+ 22

PyInstaller - virus warnings

After I managed to create a single-file exe with PyInstaller, there was a problem: Norton told me it was a dangerous file, probably a virus. When I googled a bit, I found out that this seems to happen frequently with other virus killers like Kaspersky as well. Since people will hardly download something marked as dangerous, compiling a script becomes rather useless. Is there any way around this?

12th Sep 2018, 10:48 AM
HonFu
HonFu - avatar
16 odpowiedzi
+ 21
We've had some discussions on this, I can't find the thread, but I remember the idea was to ditch so-called premium antivirus software lol. There's no problem with your code (or at least that's what I believe, without looking at your code at all) - Instead of checking program behaviour, it identifies how the program executes and deduces how it was built. Since quite a number of exploits were built using that utility, let's block all of those programs which were compiled like this - The lazy way out. I would suggest reporting false positives to Norton/Kaspersky/whateverwowitis, but seeing that it's still an issue after years of reports, I doubt the effectiveness of the course of action. There are some which would recommend you to upload your script/program to a couple of virus identification sites, so that antivirus software which pull data off those sites would see that you've been whitelisted. It may be worth the shot.
12th Sep 2018, 11:53 AM
Hatsy Rei
Hatsy Rei - avatar
+ 10
The script is totally harmless: It takes a bit of input, calculates some stuff, writes the result in a txt-file. No graphics, no 3rd party stuff, not even an import. And everything works fine, even compiled. Yeah, up to now the typical virus programs (which basically act upon prejudice - whoopey) seem not to have been updated, at least not Norton and Kaspersky. The solution methods seem rather burdensome and probably fruitless. But if a compiled Python program can't run easily and peacefully in the natural environment of a user's pc, I really wonder if there's even a usage for Python outside of data science and the like. Because clearly private people, and companies alike will continue to trust their virus softwares and refuse to install anything with a 'potential harm' label on it. Why is other compiled software not called out?
12th Sep 2018, 12:22 PM
HonFu
HonFu - avatar
+ 5
false positive
12th Sep 2018, 11:22 AM
Samces
+ 5
HonFu yea that's a tough situation. installing python seems like the easiest solution, so i suggest going for that
12th Sep 2018, 5:28 PM
hinanawi
hinanawi - avatar
+ 4
hinanawi, thank you for the recommendations, I will look into these for my personal environment. Norton, Kaspersky and these are rather omnipresent, though, so the problem remains since I can't tell people: 'No, no, don't be afraid of all these (verbose) warnings, just choose a different anti virus software than ANY of the ones you know!' In my case I am not selling software or anything, but I want my boss to run my script, and she wants it too, because it saves her a few hours time. But even in that situation it's already annoying. She can't easily put it on the office computer since we've got Kaspersky there. So she would have to bring her own computer to work - that is if I can convince her that the program will really, really not do any harm to her pc. ;-) Or she has to install Python, which has zero meaning for her.
12th Sep 2018, 5:26 PM
HonFu
HonFu - avatar
+ 2
Yeah, Samces, I know - but that doesn't solve the problem, since users will generally only accept a 'true negative'.
12th Sep 2018, 11:29 AM
HonFu
HonFu - avatar
+ 2
Can you post log from AV? I am curious because I compiled few python codes and used them across computers with different security measures without issues.
12th Sep 2018, 1:12 PM
Samces
+ 2
Samces, do you mean the reports of the anti virus programs? I have no access to them right now (will try to look at that later). I tried to run that exe on two different pcs, one with Norton, one with Kaspersky, different Windows versions.
12th Sep 2018, 2:16 PM
HonFu
HonFu - avatar
+ 2
i recommend using Avast, Malwarebytes or Protegent as those AV's have never reported python scripts as viruses
12th Sep 2018, 5:08 PM
hinanawi
hinanawi - avatar
+ 2
What about uninstalling the Virus (Norton)?
13th Sep 2018, 4:06 PM
N00B
+ 1
After renaming my script before compiling,I fixed this issue for my case.
7th Feb 2020, 6:34 PM
Hasan Aslan
Hasan Aslan - avatar
+ 1
Even Google Drive complains of a virus and doesn't let my friends run the stuff I send. We really need a solution.
23rd Jul 2020, 5:22 PM
Green05
Green05 - avatar
0
hinanawi (may be left) I don't recommend avast. I have used their AVs without any problems. But I don't like the company because it has done some inappropriate things(at least i believe) and made good companies bad after taking over them. One example is CCleaner. They totally messed our fun.
7th Nov 2018, 7:40 PM
Roneel
Roneel - avatar
0
Hasan Aslan can you explain how you fixed your issue i want to resolve mine too, so can you help??
8th Nov 2020, 12:08 PM
Shivang Shirvani