Pyinstaller .exe throws Windows Defender [no publisher]

Asked 5/6, 2017 at 21:4 Answered 18/10, 2021 at 16:0

python pyinstaller publisher windows-defender

I developed a Python code and I converted it to an .exe with pyinstaller but the problem is that there is no publisher so each time a computer runs my program, Windows Defender throws an alert that says that there is no publisher so the program is not sure...

Does anyone know how to change the publisher of an .exe from none to something or how to implement Publisher in pyinstaller?

Stylography answered 5/6, 2017 at 21:4 Comment(1)

Please see this question: #43777606 - I rebuilt the bootloader for pyinstaller and it fixed the Defender detection for me. – Portaltoportal 9/3, 2020 at 20:1

The short answer is that this has nothing to do with PyInstaller. It's a general issue with any exe in recent versions of Windows. You need to "code sign" your exe's now. It's really a money making scheme masked as a security enhancement.

As an example, you can purchase a cert from DigiCert. They're one of the big authorizing agents which MS will recognize automatically. https://www.digicert.com/code-signing

Or Google "code signing" for other options.

You can also self-sign for free. Check out this SO post: Signing a Windows EXE file

The problem with self-signing is that the user has to install your custom key first to recognize your signed exes. But... there are some tricks to silently install that first, if you want to go through the hassle to save a few bucks.

Gurney answered 26/7, 2017 at 2:57 Comment(4)

Do not install a root cert on your user's machines so that you can use a self-signed cert. It compromises their security. If your root cert's private key ever gets compromised then your users are vulnerable. If you aren't willing/able to buy a code signing cert, you probably also aren't willing/able to secure a root cert properly. – Paleogeography 20/8, 2020 at 3:28

Interesting. Please elaborate on how to "properly" secure your private key. Are you suggesting that a hacker is going to break into your local machine (or where ever you kept the key), and then generate their own signed exe with it, to leverage the fact that some target user installed your self-signed root cert? Or is there some reverse engineering trick? Whatever might be done seems like a huge amount of trouble for someone malicious to go through to achieve an end that could likely be solved in many other far easier manners. – Gurney 20/8, 2020 at 12:51

Key should be encrypted, access controlled, backed up securely, etc. I am imagining a private key leak via compromised network or dev machine... companies are hacked all the time. Secondly, attackers already regularly inject legitimate applications with malicious payloads and distribute them via BitTorrent and "cracked app" directories. If they can sign the bad app it can masquerade as legitimate. Apps used by thousands or millions of people are valuable targets. – Paleogeography 20/8, 2020 at 13:55

Thanks. These are valid points. Absolutely, what you've enumerated should be done as a best practice with self-signing. I think context is key though. Note the original question is about distributing exe's produced by PyInstaller. There are significant security holes in that, which trump this signage detail. That's a large subject unto itself. And definitely, if you're distributing large volumes of a program, you probably can afford to just buy a cert, per your initial suggestion. – Gurney 20/8, 2020 at 14:30

This is a known False Positive with Windows Defender. This happens to my files as well when tested on a Windows 10 VM, and it happens to others as well. Also, Windows Defender 'Smartscreen' may block any unsigned file even when using another Antivirus, but you should be able to click more information and then continue

You can exclude the file from Windows Defender, but the best solution is to use another antivirus, as Windows Defender is not very good anyway. (that is not just based on my experience but off AV tests) I am not sure what other antivirues have the same False Positive, but I know there are a few.

You also could test on a VM, where you could disable Windows Defender and Smartscreen, while leaving it enabled on your host system. (VirtualBox is a great free VM software for Windows)

Roeser answered 18/10, 2021 at 16:0 Comment(0)

Recommended topics

Hot tags