If you use the Pyinstaller module to freeze your code into an executable (EXE), and everything you create is being flagged as a virus this guide is for you.
A Foreword
First and foremost, this is a resolution built on the backs of many other developers out there. Thank you everyone who has taken the time to share and work together to help solve this issue. With that in mind, I wanted to give a direct shout out to the great mind, Adam MacDonald, for his contribution to this post. His help with understanding the problem, asking the right questions, untangling, and then piecing together what was a complex collection of disconnected steps across multiple online forms was monumental. After putting this puzzle together, we both agreed that publishing the complete resolution in 1 location in an easy-to-read and understand format was something the community needs. If you do have any questions or clarification requests, please let me know.
My Development Environment 💻
In this section, I've included the reported name and links to Microsoft's malware encyclopedia for reference along with the development environments I work in for your reference.
The False Positive Anti-Virus Flags I've Received
Verified Development Environment
-
Python: 3.9.1, 3.8.6, 3.8.7, 3.7.8
-
PIP: 21.2.4
-
Pyinstaller: Latest 4.5.1, 4.2, 4.1
-
OS: Windows 10 Home 64/32 Bit, Professional 64/32 Bit, Enterprise 64/32 Bit, Windows Server 2012 R2
The Guide 👇
Below is a Step-By-Step Guide on How to Manually Compile your Pyinstaller Bootloader🔨
I will be walking you through installing the Visual Studio C++ Compiler, downloading the latest version of Pyinstaller from the official GitHub, and manually compiling the Pyinstaller Bootloader instead of using pip install.
Index
-
Check to see if your EXE is being flagged For on Virus Total
-
Purge Pyinstaller Files within your Project and Rebuild
-
Uninstall Pyinstaller
-
Next, you'll need to get a Compiler setup
-
Build a Pyinstaller Bootloader with your Compiler
-
Install the newly compiled Pyinstaller
-
Re-build your EXE with Pyinstaller, and make sure it's not being be flagged as a virus
-
Still Having Issues?
1. Check to see if your EXE is being flagged For on Virus Total
First, you should try to understand the problem you're trying to resolve. Virus Total lets you upload a file and scan for infections based on “over 70 anti-virus” definitions.
-
1.1 Navigate to virustotal.com
-
1.2 Upload your file
-
1.3 Review the detection results
-
1.4 Take a record of what's being flagged so that you can confirm success at the end.
Photo taken by author from VirusTotal.com
2. Purge Pyinstaller Files within your Project and Rebuild
75% of the time, purging the Pyinstaller Build files & rebuilding your EXE will do the trick.
-
2.1 Navigate to your project folder, where you're running Pyinstaller
-
2.2 Delete pycache, build, and **dist **folders from your project folder
-
2.3 Try to rebuild your EXE
If that doesn't work, you'll need to take a more nuclear approach. 👇
3. Uninstall Pyinstaller
You'll need to remove Pyinstaller if it's already installed along with any folders/files created by Pyinstaller from previous build attempts. I used PIP to manage my Python modules.
-
3.1 Open CMD as admin
-
3.2 Run python.exe -m pip uninstall pyinstaller
- 3.3 Delete pycache, build, and **dist **folders from your project folder
4. Next, you'll need to get a Compiler setup
If you don't have a compiler installed already, follow these instructions. Otherwise, you move on to step 3.
-
4.1 Download a compiler (_For Windows users, I recommend using the C++ Compiler from Visual Studios — Click for Link_) The community 2019 Build is what I used
-
4.2 Install your compiler as admin
Image taken 06/13/2021
5. Build a Pyinstaller Bootloader with your Compiler
You'll be downloading the Pyinstaller source code from the official GitHub repo, and using Python with your compiler to build the installation package
-
5.1 Download the latest release of Pyinstaller from Pyinstaller's GitHub Repo
-
5.2 Unzip this to where you want Pyinstaller to be installed on your machine. (I used C:\Pyinstaller for simplicity sake).
-
5.3 In CMD, cd to the install directory where you unzipped Pyinstaller
-
5.4 cd to the bootloader folder
-
5.5 Run this command (depending on your dev environment) Windows 32 Bit: python.exe ./waf all --target-arch=32bit Windows 64 Bit: python.exe ./waf all --target-arch=64bit
6. Install the newly compiled Pyinstaller
-
6.1 Run CMD as admin
-
6.2 cd to root Pyinstaller directory you've created above Step 3
-
6.3 Run this command python.exe setup.py install
7. Re-build your EXE with Pyinstaller, and make sure it's not being be flagged as a virus
-
7.1 Rebuild your EXE
-
7.2 Re-upload it to VirusTotal.com to verify
8. Still Having Issues?
There have been some situations where an executable is still being flagged as a virus or is flagged again after some time.
- 8.1 Try Delete pycache, build, and **dist **folders from your project folder again, and then re build your EXE one more time
- 8.2 If that still doe not work, Check out Part 2 of this series, where I provide you the the steps and resources to communicate with the Anti-Virus developer(s) flagging your executable as a virus directly.
Python Pyinstaller False Positive Trojan Virus [RESOLVED] Pt2. Working with Anti-Virus Developer(s)
Wrapping Up 👋
Did this guide work for you? Are you have issues? Do you have any questions? I'd love to hear your feedback either way.
Thanks for taking the time to read!