1.20.3 Windows executable trips multiple AV warnings #485
Comments
|
Likewise, constant warnings, varying over time. |
|
I think it has something to do with the one file bundling of PyInstaller as this drops all the files into an %localAppData%/_MEIxxxxxx folder which looks suspicious to antivirus programs. Maybe changing this to a one folder distribution (having all the support files in e.g., /dist would help with that. |
|
In PR #494 I modified the workflow to use onefolder for windows releases. |
|
I scanned the two zip layers and the EXE and the EXE got the most hits. But we got down from about 40 hits to now 12 (could be more in the future as AVs sometimes start to detect files only a bit in the future). I don't think there is much that can be done against the AI detections and the other results also sound more or less reasonable e.g., Trojan/Python.Kryptik, Python:Scanner-I [Trj], Trojan-Spy.Python.TelegramBot |
The executable release of 1.20.3 trips Chrome's AV and Windows Defender, which reports "Trojan:Win32/Meterpreter!ml"
VirusTotal also indicates positive for the zip and for the exe, as does jotti.org.
Similar scanning of 1.20.2 zip does not show any positives, but1.20.2 exe also triggers alerts at VirusTotal.Edit: Jotti shows concerns with both the 1.20.2 zip and the exe.
The text was updated successfully, but these errors were encountered: