- This topic has 1 reply, 2 voices, and was last updated 8 years, 8 months ago by
.
-
Posts
-
This morning my VisualGDB starting giving me problems with weird error messages about a missing vgagent.exe
Rather than fuss with it, I decided might as well re-install – as I noticed there was an incrementally newer version available. So I downloaded VisualGDB-5.2r8-trial.msi (the previous one I downloaded was VisualGDB-5.2r7-trial.msi from January). All installed successfully and I was able to resume my attempts at getting my Segger JTAG to debug the ESP8266 (which I did!)
After taking a break for a few hours, when I returned Norton Anti-virus had popped an alert that it had detected Heur.AdvML.B – (googling this and there appears to be many bait-and-infect links, so be careful)
There’s a thread on the Norton forum that questions whether other similar ones are false positives:
https://community.norton.com/en/forums/heuradvmlb-detected-false-positive-or-not
I seem to have difficulties uploading pictures here, so I posted a picture on my blog page here:
http://gojimmypi.blogspot.com/2017/02/visualgdb-missing-vgagent.html
The Norton site may be able to help with the False positives… and/or perhaps the Sysprogs folks can double check to ensure there’s not an infection.
Please advise if there’s 100% certainty that this file is safe. What does this file do, and what should I expect to see without it?
Thanks
Thanks, we can confirm that behavior. We have contacted Symantec and submitted a false positive report. Based on our previous experience, it will take 1-2 business days for them to confirm this and add the file to the exclusion list.
Unfortunately this is a common problem with most of modern antivirus software: they basically search every executable file for known substrings that are known to occur in malware. However due to the huge size of the malware databases, a random executable file has a very chance of triggering a false positive alarm. Then we contact the antivirus vendors, get that specific file excluded and a few releases later when a few bytes are changed in the file, the problem occurs again.
To be 100% sure, please check your vgagent.exe via VirusTotal. If the checksum is 4af5f0de3cb7c87d3c4fada33372dfa020364c27a6ba9471b9db268526ab2f47, the file is authentic (currently 3 products on VirusTotal are reporting it as suspicious pending our false positive reports).
- You must be logged in to reply to this topic.