Microsoft decided my PyInstaller application is a virus...

115 views
Skip to first unread message

Andy Robinson

unread,
Jun 11, 2020, 4:31:14 AM6/11/20
to PyInstaller
Hi all,

For a few years we've had a small Windows application created with PyInstaller. It connects the PhotoFinish in a Track & Field stadium with a cloud service.  It's very simple, with Tkinter, requests to talk to the web, and reads and writes local test files; nothing else.    It gets downloaded by quite tech-unsophisticated users (typically above retirement age) on the morning of a race; they just drop it on the desktop and run it, no installation program.

Last month Windows 10 started to tell people this was a virus.   Unfortunately our users are very often first-time users, and the steps to make Windows shut up and install it are quite complex and scary.   VirusTotal.com reports that it's 100% clean.

The app is here (feel free to try it, just drop on the desktop, run and you will see a window):


I reported a possible false positive to Microsoft and they said this:  "Analyst comments:  The submitted files do not meet our criteria for detection. No detection will be added for these files."   I think that means "we don't care enough about you"  :-(

This is about the third time I have had a false positive from a single EXE made with PyInstaller in the last decade.   Can anyone suggest ways to mitigate this?  Does anyone know of settings or things-included which are likely to cause this, or to mitigate against it?
Any ideas if it's the EXE itself, or the fact that it does not come "wrapped" in an MSI or InnoSetup-type installer?

Many thanks for all help

Andy Robinson
ReportLab

John Harrison

unread,
Jun 11, 2020, 7:18:09 AM6/11/20
to pyins...@googlegroups.com
I had a problem like this but it was solved by using a digicert ev code signing cert. What cert are you using? 

--
You received this message because you are subscribed to the Google Groups "PyInstaller" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pyinstaller...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/pyinstaller/24ac636d-4912-4822-9e4f-4cb119a44cbao%40googlegroups.com.

Andy Robinson

unread,
Jun 11, 2020, 10:24:20 AM6/11/20
to PyInstaller
None, I have to admit.  We just ran PyInstaller!  We have hardly done any GUI development in the last 20 years, I thought certificates were for web servers. Learning about this now, thanks for the tip....

To unsubscribe from this group and stop receiving emails from it, send an email to pyins...@googlegroups.com.

Stephen Rosen

unread,
Jun 14, 2020, 7:48:00 AM6/14/20
to PyInstaller
Just to offer up a datapoint: at my work, we're signing things and still got flagged by some AV software.
I doubt the cert is an EV one, but don't know offhand.


We've been planning to try the approach of recompiling the pyinstaller bootloader, potentially with some modifications to get it to appear different to the AV scanners.

The rationale is that AV scanners are incorrectly flagging the pyinstaller bootloader code, so if we change that...


I'm curious if anyone has experience taking that approach?

Peter Kaiser

unread,
Jun 14, 2020, 7:48:54 AM6/14/20
to PyInstaller
If you created it with UPX, you might turning UPX off.

Reply all
Reply to author
Forward
0 new messages