pyinstaller wrong classified as Windows virus

Chris Angelico rosuav at gmail.com
Thu Nov 25 13:00:49 EST 2021 

On Fri, Nov 26, 2021 at 4:50 AM Richard Damon <Richard at damon-family.org> wrote:
>
> On 11/25/21 12:21 PM, Chris Angelico wrote:
> > On Fri, Nov 26, 2021 at 4:18 AM Ulli Horlacher
> > <framstag at rus.uni-stuttgart.de> wrote:
> >> Chris Angelico <rosuav at gmail.com> wrote:
> >>
> >>> Unfortunately, if you're not going to go to the effort of getting your
> >>> executables signed
> >> I cannot sign my executables (how can I do it anyway?), because Windows
> >> deletes my executable as soon as I have compiled them! They exist only
> >> for a few seconds and then they are gone.
> >>
> >>
> >>> another reason to just distribute .py files.
> >> I cannot do that because my users do not have Python installed and they
> >> are not allowed to do it.
> >>
> > Are they really allowed to install your unsigned executables but are
> > not allowed to install Python from a known and trusted source?
> >
> > If there's some bizarre loophole that allows them to run completely
> > untrusted binary code, but not to run legitimate code that can be
> > fetched from a variety of trusted places (including python.org, the
> > Windows store, etc), then I'm afraid you're on your own, and will
> > probably need to play around with the exact loophole to figure out
> > what is going to be permitted.
> >
> > Alternatively, just go find the person who decides what gets
> > installed, and request a Python interpreter to be added to the
> > permitted list. That's probably easier, and it's certainly going to be
> > better long-term.
> >
> > ChrisA
>
> My first guess is it isn't so much what is 'allowed' but what can be
> easily done.
>
> On a somewhat locked down computer, the user does not have admin rights,
> so needs to get 'IT' to run any installers that need admin permissions
> to run.

Can someone confirm that it's still possible to run the Python
installer without admin rights, for a per-user installation? It always
used to be possible, but I haven't checked.

> Likely, just copying an EXE file from an outside source may still be
> against the rules (and needs approval), but some think if they can do it
> and no one complains, it must be ok. On the other hand, they may have
> given approval, knowing the source.

Maybe. I would still consider it unlikely that you can run an EXE from
an arbitrary source, but can't run a trusted installer from a known
source. You're right that admin perms would be harder, but that
shouldn't stop you from installing Python.

Also, obligatory XKCD: https://xkcd.com/1200/

ChrisA

More information about the Python-list mailing list