Python with Pyinstaller exe, Clean but Avast DeepScreen Blocks it

system · 2015-04-15T10:30:18.000Z

I am a developer and learning python for win32 GUI apps development, but i am having a problem whenever i create app with python and make an exe with pyinstaller it says in avast that its virus and after deepscreen blocks it. I mean WTH. For example following is the code.

import tkMessageBox
tkMessageBox.showinfo(title="Greetings", message="Hello World!")

compiled in an exe with pyinstaller 1.5.1, and when i execute it avast start deepscreen and after few seconds says its a threat.
Kindly resolve it if you marked all python apps as threat.

Staticguy · 2015-04-15T10:41:00.000Z

Use this form to report false positive https://www.avast.com/contact-form.php?subject=VIRUS-FILE. You can do also do it directly from within Avast to report false positive https://www.avast.com/en-nz/faq.php?article=AVKB21 click on this section “Submitting files from the Virus Chest to Avast Virus Lab”

system · 2015-04-16T05:10:13.000Z

Its same almost with all exe compiled with pyinstaller using makespec.py . Avast is doing easy thing to understand all of those exe as threat. instead of doing proper reverse and analyze them.

Staticguy · 2015-04-16T07:03:12.000Z

Just do what I mentioned and it will be handled in the next VPS update or streaming update

Milos · 2015-04-16T07:16:04.000Z

Shoaib4 post:3:

Its same almost with all exe compiled with pyinstaller using makespec.py . Avast is doing easy thing to understand all of those exe as threat. instead of doing proper reverse and analyze them.

Hello,
this is exactly, what DeepScreen should do – analyze new/unknown samples. What is the result of DeepScreen analysis?

Milos

system · 2015-04-16T08:38:59.000Z

in deepscreen it say its a threat. lol. just two lines of this code. and its a threat. ;D

Milos · 2015-04-16T08:56:59.000Z

Hello,
send the detected samples through http://support.avast.com/ → Avast Virus Lab as False positive. We would like to see what causes this.

Thanks,
Milos

system · 2015-11-13T01:44:21.000Z

Deep Screen is still doing something when handle the created exe file from pyinstaller.

I created a script containing just the number 0, then I packed it to a single file named hello.exe (first I was thinking of print(“hello”) but then I got angry and just typed 0, very harmless )

Now when i run this exe file it get picked up by Deep Screen and nothing more happen, no message no error, nothing.
And the process is impossible to kill, only a computer reboot helps.

If I turn of the Deep Screen I can run the hello.exe just normal.

Did you receive any samples to look at?

Edit:
Found this in C:\ProgramData\AVAST Software\Avast\log\autosandbox.log (Many of them but I post only one)

2015-11-13 02:30:44 Autosandbox candidate: F:\tempCleaner\sandbox\dist\hello.exe
[Source: local://*PID 6448 ]
[Opened by: F:\tempCleaner\sandbox\dist\hello.exe]
[Reason: 0x00020000]
→ Result: Sandboxing (NG component is not installed)
→ Instrumentation: Instrumentation inside sandbox requested

system · 2016-02-03T09:15:27.000Z

Hello,

I’m having the same problem with an installer which was developed for me by a well known IT firm.
When I run the EXE, the mouse cursor becomes an hourglass for a few seconds, then nothing.
I can see that 3 services have been created, but they are impossible to kill. Only way is to reboot.
When I disable Deepscreen or shut down the internet connection (!!!), the EXE works fine !
Is there a way to have someone have a look at it ? I can’t send a report via the app because it is not quarantined or anything. The only traces I managed to find are these :

avast_fichiers.txt

03/02/2016 08:25:22 C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp [+] est OK
03/02/2016 08:25:23 C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp [+] est OK
03/02/2016 08:25:23 C:\Users\ALEXAN~1\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp [+] est OK

autosandbox.log

03/02/2016 08:25:22 Autosandbox candidate: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe
[Source: https://stg-rcs-rlmanager.aw.atos.net/archives/win/RLink2Toolbox-latest.exe]
[Opened by: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe]
[Reason: 0x00020000]
→ Result: Not sandboxing (because the file is trusted).

03/02/2016 08:25:22 Autosandbox candidate: C:\Users\Alexandre\AppData\Local\Temp\is-HQN6A.tmp\RLink2Toolbox-latest.tmp
[Source: https://stg-rcs-rlmanager.aw.atos.net/archives/win/RLink2Toolbox-latest.exe]
[Opened by: C:\Users\Alexandre\Desktop\RLink2Toolbox-latest.exe]
[Reason: 0x00020000]
→ Result: Sandboxing (NG component is not installed)
→ Instrumentation: Instrumentation inside sandbox requested

My configuration :

Windows 10 Family x64
Avast Free Antivirus 2015

I’d appreciate any help you can provide. This EXE is meant to be published to a large public, and I would really want Avast not to block it.
The EXE is available on the web, I’d just rather not post it in a forum. I can send the URL in private.

Thank you for your help & support.

Regards
Alex

bob3160 · 2016-02-03T15:47:53.000Z

@ alexandre.rigal,
follow the instructions given here:
https://forum.avast.com/index.php?topic=169548.msg1204875#msg1204875

IAn514 · 2024-10-12T10:36:51.776Z

same with my problem , avast block my program in python… every time i convert to .exe.it move my program to quarantine.i am very trouble working… what can you sudgest?

Lano · 2024-10-13T00:06:50.620Z

This site is a disaster. When will there be a site with topics

we can actually post cognitive replies to?

C:\Users\grift\OneDrive2\Desktop\WHAT! 2024-10-12 19_55_40.png

Announcements