Cargo has FileRepMalware?

TheTao · July 9, 2025, 9:52pm

I am an experienced programmer, but new to rust. I have used rustup to install the latest version of the toolchain to my windows 11 laptop. I'm checking versions and get the following

C:\Users\scott>rustc --version
rustc 1.88.0 (6b00bc388 2025-06-23)

C:\Users\scott>cargo --version
error: command failed: 'cargo': Access is denied. (os error 5)

I also get a message from Norton that cargo.exe contains FileRepMalware. I have reported it as a false positive to Norton.

I assume everyone is sure that there is no malware in cargo? Any other thoughts?

firebits.io · July 9, 2025, 10:09pm

It's very common for antivirus software to detect false positives from compiled executables. Thousands of similar search results are just a web search away.

jonh · July 9, 2025, 10:18pm

"FileRepMalware" is not identified malware. It is just a tag that says the program machine code does things that some malware also does in a similar way.

TheTao · July 9, 2025, 10:36pm

I understand that. I assume that it doesn't have that malware and I've reported it as a false positive to norton. I just hope the folks the that generate the code haven't let something slip in. Meanwhile, I'm unable to do anything since Norton"quarantines" it.

TheTao · July 9, 2025, 10:40pm

I found a way in Norton to get at the quarantined files and set an exclusion for that file. That resolves it for the time being.

blonk · July 10, 2025, 1:14am

Windows Defender goes through periods where it'll think my compiled Rust binaries are malware. It seems to trigger more often when I'm developing windows services. I searched for the malware type it "detected", and People On The Internet said that part of the name suggested it was some new "AI" heuristics that was triggering the false positives.

This is apparently how things are supposed to be these days.

drmason13 · July 10, 2025, 11:15am

Essentially yeah, it allows us to identify unknown malware which is much safer than only being able to identify malware that we've already seen before.

But the price is false positives, things that look like malware or do things that malware does aren't always malware.

Being able to tell your antivirus "OK sure, thanks for the heads up, but I know this isn't malware" is very important, and an expected part of the process of using antivirus software.

Do we wish it was smarter and had fewer false positives? Yeah of course, but malware is crafty and pretends to be normal software, which makes it a difficult problem!

bjorn3 · July 10, 2025, 12:54pm

FileRepMalware seems to be a generic name for any executable which has a too low "reputation". Aka not enough users of norton have used this executable yet. If we were to start code signing rustc.exe and cargo.exe the reputation would likely get inherited across versions. As I understand it however there are organizational issues that make it hard for us to implement code signing.

system · October 8, 2025, 12:54pm

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.

Topic		Replies	Views
Cargo.exe detected as threat from mcafee	7	1595	July 13, 2021
Malware in rust installer? help	8	5018	January 12, 2023
Rust 1.35.0 - Trend Micro Thinks it's a Virus help	4	1075	August 22, 2019
Cargo/rustup/rustc crash when installing via rustup on Windows 10 help	13	3138	January 12, 2023
Malicious thing in rustup-init.exe community	5	2259	October 4, 2021

Cargo has FileRepMalware?

Related topics