Skip to content

Latest commit

 

History

History
57 lines (37 loc) · 3.72 KB

File metadata and controls

57 lines (37 loc) · 3.72 KB

How to stop anti virus software flagging your Python application as malware

Compiling your application into an executable makes it easy to distribute to users. Popular tools to do this are pyinstaller or py2exe.

However one downside is that compiled Python code is frequently picked up by anti virus software as malicious, with scary sounding names like Wacatac.B!ml.

These are generally false positives, but they can be deeply unsettling for users.

In particular with Windows Defender, this can also make it effectively impossible for users to use your software since it may be placed into "quarantine" which means it cannot be used without disabling Windows Defender.

This guide explains steps which can resolve this and allow you to distribute your compiled python files without them being incorrectly identified as malware, a virus or a trojan.

Step 1: Check which anti-virus engines are flagging your software

Uploading your file to virustotal will let you know which engines are identifying your software as malware.

Step 2: Report these as "false positives" to the anti-virus providers

Anti-virus providers are surprisingly pro-active in responding to reports of false positives. The analysis and action can occur within hours.

I generally submit the file, politely explain the issue and include a link to my source code.

Unfortunately there's a good chance that every time you recompile your code for changes you will get re-added to the "naughty list" because the new executable has a different hash. Unfortunately there's not much to do other than keep re-submitting. If you have digitally signed your executable then you should built reputation over time.

Very important: Make sure you as submitting as a false positive. Often there are similar forms which you can use to submit software which you think is malware.

List of links to report false positives

Provider Link Method
Windows Defender https://www.microsoft.com/en-us/wdsi/filesubmission Online form
Avast https://www.avast.com/false-positive-file-form.php Online form
MalwareBytes https://forums.malwarebytes.com/forum/42-file-detections/ Create forum account and post
Comodo https://www.comodo.com/home/internet-security/submit.php Online form
Symantec https://symsubmit.symantec.com/ Online form
Norton https://submit.norton.com/?type=FP Online form
Sophos https://support.sophos.com/support/s/filesubmission?language=en_US Online form
Avira https://www.avira.com/en/analysis/submit?utm_source=CS&utm_medium=KB Online form
Bitdefender https://www.bitdefender.com/consumer/support/answer/40673/ Online form
F-Secure https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample Online form
AVG https://www.avg.com/en-us/false-positive-file-form Online form
Sangfor https://sec.sangfor.com.cn/user_feedback?lang=EN-US Online form
Ikarus false-positive@ikarus.at email
McAfee virus_research@avertlabs.com email with subject line starting FALSE
Dr Web https://vms.drweb.com/sendvirus/?lng=en Online form
ClamAV https://www.clamav.net/reports/fp Online form
SecureAge https://www.secureage.com/article-report-false-positive Online form

Another good idea: Get a digital certificate

This isn't an immediate fix, but getting a digital certificate to "sign" your executables will allow you to build reputation with anti virus software.

You can get a certificate for €60 a year with Comodo. They require you to provide various kinds of identification and the process can take around 48 hours.

Once you have the certificate you can sign the EXE using Microsoft's SignTool which is included with Windows SDK.