Pyinstaller False Positives Update
I am always banging on about Pyinstaller created executables being marked as a Trojan virus, or even worse, ransomware, (how did they even determine that? Sounds like scare-mongering to me).
Recently I did a few experiments here, which led me to the conclusion that it is not Pyinstaller’s fault at all, or indeed any other of the freezing utils we have on Python, it is the AV people.
Briefly here are my test results:
I ran some experiments using my Dismal app code. I used this code as it was very small. When the code was frozen to a single file with PyInstaller , Virus Total came up with 26 out of 69 false positives.
This is what happened when I edited that code and re-froze it into a new .exe:
- Removed all code, left just imports in. Virus Total result: 26\69 false positives
- Just code, removed imports. Virus Total result: 26\69 false positives.
- No imports, just, print (“Hello World”). Virus Total result: 26\69 false positives
- The same results were had when not using the –onefile option as well.
If It’s Python, It’s a Virus
It looks like these AV people are not doing their jobs properly, they are over-compensating and basically saying, if it is a Python executable it is dodgy.
I wrote a long text to Avira (my AV of choice for many years), about how they and other vendors are giving me grief and stopping users running my freeware apps.
All I got back was an automated response, (see screen capture above), but it has allowed me to prove that my Dismal app, that has been disparaged as ransomware and everything else on the planet, is in fact clean, as well as three other of my apps that I had sent for testing.
By the way, if you use Avira you may well have fallen into the same trap many users have.
If you get a file quarantined, that you know is safe, you can restore the file and tick ‘whitelist the file’.
The problem is, Avira stupidly only whitelists it from scans, not from ‘real time protection’, so as soon as you even look at the file it is again quarantined, much to everyone’s annoyance and bewilderment.
How To Fully Whitelist in Avira
- To fully whitelist a file you have to manually go to :
- Manage Antivirus, (right click on the red umbrella in system tray)
- Now click on the tiny cog wheel icon. It’s placed bottom left and small for some insane reason.
- Now click on ‘real time scanner‘ and click the + sign to open list.
- Click on ‘exceptions‘ and lo and behold, there are options for RTP and the scanner
- Now click on the file selector in RTP and add your file and then the same for scan.
- Now your file will be properly whitelisted.
Really Avira?
Are you bad GUI designers, or are you doing it on purpose?
Though Avira has some good things about it, support for the free version for example and free daily updates, I might have to look around for something better I think.
You can get all my source code and projects from my Dropbox folder if that’s your bag baby.
Using Python V3.6.5 on Windows 7 64bit
Previous post:Python Code Snippets #10
I have also started another free blog of my personal memoirs (as if I don’t have enough to do already, LOL), if you want a peek, My Memoirs. Under construction.
from Python Coder
via read more
No comments:
Post a Comment