting the IDE.
As Microsoft Defender for Endpoint mentions prevalence and age as trust criteria, it might be that Microsoft Defender for Endpoint will shortly start to allow the use of serial-discovery 1.4.1 as it is installed on more and more people's Windows computers, and as time passes.
If this is blocking you from being able to use Arduino IDE and you need an immediate workaround, I can provide instructions for how to force Arduino IDE to continue to use the non-problematic version 1.4.0 of serial-discovery.
Hi ptillisch.. thanks for the reply.
Just for info, I did the test on two different PCs.. both running windows 11 Pro (Version 10.0.22631 Build 22631). The install and the windows defender is "stock/non-enterprise" with no special or added additional programs or updates. I'll be curious to see how many are affected.
And yes, please do let me know how to use the 1.4.0 version as I can't use IDE as it is. Appreciate your help!
OK, here you go:
C:\Users\<username>\AppData\Local\Arduino15\packages\builtin\tools\serial-discovery\1.4.1
<username> is your Windows username)
Please be careful when deleting things from your computer. When in doubt, back up!1.4.0 folder at the following path to 1.4.1:C:\Users\<username>\AppData\Local\Arduino15\packages\builtin\tools\serial-discovery\1.4.0
<username> is your Windows username)The IDE should start up without any problems and work as usual.
Arduino IDE determines the installed version of serial-discovery from the installation folder name. So by renaming the folder of the 1.4.0 installation of the tool to 1.4.1, Arduino IDE will use the non-problematic version 1.4.0 of the tool without attempting to update it to the problematic 1.4.1.
The only significant difference between version 1.4.0 and 1.4.1 of serial-discovery is a fix for a rare macOS-specific bug, so you don't miss out on anything important by using 1.4.0 on a Windows machine instead of 1.4.1.
Perfect.. thank you!!!
You are welcome. I'm glad if I was able to be of assistance.
Regards,
Per
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.