New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trojan warning from Windows Defender and several other AV monitors with pyinstaller 3.6 #2125
Comments
I can confirm that I'm seeing the same thing with 2.16.1 zip file. Pyfa.exe gets flagged as infected with Trojan:Win32/Detplock which seems similar to issue #2040. Have no issue with my files from the 2.16.0 zip. |
Posted an explanation to reddit, gonna repost it here as well. It was reported on russian forums already. I've made a post describing what was changed and how builds are generated (so that IT nerds can see that build system is safe from my interference). I guess, will have to translate it here, since it affects more people than just russian community. Since Pyfa builds had issues in the past, I started doing virustotal check of windows exe build with every release. This release I also checked it, 2/68, quite acceptable. Once I started receiving reports about issues, I checked zip build, 1/56. And exe file of installed/unzipped build itself, 8/73, that's a surprise - until this moment I thought that all contents are unpacked and verified during an AV scan. So, to know why all of these detections appeared all of the sudden, you can check what was changed here. Not many changes, and nothing could trigger AV checks besides library changes. 3 libraries were changed: wxpython from 4.0.6 to 4.0.7.post2, pyinstaller from 3.3 to the latest version 3.6 (due to security issue in older versions), and pip was updated to 20th version just before final builds have started. Out of those libraries pyinstaller change is likely to trigger AV, because it's the software which wraps a python program with all its dependencies into a binary build (for all platforms, not just windows). Builds are generated by jobs on well-known 3rd party sites, under account which was set up by Blitzmann (who made them and as they just work I did not bother with ownership transfer), you can review job logs here: windows, mac. These jobs upload generated builds right to the release page without my personal interference. You can verify that builds were uploaded under Blitzmann's credentials at the time the jobs were running via github API. There is no way any malicious software gets into these builds from my machine, and all the changes between releases are visible on GitHub. So, I suspect that updated pyinstaller is triggering those AV monitors. Its repo has multiple issues about false positives closed by the maintainers with "ask AV companies to do something about false positives, we are not responsible for that". If anyone has any expertise on how to tackle such issues - I'm glad to listen. I might just try to contact AV companies, but no idea what else could be done about it. |
Thank you for a thorough answer! |
Also fyi i checked the release by installing in on mcafee-monitored win8.1 machine before publishing it. |
First step would be to determine what's included in the exe.
However, So AV warnings might indeed be connected to pyfa code itself (but they still might be not). Unfortunately I will not have access to Windows machine until tomorrow, so I am unable to experiment with it for now. |
So as temporary solution I just rolled back pyinstaller version to 3.3. Will use newer version once I can make exes which do not get flagged by everything. To those who had issues with v2.16.1 - please try v2.16.2 and tell me if it works for you. |
Apparently 64 bit executables do not get flagged, so might just switch to those. |
Results after I updated all major components: Not that bad, to my taste. |
Closing, won't be actual starting from next release |
Hi, as the title says, I got this warning when I tried to install v2.16.1.
I have used pyfa for several years, never have gotten any warning before, always worked.
Anyway, I didn't dear to install it.
I got this report from Windows Defender. See picture of my screen (attached)
But: Is this some issue with Windows Defender?
Btw Pyfa is great!
Kind regards,
OdiumE
The text was updated successfully, but these errors were encountered: