New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set correct PE checksum for .exe files (helps with virus false-positives) #5579
Comments
Ah yes! Nice one. How that makes an executable any more trustworthy seeing as anyone could do it is beyond me but if it shuts up the bogus AV software then great. |
@The-Compiler Fancy making the changes or shall I? |
Feel free! I'm not really sure what the best place for such a change would be - but I also try to avoid working on Windows stuff if I can, so if you don't mind, go ahead. 👍 |
Alright then. I'll blow the cobwebs off my own Windows partition and do it... |
This should help with virus scanner false positives. See pyinstaller/pyinstaller#5579 Fixes #6081 Fixes #6194
This should help with virus scanner false positives. See pyinstaller/pyinstaller#5579 Fixes #6081 Fixes #6194 (cherry picked from commit 2b91081)
Windows executables contain an optional checksum to protect against corruption. It turns out that several of antiviral programs raise false positives if this checksum is missing or wrong. Setting this checksum appeases McAfee and inconsistently fixes MS Defender which are probably the most common (and also dumbest) AVs for Windows.
Windows executables contain an optional checksum to protect against corruption. It turns out that several of antiviral programs raise false positives if this checksum is missing or wrong. Setting this checksum appeases McAfee and inconsistently fixes MS Defender which are probably the most common (and also dumbest) AVs for Windows.
Windows executables contain an optional checksum to protect against corruption. It turns out that several of antiviral programs raise false positives if this checksum is missing or wrong. Setting this checksum appeases McAfee and inconsistently fixes MS Defender which are probably the most common (and also dumbest) AVs for Windows.
Windows executables contain an optional checksum to protect against corruption. It turns out that several of antiviral programs raise false positives if this checksum is missing or wrong. Setting this checksum appeases McAfee and inconsistently fixes MS Defender which are probably the most common (and also dumbest) AVs for Windows.
Windows executables contain an optional checksum to protect against corruption. It turns out that several of antiviral programs raise false positives if this checksum is missing or wrong. Setting this checksum appeases McAfee and inconsistently fixes MS Defender which are probably the most common (and also dumbest) AVs for Windows.
Windows executables contain an optional checksum to protect against corruption. It turns out that several of antiviral programs raise false positives if this checksum is missing or wrong. Setting this checksum appeases McAfee and inconsistently fixes MS Defender which are probably the most common (and also dumbest) AVs for Windows.
I've done it (#5580). EXEs built by PyInstaller will now have the checksum set. The bootloaders won't until we rebuild them so unless you rebuild the bootloaders yourself, there is no point submitting those to virustotal yet. Instead submit your built applications. I have tried rebuilding a bootloader then submitting it and it came back all green. |
Switched the CLI to improve the user experience. Fixes issue pyinstaller#5579
I tried with the new PE changes and it's still blocked in Defender and flagged by a bunch in Virus Total, unfortunately. |
Interesting, using commit f078351, I get the following result: Just a build of |
@sjackman that's Internet Archive flag is on version 3.6... a little out of date. |
Would you please give a little more detail regarding this? How should we rebuild bootloader to prevent being flagged as malware? |
Rebuilding the bootloader only affects people who can't install pyinstaller. If that includes you then the docs are here. |
Has a change that should help with anti-virus false-postiives on Windows: pyinstaller/pyinstaller#5579
Has a change that should help with anti-virus false-postiives on Windows: pyinstaller/pyinstaller#5579
Is your feature request related to a problem? Please describe.
As you've probably all seen before, virus scanner false-positives are a recurring problem for PyInstaller-generated executables, as well as PyInstaller's bootloader (see e.g. #5490, #5474, #5479, ...).
One piece of information virus scanners seem to use is the PE checksum. Quoting from that article:
It looks like anything generated from PyInstaller (as well as the Windows bootloader in the release?) seems to have a checksum of
00 00 00 00
, which is thus invalid.Describe the solution you'd like
PyInstaller should set a correct PE checksum. This is possible using
pefile
, which it already seems to depend on:(You can use
pe.verify_checksum()
to verify that it is correct)After doing this, e.g. PyInstaller's
Windows-64bit/runw.exe
(in the 4.2 release) goes down from 12 false-positives to only 5 - most notably, McAfee and Avast (which are the two affected engines I've actually heard of before...) now are happy with the file.Doing this with my own project (which is built with PyInstaller), @bitraid found that:
Describe alternatives you've considered
Submitting false-positive reports to antivirus vendors. A pain.
Also, doing this after PyInstaller has generated the exe - that works, but it seems to me like this should be done in PyInstaller itself.
Additional context
See qutebrowser/qutebrowser#6194
The text was updated successfully, but these errors were encountered: