I am a developer and learning python for win32 GUI apps development, but i am having a problem whenever i create app with python and make an exe with pyinstaller it says in avast that its virus and after deepscreen blocks it. I mean WTH. For example following is the code.
compiled in an exe with pyinstaller 1.5.1, and when i execute it avast start deepscreen and after few seconds says its a threat.
Kindly resolve it if you marked all python apps as threat.
Its same almost with all exe compiled with pyinstaller using makespec.py . Avast is doing easy thing to understand all of those exe as threat. instead of doing proper reverse and analyze them.
Deep Screen is still doing something when handle the created exe file from pyinstaller.
I created a script containing just the number 0, then I packed it to a single file named hello.exe (first I was thinking of print(“hello”) but then I got angry and just typed 0, very harmless )
Now when i run this exe file it get picked up by Deep Screen and nothing more happen, no message no error, nothing.
And the process is impossible to kill, only a computer reboot helps.
If I turn of the Deep Screen I can run the hello.exe just normal.
Did you receive any samples to look at?
Edit:
Found this in C:\ProgramData\AVAST Software\Avast\log\autosandbox.log (Many of them but I post only one)
I’m having the same problem with an installer which was developed for me by a well known IT firm.
When I run the EXE, the mouse cursor becomes an hourglass for a few seconds, then nothing.
I can see that 3 services have been created, but they are impossible to kill. Only way is to reboot.
When I disable Deepscreen or shut down the internet connection (!!!), the EXE works fine !
Is there a way to have someone have a look at it ? I can’t send a report via the app because it is not quarantined or anything. The only traces I managed to find are these :
avast_fichiers.txt
03/02/2016 08:25:22 C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp [+] est OK
03/02/2016 08:25:23 C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp [+] est OK
03/02/2016 08:25:23 C:\Users\ALEXAN~1\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp [+] est OK
autosandbox.log
03/02/2016 08:25:22 Autosandbox candidate: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe
[Source: https://stg-rcs-rlmanager.aw.atos.net/archives/win/RLink2Toolbox-latest.exe]
[Opened by: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe]
[Reason: 0x00020000]
→ Result: Not sandboxing (because the file is trusted).
I’d appreciate any help you can provide. This EXE is meant to be published to a large public, and I would really want Avast not to block it.
The EXE is available on the web, I’d just rather not post it in a forum. I can send the URL in private.
same with my problem , avast block my program in python… every time i convert to .exe.it move my program to quarantine.i am very trouble working… what can you sudgest?