Q726kbXuN
commented
2 years ago In as much as I can, I've verified that my build machine isn't the issue. I used a non-windows machine to spin up an Windows cloud instance, and only installed the tools necessary, Python and Git both from trusted sources and vetting the downloads, after letting Windows install all updates it found to build the distribution. The resulting package hit the same alerts on VirusTotal as the one I previously built that you downloaded.
Of course, anyone reading this: Don't take my word for it, please feel free to recreate these steps or build on your machine to verify this.
That said, the standard response to these sort of false positives in Python packages, notably in PyInstaller, is to bring the latest version of packages and build the bootloader manually. I've done both in the 0.72 pre-release
@hankscorpio83 Would you mind grabbing this version and see if it still triggers Windows Defender for you? If this fixes it, I'll figure out how I want to check in my changes. Otherwise, I'll probably just add a warning to the README as you suggest and move on.
hankscorpio83
I assume it's a false positive, but just a heads up that the default Windows Defender settings detect a virus and deletes the .exe:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aScript%2fWacatac.B!ml&threatid=2147735503
However, VirusTotal shows only 3 vendors flagging it.
Probably not a lot you can do about it (I'm guessing it doesn't like scraping browser cookies?), but maybe add a note on the Readme so people aren't caught off guard?