Author Topic: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.  (Read 12354 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
I am a developer and learning python for win32 GUI apps development, but i am having a problem whenever i create app with python and make an exe with pyinstaller it says in avast that its virus and after deepscreen blocks it. I mean WTH. For example following is the code.
Code: [Select]
import tkMessageBox
tkMessageBox.showinfo(title="Greetings", message="Hello World!")

compiled in an exe with pyinstaller 1.5.1, and when i execute it avast start deepscreen and after few seconds says its a threat.
Kindly resolve it if you marked all python apps as threat.

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1427
Re: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.
« Reply #1 on: April 15, 2015, 12:41:00 PM »
Use this form to report false positive https://www.avast.com/contact-form.php?subject=VIRUS-FILE. You can do also do it directly from within Avast to report false positive https://www.avast.com/en-nz/faq.php?article=AVKB21 click on this section "Submitting files from the Virus Chest to Avast Virus Lab"
« Last Edit: April 15, 2015, 12:48:04 PM by Staticguy »
DELL Inspiron 15" 7000 Gaming, Windows 10 Home Version 21H1 (OS Build 19043.1237), Trend Micro Maximum Security 2021 (17.0.1333), Avast SecureLine VPN (5.12.5655), Windows Firewall, Unchecky 1.2

REDACTED

  • Guest
Re: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.
« Reply #2 on: April 16, 2015, 07:10:13 AM »
Its same almost with all exe compiled with pyinstaller using makespec.py . Avast is doing easy thing to understand all of those exe as threat. instead of doing proper reverse and analyze them.

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1427
Re: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.
« Reply #3 on: April 16, 2015, 09:03:12 AM »
Just do what I mentioned and it will be handled in the next VPS update or streaming update
DELL Inspiron 15" 7000 Gaming, Windows 10 Home Version 21H1 (OS Build 19043.1237), Trend Micro Maximum Security 2021 (17.0.1333), Avast SecureLine VPN (5.12.5655), Windows Firewall, Unchecky 1.2

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2295
Re: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.
« Reply #4 on: April 16, 2015, 09:16:04 AM »
Its same almost with all exe compiled with pyinstaller using makespec.py . Avast is doing easy thing to understand all of those exe as threat. instead of doing proper reverse and analyze them.
Hello,
this is exactly, what DeepScreen should do -- analyze new/unknown samples. What is the result of DeepScreen analysis?

Milos

REDACTED

  • Guest
Re: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.
« Reply #5 on: April 16, 2015, 10:38:59 AM »
in deepscreen it say its a threat. lol. just two lines of this code. and its a threat. ;D

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2295
Re: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.
« Reply #6 on: April 16, 2015, 10:56:59 AM »
Hello,
send the detected samples through http://support.avast.com/ -> Avast Virus Lab as False positive. We would like to see what causes this.

Thanks,
Milos

REDACTED

  • Guest
Re: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.
« Reply #7 on: November 13, 2015, 02:44:21 AM »
Deep Screen is still doing something when handle the created exe file from pyinstaller.

I created a script containing just the number 0, then I packed it to a single file named hello.exe (first I was thinking of print("hello") but then I got angry and just typed 0, very harmless  :) )

Now when i run this exe file it get picked up by  Deep Screen and nothing more happen, no message no error, nothing.
And the process is impossible to kill, only a computer reboot helps.

If I turn of the Deep Screen I can run the hello.exe just normal.

Did you receive any samples to look at?

Edit:
Found this in C:\ProgramData\AVAST Software\Avast\log\autosandbox.log (Many of them but I post only one)

2015-11-13 02:30:44   Autosandbox candidate: F:\tempCleaner\sandbox\dist\hello.exe
   [Source: local://*PID 6448      ]
   [Opened by: F:\tempCleaner\sandbox\dist\hello.exe]
   [Reason: 0x00020000]
    --> Result: Sandboxing (NG component is not installed)
    --> Instrumentation: Instrumentation inside sandbox requested
« Last Edit: November 13, 2015, 02:57:00 AM by asperitz »

REDACTED

  • Guest
Re: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.
« Reply #8 on: February 03, 2016, 10:15:27 AM »
Hello,

I'm having the same problem with an installer which was developed for me by a well known IT firm.
When I run the EXE, the mouse cursor becomes an hourglass for a few seconds, then nothing.
I can see that 3 services have been created, but they are impossible to kill. Only way is to reboot.
When I disable Deepscreen or shut down the internet connection (!!!), the EXE works fine !
Is there a way to have someone have a look at it ? I can't send a report via the app because it is not quarantined or anything. The only traces I managed to find are these :

avast_fichiers.txt
------------------
03/02/2016 08:25:22      C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp
  • est OK

03/02/2016 08:25:23      C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp
  • est OK

03/02/2016 08:25:23      C:\Users\ALEXAN~1\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp
  • est OK


autosandbox.log
------------------
03/02/2016 08:25:22      Autosandbox candidate: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe
               [Source: https://stg-rcs-rlmanager.aw.atos.net/archives/win/RLink2Toolbox-latest.exe]
               [Opened by: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe]
               [Reason: 0x00020000]
               --> Result: Not sandboxing (because the file is trusted).

03/02/2016 08:25:22      Autosandbox candidate: C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp
               [Source: https://stg-rcs-rlmanager.aw.atos.net/archives/win/RLink2Toolbox-latest.exe]
               [Opened by: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe]
               [Reason: 0x00020000]
               --> Result: Sandboxing (NG component is not installed)
               --> Instrumentation: Instrumentation inside sandbox requested

My configuration :
- Windows 10 Family x64
- Avast Free Antivirus 2015

I'd appreciate any help you can provide. This EXE is meant to be published to a large public, and I would really want Avast not to block it.
The EXE is available on the web, I'd just rather not post it in a forum. I can send the URL in private.

Thank you for your help & support.

Regards
Alex

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48822
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it.
« Reply #9 on: February 03, 2016, 04:47:53 PM »
@ alexandre.rigal,
follow the instructions given here:
https://forum.avast.com/index.php?topic=169548.msg1204875#msg1204875
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v24H2 64bit, 32 Gig Ram, 1TB SSD, Avast Free 24.4.6112, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet