arduino-ide_2.0.0-beta.11_Windows_64bit.exe malware found during installation

[PickyBiker]

When installing the title file, Webroot Secure Anywhere flags the following file as malware W32.Adware.Gen.

C:\Users\Mike\AppData\Local\Programs\Arduino IDE\resources\app\node_modules\drivelist\build\Release\drivelist.node

The install is on a PC with windows 10.

[rsora]

Hi @PickyBiker thank you for your report!

I ran a quick scan on virus total using the Github link we provide as a source and the file is reported as clean https://www.virustotal.com/gui/url/4dfe88ec1d9f89c4db275e276432b2a94304773a39f6dc9d87de2a433be6ac8e

Can you please share the exact link you used to download the IDE? Was it the Github release page https://github.com/arduino/arduino-ide/releases or the Arduino Software page https://www.arduino.cc/en/software#experimental-software ?

Thank you and happy coding!

[PickyBiker]

Here is the link I used.

Hope it helps. https://downloads.arduino.cc/arduino-ide/arduino-ide_2.0.0-beta.11_Windows_64bit.exe

On Wed, Sep 22, 2021 at 2:15 AM Roberto Sora @.***> wrote:

Hi @PickyBiker https://github.com/PickyBiker thank you for your report!

I ran a quick scan on virus total using the Github link we provide as a source and the file is reported as clean

https://www.virustotal.com/gui/url/4dfe88ec1d9f89c4db275e276432b2a94304773a39f6dc9d87de2a433be6ac8e

Can you please share the exact link you used to download the IDE? Was it the Github release page https://github.com/arduino/arduino-ide/releases or the Arduino Swoftware page https://www.arduino.cc/en/software#experimental-software ?

Thank you and happy coding!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/arduino/arduino-ide/issues/512#issuecomment-924652760, or unsubscribe https://github.com/notifications/unsubscribe-auth/AD4G3TZOPJMNSX43H3OIDU3UDF7ABANCNFSM5EPXAF7A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

[wsmagee]

I had the same issue I used the link from the https://www.arduino.cc/en/software page and selected the Win10 and newer 64 bit. https://downloads.arduino.cc/arduino-ide/arduino-ide_2.0.0-beta.11_Windows_64bit.exe

I am also using WebRoot and it does not like the drivelist.node file. I had previously tried with V9 Beta and it did the same thing. Thanks

[jeffrbeyer]

I just sent both links through Virus Total and both came up clean. I also tried the install in a sandboxed vm and can see it does not drop that drivelist.node file anywhere , at anytime during installation. It might be picking it up from your system instead?

[wsmagee]

I would not be able to answer if the drivelist.node file is somehow coming from my machine. I would not know how to tell that. But I do know the folder it ends up in did NOT exist before the install.

However, I just tried again today, and using Beta 12 directly from GitHub (https://github.com/arduino/arduino-ide/releases/download/2.0.0-beta.12/arduino-ide_2.0.0-beta.12_Windows_64bit.exe) It installed all the way without issue this time.

I searched the folder that was added when it installed (C:\Users\yourusername\AppData\Local\Programs\Arduino IDE) and found that drivelist.node does still exist. But I am not getting it flagged anymore by WebRoot. So not sure what changed but with this install it seems to be fine.

The drivelist.node is in C:\Users\yourusername\AppData\Local\Programs\Arduino IDE\resources\app\node_modules\drivelist\build\Release