Hi!
I am new to this forum, so if this is the wrong category section for this topic, please move my post to the correct category
I am a security administrator for an organization with around 130+ Python installations.
We are using Microsoft Defenders anti-virus and the Defender portal to monitor user application installations.
I have had a headache with Python for a while because there is so many different versions and everyone is using Python for different things.
We’ve recently switched to package Python via the new Packaging manager but now I notice that MS Defender reports the Python manager as version 3.0.0.0 and as evidence it lists this Regedit key:
This wouldn’t be an issue, if it also wasn’t the fact that Python 3.0.0.0 has 38 vulnerabilities attached to it, henc why this is my issue to deal with.
I have a feeling this isn’t correct but it’s probably something the Pyhton Devs should have a look at.
Probably belongs in the regular Help category, or Core Development, but at least I saw it in this one and it probably needed to reach me.
This is … weird. I don’t think there’s anything that we do that would cause it to show up like that, so they must be inferring something.
That registry key is certainly not the right source of information for the install manager, though it should be suitable for detecting that you’ve installed 3.14 (though not ideal, but I guess when you’re trying to be as generic as Defender then you find what you can). I can only assume that 3.0.0.0 is the best effort parsing of 3.14-64 we put in the version number.
I believe that portal has ways to report misdetection? Have you submitted anything through there? I’m only aware of it, I don’t know how it looks or what information you can put in, but it should be the right starting point. As a paying customer, you’re in a better position to start the process than we are here - you can suggest they reach out to our security team (security (at) python.org) if they need clarifications on anything we’re doing.
On a semi-related note, I’d be very interested in hearing about your experiences here. On this thread is fine if we don’t have to keep digging into the original issue, or you can DM or email me (steve (dot) dower at Python) if you want to include any non-public details/requests.
We had the exact same issue on one machine (3.14 detected at 3.0.0.0, same regkey as evidence). I’ve submitted feedback to MS reporting the inaccuracy and I’ll post back here if they give me an update.
