First of all I want to apologise if this is in the wrong section, I couldn't really discern the best place for this to go.
Yesterday I turned on my PC and got a Windows Defender alert suddnly telling I need to take action about a file, something that's never happended on this PC.
The threat detected was for BrowserModifier:Win32/Xiazai and the file it was affecting was AppData\Roaming\systray\systray.dll.
I removed the file but I got the exact same alert today, after deleting and a restart I confirmed it was being created when I logged in.
I used Process Monitor to find out what was making it and it pointed me to Arduino Create Bridge, which confuses me because I've had this on my PC for a few months now (albeit I rarely use it) and I've never had a security alert.
To double confirm everything I removed the plugin and the affected file, restarted and got no new alerts, upon re-installing the plugin I immediately got the same alert.
What concerns me about this is that Windows Defender has no mention of Arduino, and nothing in the properties of systray.dll has any mention of Arduino, only "Brave New SOftware Project, Inc" as the digital signer.
The web editor wasn't detecting the plugin until I told Windows Defender to allow it, so it's definitely has something to do with Arduino.
Can anyone explain what's happened here? Has Windows perhaps updated with with new definitions and started detecting this file? Did the plugin update?