Windows Defender found pyfa.exe 2.57.2 malicious

[raimondsL]

https://www.virustotal.com/gui/file/a1e066ee7c07b7d37b9b2573e7f0aa994ea43c0918b8a6995f8dfa02aac94398/details

[ktwb]

Yup, same here, newest version of pyfa is a problem...

[SzymonTomtala]

Avast says the same: FileRepMalware

[DarkFenX]

More context: #2550

Surprisingly enough, 3 more antiviruses which reported pyfa-v2.57.2-win.zip okay, report pyfa.exe which was just sitting in the zip as malicious (Bkav Pro, SecureAge, Zillya - seems like they just don't check contents of zip?):

• .exe: https://www.virustotal.com/gui/file/acf94f756edd701209b9e2ebe3678275a96e5058d9abf119a4175fb5bc51ad4e
• .zip: https://www.virustotal.com/gui/file/8c887e9926dfc0611c18180830ae832587faa9b80600c8e3ac97f3de2ecb5269?nocache=1

Report this as false positive to your antivirus, please. I will try reverting pyinstaller another step, 6.1.0 -> 6.0.0 (thought when it's just Avast/AVG report false positive is ok, but apparently windows defender scan isn't part of virustotal anymore).

[DarkFenX]

Also make a screenshot of what exactly windows defender says.

[DarkFenX]

Also, can people who get windows defender error check that they have no pending updates?

[raimondsL]

Windows Defender update 08-DEC-2023

[DarkFenX]

Yep. I am waiting for a corpmate to finish windows update to give me exact this info (if it resolves the issue or not).

So, the windows defender issue is solved by windows update.

edit: or am I reading it wrong and windows update didn't exactly help? "Threat restored" is confusing

[raimondsL]

Yep. I am waiting for a corpmate to finish windows update to give me exact this info (if it resolves the issue or not).

So, the windows defender issue is solved by windows update.

edit: or am I reading it wrong and windows update didn't exactly help? "Threat restored" is confusing

It was me restoring the threat.

[DarkFenX]

Ok, so just to confirm, it was detected as a threat despite latest update installed, and "restoring" threat means telling system it's not a virus (= false positive)?

(i am not familiar with terms or interface of windows defender)

[raimondsL]

Ok, so just to confirm, it was detected as a threat despite latest update installed, and "restoring" threat means telling system it's not a virus (= false positive)?

(i am not familiar with terms or interface of windows defender)

It means it's still a threat. I just put it back

[DarkFenX]

Ok thanks.

[DarkFenX]

Changed pyinstaller version in fc43691, please try this build and see if windows defender complains about it: https://ci.appveyor.com/project/pyfa-org/pyfa/builds/48713422/job/p3y42tsnfi3e3j5w/artifacts

If it doesn't, I will make a release

[raimondsL]

Windows Security is dumb, but it worked for me. i'd recommend at least one more confirmation

[DarkFenX]

There already were reports from pyinstaller side, e.g. this: pyinstaller/pyinstaller#7967 (comment)

And pyinstaller version is all that matters. Windows defender doesn't check pyfa code i think. I will wait for confirmation from my corpmate and will make a release.

[DarkFenX]

Got another confirmation that it works, made a new release: https://github.com/pyfa-org/Pyfa/releases/tag/v2.57.3

[AnrDaemon]

I strongly suggest setting up a file signing. No need for some "well-known" CA, even a local CA rolling out certificates is okay to add a consistency protection and a recognizable mark on the file.