pyinstaller wrong classified as Windows virus

[Ulli Horlacher]

When I compile my programs with pyinstaller, Windows classifies them as
virus and even deletes them!

pyinstaller.exe --onefile --noconsole -i fex.ico fextasy.py
187 INFO: PyInstaller: 4.7
187 INFO: Python: 3.10.0
218 INFO: Platform: Windows-10-10.0.19041-SP0
218 INFO: wrote P:\W10\fextasy.spec
(...)
14392 INFO: Copying 0 resources to EXE
14392 INFO: Emedding manifest in EXE
14392 INFO: Updating manifest in P:\W10\dist\fextasy.exe
14533 INFO: Updating resource type 24 name 1 language 0
14579 INFO: Appending PKG archive to EXE
18836 INFO: Building EXE from EXE-00.toc completed successfully.

https://fex.flupp.org/fop/ylds7Y9d/X-20211125101112.png

What can I do?

Rebooting does not help :-}

--
Ullrich Horlacher Server und Virtualisierung
Rechenzentrum TIK
Universitaet Stuttgart E-Mail: horl...@tik.uni-stuttgart.de
Allmandring 30a Tel: ++49-711-68565868
70569 Stuttgart (Germany) WWW: http://www.tik.uni-stuttgart.de/

[Dan Purgert]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ulli Horlacher wrote:
> When I compile my programs with pyinstaller, Windows classifies them as
> virus and even deletes them!

> [...]
> What can I do?

Stop writing viruses ;)

Have you tried compiling from a different machine? Maybe there's
something broken on the one that's flagging them.

Alternatively, maybe run updates?

> Rebooting does not help :-}

If testing from a different machine works ... format and reinstall might
be the fastest fix for the affected machine.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE3asj+xn6fYUcweBnbWVw5UznKGAFAmGfbS8ACgkQbWVw5Uzn
KGBvQA//YuSJChhmj5fXzkOHD5W+horNsyS3psmFjQzp/opeeF+tqfkeDNXyUwkb
+YxDgq7KDvpaUbaMiYtmzs0fZ6fLaWPHA6pJFS3+DS8Wu/EoPmHyfe6bw0OOFiBI
AB8Zr8Y7e1GntyE/HQ53+outTxDwpTStU+MTyqTjfMDRYl3NyYhnb0rbt0aTQWP0
LzYC6HM5g2EFTrfiAImuoJisu5aofw90QjJEqlRn+MQNcFm8bvAdXpWQ6fp0iNRx
IbXhb+HoL/WNy9sxeWoBRMrNY9wu1lgBDI8IPIu8m+rz13WgIX/l2CMbgxiXW3bN
WbKa4UZ1z7NB2sYhhJ9D0V4pUukFae2A9RaDV6aDC5Vm7ZNQ7eLuEsbjgXABP/qc
0OZODTUN/KYSlMa6E5azdxR5um4jQ85hcsKjtOr7UqwMurrzRL9KxSgsZVlj5FzY
vCxCw1aoqD8WBxunOLnwKd8Fonch0/Ov8a6IA1ZKxx3VbDlY3ZgVMpqYtjzw+wgH
hMD2Int0fJtiC+TBl18P7s47q5RlXbA7mCrjEXuJGdIbZ6K9SxMjWnWycCcVwNHC
LrAKWiA2xOSNcJzpXYN8U2TMsYZCLdLeuNyR5T8QLTvHokQTYuTba2M2EYraQt73
oWQsu47ws/IIAQ/EXOBGMcenhE3wTPHT/36a6udOAQktHzbqKGg=
=nm2S
-----END PGP SIGNATURE-----

--
|_|O|_| Github: https://github.com/dpurgert
|_|_|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
|O|O|O| Former PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281

[Ulli Horlacher]

Dan Purgert <d...@djph.net> wrote:

> > When I compile my programs with pyinstaller, Windows classifies them as
> > virus and even deletes them!
> > [...]
>

> Have you tried compiling from a different machine? Maybe there's
> something broken on the one that's flagging them.

I have only this Windows installation.

But meanwhile I can compile my program and Windows does not complain any
more about Viruses, though I have not changed anything in my source code!


> Alternatively, maybe run updates?

I have done this before without any success (in respect to the wrong virus
report).

[Ulli Horlacher]

Ulli Horlacher <fram...@rus.uni-stuttgart.de> wrote:
> Dan Purgert <d...@djph.net> wrote:
>
> > > When I compile my programs with pyinstaller, Windows classifies them as
> > > virus and even deletes them!
> > > [...]
> >
> > Have you tried compiling from a different machine? Maybe there's
> > something broken on the one that's flagging them.
>
> I have only this Windows installation.
>
> But meanwhile I can compile my program and Windows does not complain any
> more about Viruses, though I have not changed anything in my source code!

And now the bad virus reports are back. With the SAME sourcecode!
It is totally erratic.

[Barry Scott]

> On 25 Nov 2021, at 09:20, Ulli Horlacher <fram...@rus.uni-stuttgart.de> wrote:
>
> When I compile my programs with pyinstaller, Windows classifies them as
> virus and even deletes them!

Microsoft will fix the malware detection if you provide the info they need.

Submit false positive info to: https://www.microsoft.com/security/portal/submission/submit.aspx <https://www.microsoft.com/security/portal/submission/submit.aspx>

I have done this for a false positive in the past and they do resolve the false positive.

Barry

>
> pyinstaller.exe --onefile --noconsole -i fex.ico fextasy.py
> 187 INFO: PyInstaller: 4.7
> 187 INFO: Python: 3.10.0
> 218 INFO: Platform: Windows-10-10.0.19041-SP0
> 218 INFO: wrote P:\W10\fextasy.spec
> (...)
> 14392 INFO: Copying 0 resources to EXE
> 14392 INFO: Emedding manifest in EXE
> 14392 INFO: Updating manifest in P:\W10\dist\fextasy.exe
> 14533 INFO: Updating resource type 24 name 1 language 0
> 14579 INFO: Appending PKG archive to EXE
> 18836 INFO: Building EXE from EXE-00.toc completed successfully.
>
> https://fex.flupp.org/fop/ylds7Y9d/X-20211125101112.png
>
> What can I do?
>
> Rebooting does not help :-}
>
> --
> Ullrich Horlacher Server und Virtualisierung
> Rechenzentrum TIK
> Universitaet Stuttgart E-Mail: horl...@tik.uni-stuttgart.de
> Allmandring 30a Tel: ++49-711-68565868
> 70569 Stuttgart (Germany) WWW: http://www.tik.uni-stuttgart.de/

> --
> https://mail.python.org/mailman/listinfo/python-list
>

[Michael Torrie]

On 11/25/21 2:20 AM, Ulli Horlacher wrote:
> When I compile my programs with pyinstaller, Windows classifies them as
> virus and even deletes them!
>
> pyinstaller.exe --onefile --noconsole -i fex.ico fextasy.py
> 187 INFO: PyInstaller: 4.7
> 187 INFO: Python: 3.10.0
> 218 INFO: Platform: Windows-10-10.0.19041-SP0
> 218 INFO: wrote P:\W10\fextasy.spec
> (...)
> 14392 INFO: Copying 0 resources to EXE
> 14392 INFO: Emedding manifest in EXE
> 14392 INFO: Updating manifest in P:\W10\dist\fextasy.exe
> 14533 INFO: Updating resource type 24 name 1 language 0
> 14579 INFO: Appending PKG archive to EXE
> 18836 INFO: Building EXE from EXE-00.toc completed successfully.
>
> https://fex.flupp.org/fop/ylds7Y9d/X-20211125101112.png
>
> What can I do?

False positive virus detection is pretty common with pyinstaller from
what I can see on the Googles. It's actually very common problem with
less-popular compilers and languages too. Not sure what it is that trips
them all up.

Submit your exe to virustotal.com and then the only real solution is to
submit it to each major antivirus vendor as a false positive and hope
things get changed.

[Ulli Horlacher]

Barry Scott <ba...@barrys-emacs.org> wrote:
>
>
> > On 25 Nov 2021, at 09:20, Ulli Horlacher <fram...@rus.uni-stuttgart.de> wrote:
> >
> > When I compile my programs with pyinstaller, Windows classifies them as
> > virus and even deletes them!
>
> Microsoft will fix the malware detection if you provide the info they need.
>
> Submit false positive info to: https://www.microsoft.com/security/portal/submission/submit.aspx <https://www.microsoft.com/security/portal/submission/submit.aspx>

I cannot submit my executables, because the Windows Virus scannners
deletes them as soon as I compile my program!

And I need a Microsoft login to submit a file!
I do not have such a login.

[Chris Angelico]

On Fri, Nov 26, 2021 at 3:49 AM Ulli Horlacher
<fram...@rus.uni-stuttgart.de> wrote:
>
> Ulli Horlacher <fram...@rus.uni-stuttgart.de> wrote:
> > Dan Purgert <d...@djph.net> wrote:
> >
> > > > When I compile my programs with pyinstaller, Windows classifies them as
> > > > virus and even deletes them!
> > > > [...]
> > >
> > > Have you tried compiling from a different machine? Maybe there's
> > > something broken on the one that's flagging them.
> >
> > I have only this Windows installation.
> >
> > But meanwhile I can compile my program and Windows does not complain any
> > more about Viruses, though I have not changed anything in my source code!
>
> And now the bad virus reports are back. With the SAME sourcecode!
> It is totally erratic.
>

Your Python source code is only a very small part of the code.
Unfortunately, if you're not going to go to the effort of getting your
executables signed and added to the full ecosystem, this sort of
hassle is going to be eternal. It's yet another way that turning
Python scripts into executables is a ridiculous amount of hassle. Yet
another reason to just distribute .py files.

ChrisA

[Ulli Horlacher]

Chris Angelico <ros...@gmail.com> wrote:

> Unfortunately, if you're not going to go to the effort of getting your
> executables signed

I cannot sign my executables (how can I do it anyway?), because Windows
deletes my executable as soon as I have compiled them! They exist only
for a few seconds and then they are gone.

> another reason to just distribute .py files.

I cannot do that because my users do not have Python installed and they
are not allowed to do it.

[Chris Angelico]

On Fri, Nov 26, 2021 at 4:18 AM Ulli Horlacher
<fram...@rus.uni-stuttgart.de> wrote:
>
> Chris Angelico <ros...@gmail.com> wrote:
>
> > Unfortunately, if you're not going to go to the effort of getting your
> > executables signed
>
> I cannot sign my executables (how can I do it anyway?), because Windows
> deletes my executable as soon as I have compiled them! They exist only
> for a few seconds and then they are gone.
>
>
> > another reason to just distribute .py files.
>
> I cannot do that because my users do not have Python installed and they
> are not allowed to do it.
>

Are they really allowed to install your unsigned executables but are
not allowed to install Python from a known and trusted source?

If there's some bizarre loophole that allows them to run completely
untrusted binary code, but not to run legitimate code that can be
fetched from a variety of trusted places (including python.org, the
Windows store, etc), then I'm afraid you're on your own, and will
probably need to play around with the exact loophole to figure out
what is going to be permitted.

Alternatively, just go find the person who decides what gets
installed, and request a Python interpreter to be added to the
permitted list. That's probably easier, and it's certainly going to be
better long-term.

ChrisA

[Barry]

> On 25 Nov 2021, at 16:51, Ulli Horlacher <fram...@rus.uni-stuttgart.de> wrote:

>
> Barry Scott <ba...@barrys-emacs.org> wrote:
>>
>>
>>>> On 25 Nov 2021, at 09:20, Ulli Horlacher <fram...@rus.uni-stuttgart.de> wrote:
>>>
>>> When I compile my programs with pyinstaller, Windows classifies them as
>>> virus and even deletes them!
>>
>> Microsoft will fix the malware detection if you provide the info they need.
>>
>> Submit false positive info to: https://www.microsoft.com/security/portal/submission/submit.aspx <https://www.microsoft.com/security/portal/submission/submit.aspx>
>
> I cannot submit my executables, because the Windows Virus scannners
> deletes them as soon as I compile my program!

You should be able to tell the software to quarantine instead of delete.
Or even disable while you build one instance.
I am assuming you have admin control.

> And I need a Microsoft login to submit a file!
> I do not have such a login.

It’s free to get an account. How badly do you want to fix this?

>
>
> --
> Ullrich Horlacher Server und Virtualisierung
> Rechenzentrum TIK
> Universitaet Stuttgart E-Mail: horl...@tik.uni-stuttgart.de
> Allmandring 30a Tel: ++49-711-68565868
> 70569 Stuttgart (Germany) WWW: http://www.tik.uni-stuttgart.de/

> --
> https://mail.python.org/mailman/listinfo/python-list
>

[Richard Damon]

On 11/25/21 12:21 PM, Chris Angelico wrote:

> On Fri, Nov 26, 2021 at 4:18 AM Ulli Horlacher
> <fram...@rus.uni-stuttgart.de> wrote:
>> Chris Angelico <ros...@gmail.com> wrote:
>>
>>> Unfortunately, if you're not going to go to the effort of getting your
>>> executables signed
>> I cannot sign my executables (how can I do it anyway?), because Windows
>> deletes my executable as soon as I have compiled them! They exist only
>> for a few seconds and then they are gone.
>>
>>
>>> another reason to just distribute .py files.
>> I cannot do that because my users do not have Python installed and they
>> are not allowed to do it.
>>

> Are they really allowed to install your unsigned executables but are
> not allowed to install Python from a known and trusted source?
>
> If there's some bizarre loophole that allows them to run completely
> untrusted binary code, but not to run legitimate code that can be
> fetched from a variety of trusted places (including python.org, the
> Windows store, etc), then I'm afraid you're on your own, and will
> probably need to play around with the exact loophole to figure out
> what is going to be permitted.
>
> Alternatively, just go find the person who decides what gets
> installed, and request a Python interpreter to be added to the
> permitted list. That's probably easier, and it's certainly going to be
> better long-term.
>
> ChrisA

My first guess is it isn't so much what is 'allowed' but what can be
easily done.

On a somewhat locked down computer, the user does not have admin rights,
so needs to get 'IT' to run any installers that need admin permissions
to run.

And EXE that just needs to be copied to the computer and rhen just RUN,
doesn't need IT to 'install' it (they just can't put it into Program
Files, but that isn't really that important for programs that don't need
an installer.

Likely, just copying an EXE file from an outside source may still be
against the rules (and needs approval), but some think if they can do it
and no one complains, it must be ok. On the other hand, they may have
given approval, knowing the source.

--
Richard Damon

[Ulli Horlacher]

Richard Damon <Ric...@damon-family.org> wrote:

> On a somewhat locked down computer, the user does not have admin rights,
> so needs to get 'IT' to run any installers that need admin permissions
> to run.
>
> And EXE that just needs to be copied to the computer and rhen just RUN,
> doesn't need IT to 'install' it (they just can't put it into Program
> Files, but that isn't really that important for programs that don't need
> an installer.

That's the situation for many of my users.

[Chris Angelico]

On Fri, Nov 26, 2021 at 4:50 AM Richard Damon <Ric...@damon-family.org> wrote:
>
> On 11/25/21 12:21 PM, Chris Angelico wrote:

> > On Fri, Nov 26, 2021 at 4:18 AM Ulli Horlacher
> > <fram...@rus.uni-stuttgart.de> wrote:
> >> Chris Angelico <ros...@gmail.com> wrote:
> >>
> >>> Unfortunately, if you're not going to go to the effort of getting your
> >>> executables signed
> >> I cannot sign my executables (how can I do it anyway?), because Windows
> >> deletes my executable as soon as I have compiled them! They exist only
> >> for a few seconds and then they are gone.
> >>
> >>
> >>> another reason to just distribute .py files.
> >> I cannot do that because my users do not have Python installed and they
> >> are not allowed to do it.
> >>

> > Are they really allowed to install your unsigned executables but are
> > not allowed to install Python from a known and trusted source?
> >
> > If there's some bizarre loophole that allows them to run completely
> > untrusted binary code, but not to run legitimate code that can be
> > fetched from a variety of trusted places (including python.org, the
> > Windows store, etc), then I'm afraid you're on your own, and will
> > probably need to play around with the exact loophole to figure out
> > what is going to be permitted.
> >
> > Alternatively, just go find the person who decides what gets
> > installed, and request a Python interpreter to be added to the
> > permitted list. That's probably easier, and it's certainly going to be
> > better long-term.
> >
> > ChrisA
>
> My first guess is it isn't so much what is 'allowed' but what can be
> easily done.
>

> On a somewhat locked down computer, the user does not have admin rights,
> so needs to get 'IT' to run any installers that need admin permissions
> to run.

Can someone confirm that it's still possible to run the Python
installer without admin rights, for a per-user installation? It always
used to be possible, but I haven't checked.

> Likely, just copying an EXE file from an outside source may still be
> against the rules (and needs approval), but some think if they can do it
> and no one complains, it must be ok. On the other hand, they may have
> given approval, knowing the source.

Maybe. I would still consider it unlikely that you can run an EXE from
an arbitrary source, but can't run a trusted installer from a known
source. You're right that admin perms would be harder, but that
shouldn't stop you from installing Python.

Also, obligatory XKCD: https://xkcd.com/1200/

ChrisA

[Michael Torrie]

On 11/25/21 9:08 AM, Ulli Horlacher wrote:
> I cannot submit my executables, because the Windows Virus scannners
> deletes them as soon as I compile my program!

Add an exclusion rule to your machine. While this is not an option for
your end users, this will certainly allow you to work on the problem,
submitting the exe to the various virus vendors.

> And I need a Microsoft login to submit a file!
> I do not have such a login.

I sympathize. But if you want to develop for Windows, you might just
have to get one.

[Michael Torrie]

On 11/25/21 9:08 AM, Ulli Horlacher wrote:

> I cannot submit my executables, because the Windows Virus scannners
> deletes them as soon as I compile my program!

I forgot to post this link:
https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26

[Mats Wichmann]

On 11/25/21 11:00, Chris Angelico wrote:

> Can someone confirm that it's still possible to run the Python
> installer without admin rights, for a per-user installation? It always
> used to be possible, but I haven't checked.

You only need admin rights for some special cases. While Win7 was still
supported, you needed to run the (included) installer for vcredist of a
different version than the one that comes with Win7, and that needed
admin rights (unfortunately, the Python installer didn't prompt for that
and so the vcredist install failed silently, leaving a broken install if
you didn't already have it from other means - but that's all in the past
now). It's possible you also need it for the Python Launcher, since
that goes into a "system location" (not sure about that one). And if
you asked for an install for "all users" that requires admin rights.

[Chris Angelico]

That's what I thought, yeah. So even on a system you don't own, where
you're not allowed to get admin privileges, it should still be
possible to install Python just fine.

Would be worth testing (if someone has a fresh Windows system around)
to see if it's possible to set up the "double click on .py file to run
it" association without admin privileges. That's the only part that
might be a limitation.

ChrisA

[Avi Gross]

I am not sure what your real problem is, Ulli, but many antivirus programs
can be TEMPORARILY shut off. Not highly recommended, of course, but if you
properly disable it on a newly rebooted system running little, and it still
happens, then something else may be going on.

If one recognizes your code a potentially having a virus, it may be for an
assortment of reasons such as a table it contains to look at position N in
the executable for an exact match with some bit-string. If so, one potential
fix is a slight change in the code that compiles a bit differently like
x=sin(30) or other filler.

But consider another possibility that your compiler software is compromised
and actually placing something into everything it compiles. Is this
happening to only one set of code?

You can think of other similar experiments based on your setup that may help
you debug and perhaps your problem is something else entirely.

--
https://mail.python.org/mailman/listinfo/python-list

[Ulli Horlacher]

Avi Gross <avig...@verizon.net> wrote:

> I am not sure what your real problem is, Ulli, but many antivirus programs
> can be TEMPORARILY shut off.

Meanwhile I found this configuration option.
But this does not help me much, because my programs must run on other
Windows PCs of other users and they cannot disable the default Windows
virus scanner.

I for myself does not use Windows at all, I just use it to compile my
programs.

> If one recognizes your code a potentially having a virus, it may be for an
> assortment of reasons such as a table it contains to look at position N in
> the executable for an exact match with some bit-string. If so, one potential
> fix is a slight change in the code that compiles a bit differently like
> x=sin(30) or other filler.

I do not know what and where the virus scanning is complaining about.
It simple says virus threat found and then it deletes my executables.
It is the default virus scanner of Windows 10, I have not installed any
additional software (besides Python and cygwin).

> But consider another possibility that your compiler software is compromised

Then https://www.python.org/ftp/python/3.10.0/python-3.10.0-amd64.exe
is infected. I doubt this.

> Is this happening to only one set of code?

This is happening SOMETIMES, not always. With the SAME source code. When I
call pyinstaller often enough, then the virus scanner is quiet. In about 1
of 20 compile runs.

[Edmondo Giovannozzi]

You can try to download winpython: https://github.com/winpython/winpython/releases
It is an executable, but you don't need to execute it as it is a 7zip compressed archive.
You may run it or use directly 7zip to decompress it, the result will be the same.

Then you have a full python installation that don't need to be installed.
You may try to put your program there and give the users that directory.

[Ulli Horlacher]

Edmondo Giovannozzi <edmondo.g...@gmail.com> wrote:

> You can try to download winpython: https://github.com/winpython/winpython/releases
> It is an executable, but you don't need to execute it as it is a 7zip compressed archive.
> You may run it or use directly 7zip to decompress it, the result will be the same.
>
> Then you have a full python installation that don't need to be installed.
> You may try to put your program there and give the users that directory.

I do not understand it quite...
(How) can I add PySimpleGUI (*) and my program to this (self-extracting?)
package?


https://sourceforge.net/projects/winpython/files/WinPython_3.10/3.10.0.1/
633 MB! I have a lot of users with internet speed < 200 kB/s

With pyinstaller my program executables are are around 10 MB.


(*) My programs depend on:
https://pysimplegui.readthedocs.io/en/latest/

[Peter Heitzer]

Ulli Horlacher <fram...@rus.uni-stuttgart.de> wrote:
>Edmondo Giovannozzi <edmondo.g...@gmail.com> wrote:

>> You can try to download winpython: https://github.com/winpython/winpython/releases
>> It is an executable, but you don't need to execute it as it is a 7zip compressed archive.
>> You may run it or use directly 7zip to decompress it, the result will be the same.
>>
>> Then you have a full python installation that don't need to be installed.
>> You may try to put your program there and give the users that directory.

>I do not understand it quite...
>(How) can I add PySimpleGUI (*) and my program to this (self-extracting?)
>package?


>https://sourceforge.net/projects/winpython/files/WinPython_3.10/3.10.0.1/
>633 MB! I have a lot of users with internet speed < 200 kB/s

>With pyinstaller my program executables are are around 10 MB.

I would suggest to build your own installer, for example using NSIS
https://nsis.sourceforge.io
It is not very complicated. If you include the normal Python installation
and the additional packages and your scripts the whole installer will not
be greater as about 30 MB.
If you want I can mail you a sample config file you can start with.

--
Dipl.-Inform(FH) Peter Heitzer, peter....@rz.uni-regensburg.de

[Chris Angelico]

On Sat, Nov 27, 2021 at 4:47 PM Ulli Horlacher
<fram...@rus.uni-stuttgart.de> wrote:
>
> Richard Damon <Ric...@damon-family.org> wrote:
>
> > On a somewhat locked down computer, the user does not have admin rights,
> > so needs to get 'IT' to run any installers that need admin permissions
> > to run.
> >
> > And EXE that just needs to be copied to the computer and rhen just RUN,
> > doesn't need IT to 'install' it (they just can't put it into Program
> > Files, but that isn't really that important for programs that don't need
> > an installer.
>
> That's the situation for many of my users.
>

Several of us pointed out that you do not need admin rights to install
Python. Did you consider that?

ChrisA

[Tony Flury]

Have you tried using Nuitka - rather than pyInstalller - it means you
distribute a single executable and the Python run time library (which
they probably have already), and it has the advantage that it is a bit
quicker than standard python.

Rather than bundle the source code and interpreter in single executable,
Nuitka actually compiles the Python source code to native machine code
(via a set of C files), and  this native executable uses the Python
runtime library to implement the python features.It does rely on you
having a Windows C compiler available.

[anthony.flury]

Have you tried using Nuitka - rather than pyInstalller - it means you
distribute a single executable and the Python run time library (which
they probably have already), and it has the advantage that it is a bit
quicker than standard python.

Rather than bundle the source code and interpreter in single executable,
Nuitka actually compiles the Python source code to native machine code
(via a set of C files), and  this native executable uses the Python
runtime library to implement the python features.It does rely on you
having a Windows C compiler available.

On 25/11/2021 17:10, Ulli Horlacher wrote:

> Chris Angelico <ros...@gmail.com> wrote:
>
>> Unfortunately, if you're not going to go to the effort of getting your
>> executables signed
> I cannot sign my executables (how can I do it anyway?), because Windows
> deletes my executable as soon as I have compiled them! They exist only
> for a few seconds and then they are gone.
>
>
>> another reason to just distribute .py files.
> I cannot do that because my users do not have Python installed and they
> are not allowed to do it.
>
--

Anthony Flury
*Moble*: +44 07743 282707
*Home*: +44 (0)1206 391294
*email*: anthon...@btinternet.com <mailto:anthon...@btinternet.com>

[anthony.flury]

On 26/11/2021 07:13, Ulli Horlacher wrote

>> But consider another possibility that your compiler software is compromised
> Then https://www.python.org/ftp/python/3.10.0/python-3.10.0-amd64.exe
> is infected. I doubt this.

But you aren't using python3.10 to 'compile' the code to the executable
that windows complains about: you are using pyinstaller, which if memory
serves is a 3rd party application.

I assume that you have no problem running the script without pyinstaller ?

so Might pyinstaller be compromised in some way ?

>
>> Is this happening to only one set of code?
> This is happening SOMETIMES, not always. With the SAME source code. When I
> call pyinstaller often enough, then the virus scanner is quiet. In about 1
> of 20 compile runs.
>
>
>
--

[Ulli Horlacher]

anthony.flury <anthon...@btinternet.com> wrote:
>
> On 26/11/2021 07:13, Ulli Horlacher wrote
> >> But consider another possibility that your compiler software is compromised
> > Then https://www.python.org/ftp/python/3.10.0/python-3.10.0-amd64.exe
> > is infected. I doubt this.
>
> But you aren't using python3.10 to 'compile' the code to the executable
> that windows complains about: you are using pyinstaller, which if memory
> serves is a 3rd party application.
>
> I assume that you have no problem running the script without pyinstaller ?
>
> so Might pyinstaller be compromised in some way ?

Then is the pip repository compromised. I doubt this, too.
I have installed pyinstaller with: pip intall pyinstaller

[Barry]

> On 29 Nov 2021, at 00:03, anthony.flury via Python-list <pytho...@python.org> wrote:
>
> 
> On 26/11/2021 07:13, Ulli Horlacher wrote
>>> But consider another possibility that your compiler software is compromised
>> Then https://www.python.org/ftp/python/3.10.0/python-3.10.0-amd64.exe
>> is infected. I doubt this.
>
> But you aren't using python3.10 to 'compile' the code to the executable that windows complains about: you are using pyinstaller, which if memory serves is a 3rd party application.
>
> I assume that you have no problem running the script without pyinstaller ?
>
> so Might pyinstaller be compromised in some way ?

Not likely.

On windows pyinstall, and other tools like it, create .exe files on windows.
I would guess it’s that .exe that is triggering the malware detector false positive.

Barry

>
>
>>
>>> Is this happening to only one set of code?
>> This is happening SOMETIMES, not always. With the SAME source code. When I
>> call pyinstaller often enough, then the virus scanner is quiet. In about 1
>> of 20 compile runs.
>>
>>
>>
> --
> Anthony Flury
> *Moble*: +44 07743 282707
> *Home*: +44 (0)1206 391294
> *email*: anthon...@btinternet.com <mailto:anthon...@btinternet.com>

> --
> https://mail.python.org/mailman/listinfo/python-list
>

[Benjamin Schollnick]

Windows Defender has a setting to also use “Reputation Scoring”.

What that simply means is that WDef will report back a hash to microsoft which is then checked to see if it is known. If it is known, then it has a reputation and based off that reputation Defender will either allow it to run or not.

But if there is no reputation (eg no one has ever run it), that’s suspicious. And that’s what you are running into.

You can submit the EXE to the defender team, which should allow it to operate properly without any issue.

- Benjamin

> --
> https://mail.python.org/mailman/listinfo/python-list

[Mats Wichmann]

On 11/29/21 12:04, Benjamin Schollnick wrote:
> Windows Defender has a setting to also use “Reputation Scoring”.
>
> What that simply means is that WDef will report back a hash to microsoft which is then checked to see if it is known. If it is known, then it has a reputation and based off that reputation Defender will either allow it to run or not.
>
> But if there is no reputation (eg no one has ever run it), that’s suspicious. And that’s what you are running into.
>
> You can submit the EXE to the defender team, which should allow it to operate properly without any issue.
>
> - Benjamin

sure... "that's suspicious". Unless you're a developer compiling your
own code. In which case every fresh build will be something "unknown".
You have to set every setting you can find to "developer mode" to help
with this kind of thing, and sometimes it's still not enough.

[Benjamin Schollnick]

Understandable, and Steve Gibson (GRC.com <http://grc.com/>, creator of Spinrite) has mentioned that he has had this problem with every Beta of his applications.

I agree completely with you, but that’s how Microsoft has set things up.

- Benjamin