3

I made a Python script that mails a Windows directory as zip to me. I added a scheduler using sched module that repeats this every hour.

I was attempting to make a simple sync application for personal use that starts at Windows Startup.

I converted it to exe using pyinstaller --onefile argument and it worked flawlessly. But after a couple of days, Windows defender (Windows Security Centre of Windows 10) detected it as a Trojan.

This issue is not limited to Windows Security Centre, A quick scan on Virus Total says 4 antivirus detects it as Trojan.

What brings the Antiviruses to think this? I don't think sharing the code is any use as proper details have already been given, but still, a comment would make me do it.

Abhinay Pandey
  • 46
  • 3
  • 15
  • 5
    Because the `--onefile` is a self extracting binary, it shares some characteristics of viruses. This will/can trigger anti-virus software as a false positive. It happens. – Torxed Feb 17 '19 at 06:52
  • I posted an answer that summarized information in a similar question. [Windows defender alert users from my pyinstaller exe](https://stackoverflow.com/q/54733909/9014308) – kunif Feb 18 '19 at 03:59
  • The `--onefile` parameter makes the EXE a self extracting archive, that does some similar behavior as malware. Usually, if this happens, if you re-download the file, it is fixed, for me. – Andrew Feb 02 '22 at 12:59

2 Answers2

1

Most antiviruses will mark this as a Win32.Trojan.whatever because it will detect that the EXE executable is simply extracting binary code. This works just like a ZIP, where Gmail blocks ZIPs.

To summarize, this is like a self extracting EXE, so kind of like an installer. For example, when you execute an installer, you sometimes get the User Account Control window, which is detected when the system is trying to grant advanced permissions for the EXE.

Andrew
  • 375
  • 3
  • 10
-1

It must be a something else that made Windows Defender suddenly think it's bad. Maybe it's an update, try updating it.

TheRealSuicune
  • 369
  • 3
  • 10