Problema de segurança no aplicativo Writing Tools

[MarceloBCorretor]

Dear Creator of the Writing Tools App,

First, I would like to congratulate you on the creation of this app. By following all the instructions, I managed to install and configure it perfectly on two laptops, and it seemed to be an excellent solution for my needs, especially as an alternative to LanguageTool.

However, after installation, I received a concerning alert from Windows Defender indicating that the app's file was identified as a severe threat, classified as "Trojan:Script/Wacatac.B!ml." According to the report, Windows quarantined the file due to its detection of malicious behavior, with details suggesting it may execute dangerous commands.

The affected items include the following file: C:\Users\marce\Writing Tools(v7.1)\Writing Tools.exe

With this information, I am left wondering: is it safe to continue using the app? Is this a false positive detection by Windows Defender, or are there real risks associated with using the program?

I would greatly appreciate your assistance in clarifying this situation and, if possible, receiving guidance on how to resolve the issue. Thank you in advance for your attention, and I look forward to your response.

Best regards, Marcelo

[theJayTea]

Dear Marcelo,

Thanks for reaching out. Sadly, it is a false positive due to our use of PyInstaller to convert the Python code into an exe. You can read more about this with a quick Google search: "https://www.google.com/search?q=pyinstaller+false+positive".

PyInstaller is a popular open-source tool to do this, but it produces exes with a singular signature - so everything from potential malware to legitimate apps would seem to have the same signature for AV ML heuristics.

If you scan the actual source code, your antivirus will not flag it. If you compile it into an exe yourself with PyInstaller (you could use the build instructions on the README), your antivirus would flag the exe again.

I'm looking to improve this by signing the exe, but this would cost me a lot of money. I'm also working on submitting the file to Microsoft malware analysis so an exclusion can be made.

Kind regards,
Jesai

[MarceloBCorretor]

Dear Jesa, Thank you for your response and for clarifying the false positive issue with PyInstaller. I have already made the necessary adjustments and am using the program without any problems. It has been very useful and is significantly improving the responses. I have made several important changes and am very satisfied with the results. I haven’t tested it with other AIs yet, but I tried creating something with Llama and didn’t get the expected outcome. I would like to suggest something that I consider essential: making the program available for Android, either as a dedicated app or integrated into the system keyboard, similar to what has already been done on iPhone. I believe this would make usage even more practical and accessible. If there are any plans or possibilities for this, I would appreciate more information. Best regards, Marcelo Brandão Em sex., 7 de mar. de 2025, 17:09, Jesai Tarun ***@***.***> escreveu:

…

Dear Marcelo, Thanks for reaching out. Sadly, it is a false positive due to our use of PyInstaller to convert the Python code into an exe. You can read more about this with a quick Google search: " https://www.google.com/search?q=pyinstaller+false+positive". PyInstaller is a popular open-source tool to do this, but it produces exes with a singular signature - so everything from potential malware to legitimate apps would seem to have the same signature for AV ML heuristics. If you scan the actual source code, your antivirus will not flag it. If you compile it into an exe yourself with PyInstaller (you could use the build instructions on the README), your antivirus would flag the exe again. I'm looking to improve this by signing the exe, but this would cost me a lot of money. I'm also working on submitting the file to Microsoft malware analysis so an exclusion can be made. Kind regards, Jesai — Reply to this email directly, view it on GitHub <#166 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A7Q4YG2DQOGOPSKJL5VK3ND2TIDHDAVCNFSM6AAAAABYRTQXHKVHI2DSMVQWIX3LMV43URDJONRXK43TNFXW4Q3PNVWWK3TUHMYTENBTGA4DKNY> . You are receiving this because you authored the thread.Message ID: ***@***.***>