Py2Exe application flagged as malware by Windows Defender; what to do?
Asked Answered
D

3

7

I have an application I wrote for my company in Python 2.x, PyQT4, and MySQLdb and packaged with py2exe.

Recently, I made some updates to the application, Porting it to Python 3.4 and PySide. I also removed the MySQLdb dependencies and added Requests. I packaged this with the newly-minted py2exe for Python 3.

Suddenly I'm getting flagged by Windows defender that my executable is malware. Here's the log entry:

Windows Defender has detected spyware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Zwangi&threatid=144384
Name:BrowserModifier:Win32/Zwangi
ID:144384
Severity:High
Category:Browser Modifier
Path Found:file:C:\Users\alan.moore\Desktop\ticketuserclient3-beta1\ticketuserclient3\Contact tech support.exe
Detection Type:Concrete
Detection Source:Downloads and attachments
Status:Unknown
User:WILLIAMSON-TN\alan.moore
Process Name:C:\Windows\Explorer.EXE

So my questions are:

  • Why am I being flagged as malware? How can I determine the exact reasons?
  • Other than "allowing" this on all 600+ workstations that it needs to be deployed to, what can I do about it?
  • What does "Detection Type: concrete" mean?

Thanks for any help.

UPDATE: Apparently anything I compile with py2exe under python3.4 gets identified like this.

I tried with this script:

import sys
import platform

print (sys.platform)
print ("".join(platform.uname))

And this setup.py

from distutils.core import setup
import os
import py2exe

setup(
    windows=[{"script":"test.py", "dest_base":"Contact tech support"},],
    options= {
        "py2exe" : {
            "compressed":1,
            "optimize":2,
            "bundle_files":3
            }
        },
        zipfile = None
)

It's flagged as malware. (Win32/Zwangi).

Dunkle answered 22/5, 2014 at 19:6 Comment(1)
Related: Program made with PyInstaller now seen as a Trojan Horse by AVGAccipiter
D
2

I used Microsoft's "Submit a sample" page to report https://pypi.python.org/packages/3.4/p/py2exe/py2exe-0.9.2.0-py33.py34-none-any.whl as a false positive on June 20, 2014. As of June 23, 2014 it was no longer detected as BrowserModifier:Win32/Zwangi or anything else.

Declassify answered 27/6, 2014 at 19:10 Comment(0)
R
1

Even the py2exe executable itself is being flagged as malware. It was discussed in http://www.reddit.com/r/Python/comments/26g157/py2exe_now_available_for_python_33/ - the latest VirusTotal scan shows 9/51 scanners finding malware in it.

Roxanneroxburgh answered 14/6, 2014 at 2:46 Comment(0)
A
0

I had this issue with pyinstaller too just build pyinstaller bootloader on your system and install rebuilt one, here is the link from the official website for instructions :

https://pyinstaller.readthedocs.io/en/stable/bootloader-building.html

and btw use MSVC as your build tool i had no luck with GCC.

Auliffe answered 31/5, 2021 at 16:32 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.