I made a Python script that mails a Windows directory as zip to me. I added a scheduler using sched module that repeats this every hour.

I was attempting to make a simple sync application for personal use that starts at Windows Startup.

I converted it to exe using pyinstaller --onefile argument and it worked flawlessly. But after a couple of days, Windows defender (Windows Security Centre of Windows 10) detected it as a Trojan.

This issue is not limited to Windows Security Centre, A quick scan on Virus Total says 4 antivirus detects it as Trojan.

What brings the Antiviruses to think this? I don't think sharing the code is any use as proper details have already been given, but still, a comment would make me do it.

Most antiviruses will mark this as a Win32.Trojan.whatever because it will detect that the EXE executable is simply extracting binary code. This works just like a ZIP, where Gmail blocks ZIPs.

To summarize, this is like a self extracting EXE, so kind of like an installer. For example, when you execute an installer, you sometimes get the User Account Control window, which is detected when the system is trying to grant advanced permissions for the EXE.

It must be a something else that made Windows Defender suddenly think it's bad. Maybe it's an update, try updating it.