Conan: [bug] Installing conan through Windows installer results in conan.exe being quarantined by Windows Defender

Thanks for reporting @aslynatilla

VirusTotal is reporting this as well: https://www.virustotal.com/gui/file/444a6694319932fb2ec423cc4d1de3a50de7190556f8c44ba14a0e1cf7391ac9/detection

This detection is new, it is necessary to have a look.

I can confirm the same behavior: Windows 10 ; Version 10.0.18363 Build 18363

Let's investigate, thank you for reporting.

Interesting, when generating locally, I can't reach the same result:

Conan 1.32.1
https://www.virustotal.com/gui/file/96810eda4356b39664dbf607b9e04fefa75865d4474ae655d589e5c899b67caf/detection

Conan 1.33 (dev)
https://www.virustotal.com/gui/file/16f3276accf34068406c86cd059e2cb28eedd6c6197367bbb4531188ac9e19c5/detection

I've used Inno Setup 5.6.1 (a)

We need @czoido to have a look to the CI agent that is generating this installer.

Innosetup used in CI is 6.0.5 (u)

Generating with Inno Setup 6.0.5, I obtain the exactly same sha256, which means, from Inno 5.x to Inno 6.x, the result is the same. We have to investigate it on CI side.

I have generated them locally and got some detections too: https://www.virustotal.com/gui/file/0c7065e0c1104e2fed80a0d052a9aa267a489338c0106f2c921c1cc0a7ea59d0/detection

No idea yet what could be the differences

Hi @aslynatilla,

Thanks a lot for reporting. This problem is related to a known issue when generating executables with pyinstaller in which some antivirus mark the generated files as dangerous erroneously.
Looks like compiling our own bootloader files for pyinstaller instead of using the pre-built ones could mitigate the issue but the maintainers of pyinstaller also recommend reporting that as a false positive.
We'll compile our own bootlader files to see if that solves the problem and keep an eye on this. Anyway, if you don't have any reason why you need to install conan through the installer I would recommend you to do it via pip.

Just one extra note to confirm this behaviour. After testing the default bootloader files distributed by pyinstaller for Windows most of them report false positives in virustotal.

Please @uilianries can you make the same test and use your bootloaders that you have in your system?

Hi!

I built the bootloader from PyInstaller 4.1, following the steps on bootloader building page.

It generated 4 folders: release, releasew, debug and debugw.

My Windows Defender didn't detect any problem.

However, when I uploaded the file run.exe from release/ folder, Virus Total didn't like:

https://www.virustotal.com/gui/file/d071f748362f6d28d4a682fbbdd49f4ad80df0604374cc9e111b348f1d0db7d8/detection

On the other hand, when I tried to do the same with the pre-built PyInstaller 4.1, my Windows Defender didn't detect nothing as expected, but Virus Total didn't like again:

https://www.virustotal.com/gui/file/8eb8f51f3f41ef2f20d3e9e9908cecc1e0c6d910b5a49963e2a7ac0a4187de9d/detection

I'm going to try PyInstaller 4.2 and check if we have a different result.

Good news!

PyInstaller 4.2 is SAFE!

Building from sources, I uploaded run.exe from release/ folder (No threats):

https://www.virustotal.com/gui/file/f3f838f2f0ef85c67695ca9836f5fdea78523d07a5050c0aede97a244fc255ea/detection

Same for the pre-built version (No threats):

https://www.virustotal.com/gui/file/0367cd6d43be86912de0f30dd118087ac9e79a9b5f7440e496703b1de4c44fd7/detection

I also tested with Windows Defender, but it passed of course ...

Thus, we just need to change from PyInstaller 4.1 to 4.2

Excellent! Please @czoido, can you upgrade Pyinstaller to 4.2? I suggest doing the next release 1.33.

For next release we will use Pyinstaller to 4.2 to generate the binaries.
Although we are aware that this can bite us again in the future, we will also add some checks to the ci to catch this as soon as possible.
Thanks a lot @aslynatilla for reporting. I'm closing the issue, please feel free to reopen if you have more questions or comments regarding this.