I have an application I wrote for my company in Python 2.x, PyQT4, and MySQLdb and packaged with py2exe.
Recently, I made some updates to the application, Porting it to Python 3.4 and PySide. I also removed the MySQLdb dependencies and added Requests. I packaged this with the newly-minted py2exe for Python 3.
Suddenly I'm getting flagged by Windows defender that my executable is malware. Here's the log entry:
Windows Defender has detected spyware or other potentially unwanted software.
For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Zwangi&threatid=144384
Name:BrowserModifier:Win32/Zwangi
ID:144384
Severity:High
Category:Browser Modifier
Path Found:file:C:Usersalan.mooreDesktopicketuserclient3-beta1icketuserclient3Contact tech support.exe
Detection Type:Concrete
Detection Source:Downloads and attachments
Status:Unknown
User:WILLIAMSON-TNalan.moore
Process Name:C:WindowsExplorer.EXE
So my questions are:
- Why am I being flagged as malware? How can I determine the exact reasons?
- Other than "allowing" this on all 600+ workstations that it needs to be deployed to, what can I do about it?
- What does "Detection Type: concrete" mean?
Thanks for any help.
UPDATE: Apparently anything I compile with py2exe under python3.4 gets identified like this.
I tried with this script:
import sys
import platform
print (sys.platform)
print ("".join(platform.uname))
And this setup.py
from distutils.core import setup
import os
import py2exe
setup(
windows=[{"script":"test.py", "dest_base":"Contact tech support"},],
options= {
"py2exe" : {
"compressed":1,
"optimize":2,
"bundle_files":3
}
},
zipfile = None
)
It's flagged as malware. (Win32/Zwangi).
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…