My cry from the heart, because I’m tired with this question. All next mails about that will be responded with link to this post.
Some of my PC applications (like OpenFreebuds, ZeppPlayer, ZMake) are written in Python, and for providing ready-to-run builds I’ve using a very popular tool named Pyinstaller.
And really, some antivirus software, like AVG and Microsoft Defender, detects built made with that software as viruses. This problem isn’t new, first discussions about that I’ve found from 2017:
- Program made with PyInstaller now seen as a Trojan Horse by AVG
- How to prevent exe created by pyinstaller from being deleted by Antivirus?
So, any Python program packaged with PyInstaller will be detected as virus by them. AV’s totally don’t like Python apps, some trigger to Requests library files, some to Pyinstaller, and etc. Because some school-level “hackers” use this tools to made bullshit viruses, like winlockers. Of course, I don’t.
Source code of big part of my projects can be found in my GitHub profile, so you can check that this applications exists, and, if want, build my apps from their sources.
So yes, that’s a false detection. You could try it by youself: make any Python app that uses Tk, pack them with PyInstaller and upload to VirusTotal. They will find a Trojan in your self-made app.
Can you do something to prevent that detection?
I tried to rebuild PyInstaller’s bootloader, many people said that it will help. But it dont. it just changes a set of AV’s that trigger to executable.
Only way to fix that — write to AV developers about false detection. And I don’t want to spend time for that.
What should you do?
Fight antivirus: add to exceptions, pull out of quarantine, etc.
I’ve migrated to Linux a few years ago, so can’t give you any guides. Use Google.
This post in written, at first, for people, who interest in reasons of that behavior. If provided here information doesn’t matter for you — your right. Close this tab and forgot about me and my projects. I anyway didn’t make money on them. Don’t spend your and mine time. Any mails, messages, comments about AV triggers will be ignored and deleted.