Pyinstaller - false positive?

I wanted to use pyinstaller to convert python file into exe file, but I see this :
Avast tell me my exe file is a Trojan :confused:
I think it’s a fake positive, but I’m not sure about that.
Thank you.

You can submit your file to avast as a false positive so that the detection can be fixed here: False Positive File Form
All antivirus software seems to have such a facility.

1 Like

Do you know if that the file is really a Trojan or a fake positive ?

I have seen pyinstall apps be flagged in the past, but i am assuming that you know the code you are using is clean.

The term is “false positive” usually not “fake positive”.

:sweat_smile:Yes you are right. Thank you !

I changed the title.

What do all the other scanners at say?

Yes :
Shorturl.exe virustotal result

I think it’s a false positive but at this stage…

As long as your antivirus thinks that Pyinstaller itself is clean, there should be no problem with anything it creates.

Some anti-virus programs use heuristics to look for suspicious programs, because there are too many ways that a virus could be slightly changed to avoid detection. I can easily imagine ways that programs created by a system like Pyinstaller could look suspicious - for example, if they work by trying to extract a Python interpreter from inside the executable file itself.

Pyinstaller .exe files are a boot strap, the static python interpreter and a zip files of .pyc files all in one. There is no need to extract the interpreter.

Hmm, that seems like a relatively large number of scanners that detect something. If they’re all false positives, maybe it would be good to ask the PyInstaller makers to do something about it. Do you get that many detections with a minimal Python program (e.g., just print('hello world')) as well?

My understanding is that antivirus companies primarily maintain
databases of “signatures” that are essentially subsets of the
contents of known malware samples. Tools like PyInstaller are very
good at what they’re designed for: making a stand-alone executable
application out of a Python-based project. Malware is also just
software, and the people who write it software developers, so it’s
not at all surprising that some prefer to write their malware in
Python and turn it into stand-alone executables with PyInstaller.

The result is that (especially non-cryptographically-signed)
applications built with PyInstaller run a significant chance of
getting detected as malware even when they aren’t, if common
PyInstaller-created bit patterns in the files are identical to
subsets of actual malware executables created with PyInstaller. I’ve
seen a lot of small open source projects struggle with exactly this,
particularly getting detected as malware by Windows Defender, and if
they reach out to Microsoft support they’re usually told the
“solution” is to set up an application signing infrastructure and
pay to register their signing key.

Apparently you can also send in your application as a non-malware
sample and ask them to retrain their database to ignore it, but even
if they get around to it you’re still looking at possibly hitting
the same problem again the next time you publish a new release and
the contents of your executable change slightly. And it’s not just
PyInstaller-created executables that run into this, pretty much any
free or easily pirated tool for creating stand-alone executables
out of interpreted languages faces the same challenges.

1 Like

I will try.

Same problem with a simple :

print("Hello Word !")


When my pyinstaller app hit this issue all I did was submit the exe to microsoft on their web site and in due course the problem was fixed. Never needed to involve support.

When my pyinstaller app hit this issue all I did
was submit the exe to microsoft on their web
site and in due course the problem was fixed.
Never needed to involve support.

Makes sense. Where support has come up, from what
I’ve seen, is in trying to find out how to prevent
the problem from recurring for subsequent releases
of a project.