Jump to content

PyInstaller exe detected as PoetRAT

Recommended Posts

HI  I made a python app based on a python.py script and made it into an executable with pyinstaller, but immunet detects it as the following threat



Should I be worried or is this a false positive. As I said, I made the script and the executable with official source libraries, so I just want to know if this could be just a false positive. It's an industrial application so I can't share it. I've seen PoetRAT is related to industrial data like my app is, did that proc the alarm?

Edited by bkiller10
Link to comment
Share on other sites

Hi bkiller10,

Have you tried to use the Quarantine Restore feature for the script? If successfully restored from Quarantine that will automatically move the file to the Exclusion list so it will no longer be scanned.

I would also suggest you report this as a False Positive to the Immunet devs and since it's also a ClamAV detection to contact the ClamAV support folks at these URL's

Immunet Support: https://www.immunet.com/false_positive

ClamAV Support: https://www.clamav.net/reports/fp

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...