executuable in distutils triggering microsoft anti virus

[RobBairos]

BPO	27383
Nosy	@pfmoore, @tjguk, @merwok, @zware, @zooba, @dstufft

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/zooba'
closed_at = <Date 2016-06-24.16:56:32.439>
created_at = <Date 2016-06-24.15:03:41.880>
labels = ['type-security', 'library', 'OS-windows']
title = 'executuable in distutils triggering microsoft anti virus'
updated_at = <Date 2016-06-28.18:52:08.311>
user = 'https://bugs.python.org/RobBairos'

bugs.python.org fields:

activity = <Date 2016-06-28.18:52:08.311>
actor = 'Rob Bairos'
assignee = 'steve.dower'
closed = True
closed_date = <Date 2016-06-24.16:56:32.439>
closer = 'steve.dower'
components = ['Distutils', 'Windows']
creation = <Date 2016-06-24.15:03:41.880>
creator = 'Rob Bairos'
dependencies = []
files = []
hgrepos = []
issue_num = 27383
keywords = []
message_count = 5.0
messages = ['269186', '269193', '269203', '269448', '269449']
nosy_count = 7.0
nosy_names = ['paul.moore', 'tim.golden', 'eric.araujo', 'Rob Bairos', 'zach.ware', 'steve.dower', 'dstufft']
pr_nums = []
priority = 'normal'
resolution = 'third party'
stage = None
status = 'closed'
superseder = None
type = 'security'
url = 'https://bugs.python.org/issue27383'
versions = ['Python 3.5']

[RobBairos]

python 3.5: wininst-14.0.exe

Is triggering
Microsoft Security Essentials virus detection:

Recommended action: Remove this software immediately.

Items:
file:D:\PythonBuilds\202ee57ca3\py\Lib\distutils\command\wininst-14.0.exe

I've tried on two separate machines so far, with same quarantine.

Microsoft Security Essentials (running on Windows 7)

Antimalware Client Version: 4.9.218.0
Engine Version: 1.1.12805.0
Antivirus definition: 1.223.2544.0
Antispyware definition: 1.223.2544.0
Network Inspection System Engine Version: 2.1.12706.0
Network Inspection System Definition Version: 116.10.0.0

[zooba]

Wow, that sucks.

I just rebuilt it and it's still detected, so presumably somebody distributed malware as a bdist_exe and it made it into the signature. There haven't been any unexpected modifications to the sources.

I've submitted the file to the right people, so hopefully it will be removed from the signature soon.

[RobBairos]

thanks for the quick action!

[zooba]

FYI the definitions have been updated and I'm no longer seeing the false positive.

Definition version: 1.223.2858.0

[RobBairos]

Great. Thanks for the update

On Tue, Jun 28, 2016 at 2:37 PM, Steve Dower <report@bugs.python.org> wrote:

Steve Dower added the comment:

FYI the definitions have been updated and I'm no longer seeing the false
positive.

Definition version: 1.223.2858.0

----------

---

Python tracker <report@bugs.python.org>
<http://bugs.python.org/issue27383\>

---