pyinstaller wrong classified as Windows virus

Benjamin Schollnick bschollnick at schollnick.net
Mon Nov 29 14:04:03 EST 2021 

Windows Defender has a setting to also use “Reputation Scoring”.

What that simply means is that WDef will report back a hash to microsoft which is then checked to see if it is known.  If it is known, then it has a reputation and based off that reputation Defender will either allow it to run or not.

But if there is no reputation (eg no one has ever run it), that’s suspicious.  And that’s what you are running into.  

You can submit the EXE to the defender team, which should allow it to operate properly without any issue.

	- Benjamin



> On Nov 29, 2021, at 1:57 PM, Barry <barry at barrys-emacs.org> wrote:
> 
> 
> 
>> On 29 Nov 2021, at 00:03, anthony.flury via Python-list <python-list at python.org> wrote:
>> 
>> 
>> On 26/11/2021 07:13, Ulli Horlacher wrote
>>>> But consider another possibility that your compiler software is compromised
>>> Then https://www.python.org/ftp/python/3.10.0/python-3.10.0-amd64.exe
>>> is infected. I doubt this.
>> 
>> But you aren't using python3.10 to 'compile' the code to the executable that windows complains about: you are using pyinstaller, which if memory serves is a 3rd party application.
>> 
>> I assume that you have no problem running the script without pyinstaller ?
>> 
>> so Might pyinstaller be compromised in some way ?
> 
> Not likely.
> 
> On windows pyinstall, and other tools like it, create .exe files on windows.
> I would guess it’s that .exe that is triggering the malware detector false positive.
> 
> Barry
>> 
>> 
>>> 
>>>> Is this happening to only one set of code?
>>> This is happening SOMETIMES, not always. With the SAME source code. When I
>>> call pyinstaller often enough, then the virus scanner is quiet. In about 1
>>> of 20 compile runs.
>>> 
>>> 
>>> 
>> -- 
>> Anthony Flury
>> *Moble*: +44 07743 282707
>> *Home*: +44 (0)1206 391294
>> *email*: anthony.flury at btinternet.com <mailto:anthony.flury at btinternet.com>
>> -- 
>> https://mail.python.org/mailman/listinfo/python-list
>> 
> 
> -- 
> https://mail.python.org/mailman/listinfo/python-list

More information about the Python-list mailing list