Cargo.exe detected as threat from mcafee

Hi there,

from time to time my mcafee recognized the cargo.exe as a security threat (TIE/Suspect!B4B44EAB1FE5) on my Windows 10 machine. As I only used rustup to install and update cargo and the other rust tools I'm wondering if anyone else has such issues and whether this is something the rust teams can avoid when building cargo for Windows?

The issue moves cargo into quarantine and I either trust cargo and remove it from beeing banned or re-install rust from scratch - both is kinda cumbersome and I'd like to avoid it.

Any hint if there is something I can do would be much appreciated :slight_smile:

Unfortunately this is always a risk with McAfee. The best thing Rust can do to help avoid it is to sign binaries. This is currently a work in progress.

2 Likes

Almost certainly it is a false alarm. As such you should raise an issue with mcaffee about it.

Perhaps someone might like to check it's not a real infection I guess.

1 Like

Reminds me of recently when my friend asked why Windows was saying an Open Source game I pointed him to might be harmful to his computer. I told him that it was because they hadn't paid Microsoft to say it wasn't a virus. :wink:

1 Like

Note to self:

Remember to get my malware signed before pushing it out.

Aside: I recall a wonderful day at Nokia, back when it was Nokia. When everyone came back from lunch they found every NT machine was blue screened and unbootable. Whatever anti-virus software they had had eaten part of the OS.

Aside, aside: Our project continued work as we all used Linux. As our project manager said "I want to keep Bill Gates' fingers out of my project as much as possible". Kind of ironic looking back.

3 Likes

Well quite interesting: once I remove rust completely and re-install it, everything is just fine, but as soon as a new rust/cargo version is available and I do update rust using rustup soon after 2 or more runs of cargo mcafee kicks in :roll_eyes:. So I suspect something on the way how rustup Updates cargo might trigger the false alarm?

Just guessing but as soon as it appears again I’ll report with mcafee.

Probably. I have a colleague that has some other crazy anti-virus software that the company he works for put on his work computer and it freaks out about things like Ruby trying to download its dependencies and then it locks it down after it goes out to the internet.