BitDefender quarantine on pyinstaller PKG - false positive ?
Hello,
We have a small program that used to be compiled with pyinstaller (python executable) and recently it happened that pkg parts of the compiled file are quarantined with the following message:
L'analyse à l'accès a détecté une menace. Le fichier a été supprimé. C:\<path to file>\RCX555B.tmp est un malware de type Generic.Dacic.A05F649C.A.D1528439
(Sorry it's in French), basically it says: "Access analysis has detected a threat, The file has been deleted c:\<path to file>\RCX55B.tmp ..."
Could that be a false positive and how can I avoid that failure ?
We are using pyinstaller 3.11.1, the command is:
pyinstaller --specpath ../../obj/<SolutionName>/spec --distpath ../../bin/<SolutionName> --workpath ../../obj/<SolutionName>/build --onefile <SolutionName>.py
Command output is a collection of permission denied (after being quarantined) on PKG files:
15487 WARNING: Execution of 'remove_all_resources' failed on attempt #1 / 20: error(5, 'EndUpdateResourceW', 'Accès refusé.'). Retrying in 0.05 second(s)...
15692 WARNING: Execution of 'remove_all_resources' failed on attempt #2 / 20: error(5, 'EndUpdateResourceW', 'Accès refusé.'). Retrying in 0.06 second(s)...
15835 WARNING: Execution of 'remove_all_resources' failed on attempt #3 / 20: error(5, 'EndUpdateResourceW', 'Accès refusé.'). Retrying in 0.06 second(s)...
Comments
-
Hello.
Only the anti-malware researchers at Bitdefender Labs can help you with the issue.
You should report the file(s) as false positive to Bitdefender Labs here:
You could also follow the steps from these articles:
Regards.
1 -
The name python is often a ransomware, maybe thats why BD flagged it.
0