I recently used the command `python -m PyInstaller --onefile --windowed tictactoe.py` to create an executable file. When I scanned the file on VirusTotal, it was flagged as a virus and Trojan by 11 out of 72 scanners. Should I be worried, or is this just a false positive?
10 Answers
Just remember, if the exe isn’t signed, it will likely cause red flags with antivirus programs.
PyInstaller is often flagged because it’s known to be used by malware creators. That might explain why your exe is getting marked as suspicious.
When you create an unsigned executable, it raises flags for antivirus programs. They usually err on the side of caution with unknown files. If you wrote the code and used trusted libraries, it's likely not a virus. Just keep in mind that unsigned executables can be risky, so be cautious!
Thanks for clarifying that!
For me, using the `--onefile` flag triggered the warning. Have you thought about trying to build it without that option?
You should definitely consider signing your executable with a proper certification. This process differs based on your operating system and the target OS, but there’s plenty of documentation out there to help with it.
Thanks! I just wanted to be sure I hadn't picked up a Trojan.
In my experience, antivirus software will flag any unsigned executables as potential viruses. It’s a common precaution.
Honestly, this happens often with Python exes. Even signed ones can sometimes trigger false alarms. It's a pain, but there's not much to do about it.
But isn’t using a real code signing certificate the way to go?
Monthly reminder that most antivirus programs are overhyped. If you know your stuff, they often do more harm than good.
Did you write the code yourself? If yes, then you shouldn’t worry about it being a virus. Just know that any third-party libraries you're using could potentially introduce risks, especially if they aren't from the standard library.
Yes, I wrote the code, and I'm confident it's clean.
But what about dependencies? Could they be problematic?
Can't help but chuckle at this, but no worries, the FBI isn’t coming for you!
Is it definitely a false positive though?