Norton reports Suspicious.Cloud.7.EP in Windows 8 and deletes TeensyDuino.exe

[RichardFerraro]

I am rebuilding my system on my Windows 7 machine and tried to download and save TeensyDuino.exe

Norton indicates that the Teensyduino.exe download file from the is infected and deletes it.

Is this Norton alert:

Suspicious.Cloud.7.EP
Detected As:Suspicious.Cloud.7.EP

a real concern?

thanks,

Richard

 

[PaulStoffregen]

a real concern?

Unlikely. These false positives are pretty common.

Here's the checksums for the original file, cross-compiled on a Linux machine, before copying to Windows:

MD5: 6b8a503eea27a151e5c6df109a437d03  teensyduino.exe
SHA1: 69cbf29e78986ea46aba4bcca6d76e821a216f90  teensyduino.exe
SHA256: 8f5605fadb19baedbbf6d13c85ef98dd135c6f4113447a8b64bb2136e5e57fbe  teensyduino.exe

You could try reporting the false positive to Norton. Or just give it a day or two. The next update almost always corrects these false positives.

 

[stevech]

Norton! Yikes. Banish!

I use Microsoft Security Essentials (MSE) because
a) it's free
b) who more than Microsoft has a vested interest in protecting the operating system from malware?

 

[robsoles]

Just my two cents but... I've removed Norton from so many machines it isn't funny - what is funny is that anywhere between immediately to only about a month later the people I freed from it thanked me and understood that it was the root of all the problems they had which I blamed on it after all.

Admittedly no experience with anything from Norton in the last three years but 10 (almost 15, actually) years ago I was replacing it with the freebie from AVG, 6 years ago I was on Comodo and lately I am pushing the Avast freebie. I wouldn't leave it to Microsoft, stevech, despite their vested interest they are still the dills that brought us Windows ME, Vista and 8 (although it looks a bit like they've recovered 8, did you see Vista? )

All active antivirus and firewall software, particularly freebies, run the risk of landing a spot on a PUPS list (potentially unpopular software) but Norton has always taken the cake, makes me nearly cry when I find out people have paid for it (even in the last three years) and I loathe those companies (who at least used to be) pushing it with their hardware and software.

The major shortcoming with freebies is all the attempts to get you to buy the paid version and other advertising style stuff - Avast hasn't always behaved perfectly but it has been a long time since it 'upset' me and it isn't that hard to get its 'push sale' stuff down to barely noticeable.

Yep, banish Norton - I used to tell people who didn't believe me that it was bad to just google "how to really uninstall norton from my PC" and read the headlines and snippets of the google results; probably all replaced with glowing reviews nowadays but, like MS, they had their chance to prove me otherwise and I just don't trust that they can ever make decent software.

I wish Peter Norton never sold out.

 

[PaulStoffregen]

Microsoft Security Essentials also had a false positive on Teensyduino a couple months ago. The next update (just a couple days later) silently fixed the problem.

Over the years, I've had these virus scanner false positive reports on pretty much all of them. So far, none has turned out to be an actual infection in the file on the PJRC server.

I build the Windows version of Teensyduino on a Linux machine using MinGW as a cross compiler. The compiled .exe file is then copied to a real Windows test machine, where I test it. The .exe you download from PJRC.COM is copied directly from the Linux build machine to a Linux-based server. I never move data from the Windows test machine to the server. The bytes you're getting have never been on any computer running Microsoft software!

Of course, this process isn't impervious to attack. I keep the Linux systems updated. On the development machine, I use browser extensions like noscript and an email client that doesn't allow javascript and only saves attachments as non-executable files (never automatically sets the unix exec permission bits).

I also tend to wipe and re-image the Windows test machine pretty frequently. Historically, I've had terrible luck with Windows, so I always prefer to wipe it to a clean, freshly-installed state before I test new code. I don't really use the Windows machine for much of anything other than testing Teensy. I find Windows terribly frustrating, so even while working with Windows for testing, if I need to look something up, I tend to use my Linux machine and if I need something on the Windows machine, I tend to get it using Linux and I copy the data from Linux to Windows. I operate with a pretty deep distrust of the security and stability of Windows.

As Linux becomes more widely used, we'll probably start seeing more efforts to attack Linux systems. I might have to strengthen my process? But at least so far, this all-Linux process has worked pretty well.

 

[xxxajk]

False positives do suck, and I've seen them as well. Any good AV software would ask you if you want to delete or quarantine instead of just deleting.

Depending on how paranoid you are with a build machine... Here are the top Three:

Third best is a sand boxed VM. This is basically what Paul uses, more-or-less.

Second best is a VM that never has ever connected to any network.

The absolute best build box would have never connected to any network and all binaries on read-only media, like a liveCD.
The liveCD adda more protection since they are read only.... but... any work area is done on a RAM disk, and of course that can mean you need a lot of RAM.
Usually it isn't worth the effort to go that far unless you are dealing with software that involves something very dangerous to human health.