OiO.lk Community platform!

Oio.lk is an excellent forum for developers, providing a wide range of resources, discussions, and support for those in the developer community. Join oio.lk today to connect with like-minded professionals, share insights, and stay updated on the latest trends and technologies in the development field.
  You need to log in or register to access the solved answers to this problem.
  • You have reached the maximum number of guest views allowed
  • Please register below to remove this limitation

Python script distribution on Windows - options to avoid virus false positives?

  • Thread starter Thread starter Tom Grundy
  • Start date Start date
T

Tom Grundy

Guest
Turning a .py script into an .exe on Windows seems to always result in false-positive virus detection hits.

There are LOTS of discussion threads about this on stackoverflow and elsewhere. A real good summary is here.

pyinstaller from pip, pyinstaller with local-compiled bootloader, py2exe, and nuitka are the various .exe-builders I've tried so far. Various build tools result in various hit counts on virustotal.com but it seems there will always be some hits no matter what you do - this is the world we live in.

I understand that signing is an option, though the tool being distributed is free and open-source, so the signing option probably won't be pursued.

Chasing down the antivirus vendors to report false positives each time the script is edited and the .exe is rebuilt doesn't seem like a good use of time.

The question here: is it best to give up on the idea of distributing an .exe? Is a full python installation on the end user's machine, and then just distributing the .py file, the best way to go? That option seems pretty heavy-weight and overbearing and prone to more installation issues. But, if it's the only way to avoid the antivirus dance...? Or is there another middle option?
<p>Turning a .py script into an .exe on Windows seems to always result in false-positive virus detection hits.</p>
<p>There are LOTS of discussion threads about this on stackoverflow and elsewhere. A real good summary is <a href="https://medium.com/@markhank/how-to-stop-your-python-programs-being-seen-as-malware-bfd7eb407a7" rel="nofollow noreferrer">here</a>.</p>
<p>pyinstaller from pip, pyinstaller with local-compiled bootloader, py2exe, and nuitka are the various .exe-builders I've tried so far. Various build tools result in various hit counts on virustotal.com but it seems there will always be some hits no matter what you do - this is the world we live in.</p>
<p>I understand that signing is an option, though the tool being distributed is free and open-source, so the signing option probably won't be pursued.</p>
<p>Chasing down the antivirus vendors to report false positives each time the script is edited and the .exe is rebuilt doesn't seem like a good use of time.</p>
<p>The question here: is it best to give up on the idea of distributing an .exe? Is a full python installation on the end user's machine, and then just distributing the .py file, the best way to go? That option seems pretty heavy-weight and overbearing and prone to more installation issues. But, if it's the only way to avoid the antivirus dance...? Or is there another middle option?</p>
 

Latest posts

Top