Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it

I am a developer and learning python for win32 GUI apps development, but i am having a problem whenever i create app with python and make an exe with pyinstaller it says in avast that its virus and after deepscreen blocks it. I mean WTH. For example following is the code.

import tkMessageBox
tkMessageBox.showinfo(title="Greetings", message="Hello World!")

compiled in an exe with pyinstaller 1.5.1, and when i execute it avast start deepscreen and after few seconds says its a threat.
Kindly resolve it if you marked all python apps as threat.

1 Like

Use this form to report false positive https://www.avast.com/contact-form.php?subject=VIRUS-FILE. You can do also do it directly from within Avast to report false positive https://www.avast.com/en-nz/faq.php?article=AVKB21 click on this section “Submitting files from the Virus Chest to Avast Virus Lab”

Its same almost with all exe compiled with pyinstaller using makespec.py . Avast is doing easy thing to understand all of those exe as threat. instead of doing proper reverse and analyze them.

Just do what I mentioned and it will be handled in the next VPS update or streaming update

Hello,
this is exactly, what DeepScreen should do – analyze new/unknown samples. What is the result of DeepScreen analysis?

Milos

in deepscreen it say its a threat. lol. just two lines of this code. and its a threat. ;D

Hello,
send the detected samples through http://support.avast.com/ → Avast Virus Lab as False positive. We would like to see what causes this.

Thanks,
Milos

Deep Screen is still doing something when handle the created exe file from pyinstaller.

I created a script containing just the number 0, then I packed it to a single file named hello.exe (first I was thinking of print(“hello”) but then I got angry and just typed 0, very harmless :slight_smile: )

Now when i run this exe file it get picked up by Deep Screen and nothing more happen, no message no error, nothing.
And the process is impossible to kill, only a computer reboot helps.

If I turn of the Deep Screen I can run the hello.exe just normal.

Did you receive any samples to look at?

Edit:
Found this in C:\ProgramData\AVAST Software\Avast\log\autosandbox.log (Many of them but I post only one)

2015-11-13 02:30:44 Autosandbox candidate: F:\tempCleaner\sandbox\dist\hello.exe
[Source: local://*PID 6448 ]
[Opened by: F:\tempCleaner\sandbox\dist\hello.exe]
[Reason: 0x00020000]
→ Result: Sandboxing (NG component is not installed)
→ Instrumentation: Instrumentation inside sandbox requested

1 Like

Hello,

I’m having the same problem with an installer which was developed for me by a well known IT firm.
When I run the EXE, the mouse cursor becomes an hourglass for a few seconds, then nothing.
I can see that 3 services have been created, but they are impossible to kill. Only way is to reboot.
When I disable Deepscreen or shut down the internet connection (!!!), the EXE works fine !
Is there a way to have someone have a look at it ? I can’t send a report via the app because it is not quarantined or anything. The only traces I managed to find are these :

avast_fichiers.txt

03/02/2016 08:25:22 C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp [+] est OK
03/02/2016 08:25:23 C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp [+] est OK
03/02/2016 08:25:23 C:\Users\ALEXAN~1\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp [+] est OK

autosandbox.log

03/02/2016 08:25:22 Autosandbox candidate: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe
[Source: https://stg-rcs-rlmanager.aw.atos.net/archives/win/RLink2Toolbox-latest.exe]
[Opened by: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe]
[Reason: 0x00020000]
→ Result: Not sandboxing (because the file is trusted).

03/02/2016 08:25:22 Autosandbox candidate: C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp
[Source: https://stg-rcs-rlmanager.aw.atos.net/archives/win/RLink2Toolbox-latest.exe]
[Opened by: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe]
[Reason: 0x00020000]
→ Result: Sandboxing (NG component is not installed)
→ Instrumentation: Instrumentation inside sandbox requested

My configuration :

  • Windows 10 Family x64
  • Avast Free Antivirus 2015

I’d appreciate any help you can provide. This EXE is meant to be published to a large public, and I would really want Avast not to block it.
The EXE is available on the web, I’d just rather not post it in a forum. I can send the URL in private.

Thank you for your help & support.

Regards
Alex

@ alexandre.rigal,
follow the instructions given here:
https://forum.avast.com/index.php?topic=169548.msg1204875#msg1204875

same with my problem , avast block my program in python… every time i convert to .exe.it move my program to quarantine.i am very trouble working… what can you sudgest?

This site is a disaster. When will there be a site with topics

we can actually post cognitive replies to?

C:\Users\grift\OneDrive2\Desktop\WHAT! 2024-10-12 19_55_40.png