antivirus/AV blocking interaction with Teensy device via Powershell

[dpmanthei]

Good day,

I had a very long post written but I'm starting fresh because this just doesn't need to be complicated.

A teensy, running compiled code on a freshly installed Windows 10 PC with very limited permissions, that prints ascii strings to the serial port every 20ms, should NOT be causing antivirus to become angry, right? The Teensy hardware itself and the USB port connection should not be causing AV to block access to the serial port, right?

I wrote the code on an engineering PC with Arduino+Teensyduino and uploaded to the device. That worked fine. Now I'm just trying to 'run' the device on another W10 PC that does not have Arduino IDE or Teensyduino installed so it can show the value of a quadrature encoded measurement device. I can add code and detail if needed but I thought this could be answered without as it's more hardware/Windows related.

Thanks in advance!

 

[PaulStoffregen]

A teensy, running compiled code on a freshly installed Windows 10 PC with very limited permissions, that prints ascii strings to the serial port every 20ms, should NOT be causing antivirus to become angry, right? The Teensy hardware itself and the USB port connection should not be causing AV to block access to the serial port, right?

It shouldn't. Sounds like a pretty lame anti-virus program. Care to name & shame which vendor this is?

Occasionally various anti-virus programs have erroneously flagged the Teensyduino installer or other software from PJRC. We're not alone in this. False positives are an unfortunate reality of almost all anti-virus software. They sometimes flag Arduino and software from pretty much every independent software publisher. Most AV vendors have web form to report false positives and they usually correct it on their next update.

Also on rare occasions we've seen anti-virus software interfere with the localhost-only communication between Arduino and Teensy Loader. Long ago the main culprit was Zone Alarm.

This is the first I've heard of an anti-virus program complaining about Teensy appearing as a USB serial device, not actually installing or running any code on the PC. Very odd...

 

[dpmanthei]

AV is Carbon black. Thank you for the reply, I think you've done just what Carbon Black Support wanted which was 'confirm it isn't the hardware'.

I feel strongly the issue is actually the PowerShell script that's interacting with the Teensy. It's creating an always-on-top window, enumerating serial ports, connecting to one and communicating with it, and sending virtual keyboard events to whatever text field has focus in a custom manufacturing software we use internally. I can see most of those things causing concern for an overzealous antivirus and none of that is Teensy/PJRC's problem. The script is using all built-in Windows commands and dependencies so we aren't introducing any security vulnerabilities with 3rd party libraries or packages...and we thought that strategy would mean maximum compatibility with our IT software and policies. It's Microsoft top-to-bottom including the device drivers...I didn't install any drivers or software on the host computer.

I sent the script to our IT people and suggested we send it to CB so they can find the problem and address it...because this does seem like the AV is overreacting to something (in my opinion). The work around we're using to continue to operate these stations in our manufacturing environment is getting very old so I hope to hear something soon.

Thanks again!