[Bug]Antivirus detects the executable as a virus and deletes the executable.

[AbbyInk]

My Antivirus (Program ESET Internet Security) has detected the Windows Non Portable Version Alpha v9.3.0 Release of TagStudio as a virus and taken the executable into quarantine. even after taking it out of quarantine, it puts it back in making me unable to use that version. Alpha v9.2.1 still works and isn't detected as a virus nor gets put into quarantine. Edit: I've found the Portable version of Alpha v9.3.0 works as intended.

[xarvex]

Antivirus flagging is out of our control unfortunately. Due to the fact we do not have signing and/or notarization this can make our application appear suspicious to antivirus. Even when signing is implemented, it would be a self-certificate which would still be flagged. Additionally, given that the binaries bundle Python, and there exists malware that also bundles Python, that means we have similarity with said malware.

Those are my suspicions as to why the program might get flagged, but of course with so many different antivirus programs with unclear methods of detection, they may or may not be true. What does remain true is that we do not have power to change such flagging.

[AbbyInk]

Understood. This was mostly to inform you that this was happening but thank you for checking.

[xarvex]

Yeah, there was already one mention about another antivirus flagging the program that was spoken about in the Discord. Supposedly that user reported it as a false flag and now it's no longer flagged in that specific antivirus. I don't know how reliable this is, it could be that the cycle starts all over again when the program changes enough.

[mak448a]

@xarvex I just saw the TagStudio update video that came out recently. You can remove false positives on Windows defender by submitting a report to Microsoft at this URL: https://www.microsoft.com/en-us/wdsi/filesubmission/

[CyanVoxel]

@xarvex I just saw the TagStudio update video that came out recently. You can remove false positives on Windows defender by submitting a report to Microsoft at this URL: https://www.microsoft.com/en-us/wdsi/filesubmission/

I've been using this system so far, however I'm not sure if it's had any effect. The submissions seem to expire after 30 days before the "Final Determination" status ever changes away from "Pending".

[mak448a]

Hm. My program's false positives went away in a few days. Did you give Microsoft a link to your project? @CyanVoxel

[CyanVoxel]

Hm. My program's false positives went away in a few days. Did you give Microsoft a link to your project? @CyanVoxel

I don't remember if I included a link to the repo along with the file submission, but maybe the submission at least helped. I'm sure it'll start back up once the next release comes out though...

[androidWG]

Hello everyone, sorry to post on a closed issue but I think I might have a solution for this.

I just watched CyanVoxel's new video and this issue jumped out to me immediately, since I had the same problem with my app Discord.fm.

I've tried sending a the report to Microsoft but as mentioned it expires pretty quick and seems like new builds get flagged very easily as a virus.

But one solution I found in a (IIRC) StackOverflow question was to build your own PyInstaller bootloader as detailed here instead of using the one installed from pip. I don't have extensive testing on how effective this is but seems like it has worked on all my test machines and the fews users I have did not raise problems about it.

I've had issues with GitHub Actions builds, they simply don't run properly on Windows and I'm not sure if it's related to building the PyInstaller bootloader on the fly or something else with my script.