Could it be that F-Secure is killing arm-none-eabi-g++ with signal 9 (SIGKILL)

Cor053
Cor053 Posts: 1 New Member
edited October 24 in Device Protection

hello,

I try to run a crosscospiler called arm-none-eabi-g++. But it is consequently killed by a signal 9 (SIGKILL) on my Macbook Pro M3. In the console I find the line below. Which makes me believe that F-Secure is actually inspecting the activated compiler. But I am not sure how to interpret this line of console log. Can you explain what it means?

Scan result for /Users/corhofman/Library/Arduino15/packages/rp2040/tools/pqt-gcc/4.0.1-8ec9d6f/bin/arm-none-eabi-g++: infection = (null) cloud = <SCKSecurityCloudResponse: 0x60000206a5c0>: safetyVerdict: <SCKSecurityCloudSafetyVerdict: 0x600003be7db0>: value: unknown, infectionName: , ttl:8273, isFinal: 0, categories: (null), prevalence: 2, trustworthiness: -1

Like Awesome

Accepted Answer

  • JOnes
    JOnes Posts: 709 Forum Champion
    Answer ✓

    "The scan result you shared indicates that the file located at /Users/corhofman/Library/Arduino15/packages/rp2040/tools/pqt-gcc/4.0.1-8ec9d6f/bin/arm-none-eabi-g++ has undergone a security check, and here’s a breakdown of the information:

    • infection: (null) — This suggests that no infection was explicitly detected at the time of the scan.
    • safetyVerdict: unknown — The security system is unsure about the safety of the file; it doesn’t conclusively mark it as safe or dangerous.
    • infectionName: (empty) — No specific malware or threat name is assigned to the file, as no infection is confirmed.
    • ttl (time to live): 8273 — The remaining time for which the current status is valid before it might need to be rechecked.
    • isFinal: 0 — This means the scan result is not final and could change upon further review.
    • categories: (null) — No categories are assigned, meaning it doesn’t fall into any known threat types.
    • prevalence: 2 — This indicates that the file has been seen twice or in two different places, making it relatively rare.
    • trustworthiness: -1 — This negative value indicates that the file's trust level is low or unknown.

    What this means:

    The file isn't conclusively identified as safe or infected, and further analysis may be needed. It could be a false positive, or it might be an uncommon or new file that the security system hasn't encountered before. You might want to:

    1. Rescan the file with a different antivirus or security software.
    2. Check the file's origin—if it's from a trusted source like the official Arduino toolchain, it may be safe.
    3. Update your antivirus definitions and rescan the file later for a more accurate result."

    Perhaps you could

    a) exclude the file/directory from scanner..

    b) reset the reputation cache

    https://help.f-secure.com/product.html#home/total-mac/latest/en/vsp_main-latest-en

    c) Send a sample of the file to lab

    https://www.f-secure.com/en/support/submit-a-sample

    1Like 1Awesome
Feedback on New Design

Categories