Skip to content

Latest commit

 

History

History
19 lines (9 loc) · 2.29 KB

MalwareWarnings.md

File metadata and controls

19 lines (9 loc) · 2.29 KB

Malware Warnings from BindControl

BindControl uses the PyInstaller framework to bundle its Window binary releases.

Unfortunately, many malware authors write in Python, and their malware uses some of the same methods as PyInstaller for executing the Python code.

Accordingly, Windows Defender and third-party malware detectors will occasionally false-positive on software built with PyInstaller, including BindControl.

If you get malware warnings about BindControl, please read these two points:

  1. Please do not run that version of BindControl. I can virtually guarantee that you are getting a false positive, and that BindControl is not infected with malware. However, I don't want to encourage anyone to ignore warnings from their malware detection. Please update your malware definitions and try again. If you still get warnings and wish to investigate further, you might look into sending the ZIP file up to VirusTotal for more information. Your mileage may vary, but my position is that if you are AT ALL uneasy or unsure, please do not run suspicious software, BindControl included.

  2. If you want to use BindControl and are getting malware warnings, please return to the instructions in the main README file for running Bindcontrol from source. This method is a bit more difficult to set up the first time, but doesn't have any PyInstaller-bundled components, and so avoids this entire class of problem. If you are at all familiar with git, running from a clone of the repository is an encouraged choice.

Currently, PyInstaller is the only game in town for bundling Windows binaries from Python1, and so these spurious warnings are going to be a fact of life. Running BindControl from source continues to be the recommended path to victory for those who are willing to put in a little extra work.

Footnotes

  1. I am aware of Nuitka, but so far my experience has been that it causes dramatically more false positives than PyInstaller, tending toward 100%. It has a commercial version that alleges to get around this but I am uninterested in paying a licensing fee to build occasionally-used Windows binaries for my vanity project that's used by a handful of people worldwide.