meshtastic
[Bug]: build dependency adafruit-nrfuitil.exe flagged by AV software
Category
Other
Hardware
Not Applicable
Firmware Version
main
Description
adafruit-nrfuitil.exe flagged by AV software
Blocks firmware dev work on any machine with locked down AV.
https://www.virustotal.com/gui/file/9637a4d099f4a99cbbdfb14142345776582dfbd11d4f357748055b75006ac8c6/details
Related issue https://github.com/adafruit/Adafruit_nRF52_Arduino/issues/424 The fix seems to be using a different version of the library. TBD if that actually fixes the root cause or if the virus scan definitions just don't have the checksums for the latest master builds. :-\
Relevant log output
No response
It generally sounds like this is an issue bc virus profiles commonly bundle python code into an .exe (as this dependency has)
Almost certainly a false positive, but it would still be nice to figure out a way to resolve this upstream and then propagate that change here.
What antivirus triggered the false positive? They all have a way to submit software, I have done windows defender for the old desktop flasher.
Multiple vendors are flagging it as malware per VirusTotal
- Sentinel One
- Bkav Pro
- Skyhigh (SWG) (Zillya) form to report false positives
Given that so many systems are flagging it, I wonder if it would be easier to configure the installer bundle to not bundle the .exe. The binary used by linux/mac systems aren't having any problems.