0.17.10.3_windows triggers Windows Defender. about bindcontrol HOT 8 CLOSED

Wow "Bearfoos" is a new one. So weird. I thought I'd maybe gotten past all that with the changes I made in 0.17.2 a couple of weeks ago, but Windows Defender never fails to surprise me. I continue to consider simply not making binary releases any more, as this is a recurring embarrassment.

The detection is certainly a false positive, a casualty of PyInstaller, but I don't want to get people into the habit of running software that Windows Defender doesn't like. Going to ponder what to do about this, but in the very short term, I'm going to remove the ZIP file from the 0.17.10.3 release and continue to encourage people to run from source instead of using the binary packages.

There's a 0.17.10.4 coming very soon, we'll see whether it also causes the problem. Thanks for the report.

from bindcontrol.

This is particularly tedious during times of heavy development like right now because, while there is a process to get things reviewed and whitelisted with Windows Defender, it's not instantaneous and needs to be done with every release, and then await people getting the updated Defender definitions from MS. When I'm popping out daily releases, that's just not feasible.

from bindcontrol.

I did more looking and bearfoos seems to be a false positive pretty often with the "ml" in the extension suggesting it's a flag indicating machine learning was used to do the identification.

(I respect your choice to stop providing binaries if you do. That said, if you do start to only provide source files, please provide ELI5 level explanations of how to compile them.)

from bindcontrol.

Yeah, the README currently has a "Running from Source" section that's not quite ELI5, but it's not particularly complicated. I should revisit that section and expand it a little bit with some more specifics and detailed steps, hopefully without getting too wordy.

from bindcontrol.

Oh interesting, PyInstaller just released a new version like 48 hours ago: https://pyinstaller.org/en/stable/CHANGES.html

I think I might want to force the automated build action to use a previous version.

from bindcontrol.

OK I just released 0.17.10.4, which is identical to 0.17.10.3 except built with the previous version of PyInstaller. I tried it out on my Windows 10 VM and Windows Defender was happy with it. Please let me know your luck when you get a chance.

from bindcontrol.

Scanned 0.17.10.4 and didn't get a hit.

At least two of those other reports I found also related to the version of pyinstaller with assertions of false positives.

from bindcontrol.

OK I'm gonna go ahead and close this since it's specific to 0.17.10.3, and I'll take any new reports as they come. Thanks again for the heads-up.

from bindcontrol.