Good afternoon folks. I’ve got a client who recently installed MAVProxy, and our antivirus solution is detecting it as malicious. I ran two executables, mavproxy.exe and mavexplorer.exe, through Virus Total and a few other engines are detecting it as well. I’m doing some research and due diligence on this issue and wanted to reach out to the community to see if this was a known issue. Thanks in advance!
Seems quite odd… I used both of those extensively for almost a year (June 2020-May 2021) with Sophos, and never got anything. Do you know if they installed it from the official source or some kind of third party ‘Hey Download MavProxy Free Here’ kind of thing?
1 Like
As log as you’ve downloaded MAVProxy from https://firmware.ardupilot.org/Tools/MAVProxy/, you should be OK. I suspect it’s a false positive.
1 Like
This is a common issue with software packaged via PyInstaller on Windows (and as far as I know MAVProxy is packaged via PyInstaller). The reason is that all PyInstaller executables share a common “bootloader” code, and since PyInstaller is also popular among malware authors, some antivirus tools erroneously flag the presence of the PyInstaller bootloader code, yielding a false positive. The issue is perennial and there’s not much the PyInstaller devs can do about it.
1 Like