Anti Virus Qurantine

I’m using AVG anti-virus (paid version). Every time I create a new robot in the lab, it’ll trigger a virus quarantine for the python.exe file. I would have to manually mark it as an exception.

There is a way to whitelist an application globally but it can only be done by the software developer directly with AVG AVG Threat Lab - File whitelisting | AVG

Would appreciate if Robocorp could follow up. Thanks.

First off thanks for the report, we are tracking the antivirus behavior constantly as just about everything done in automation is walking quite close to what viruses try to do.

For this case, I’m relatively confident in saying this is a false-positive, but would be crucial to get the quarantine reason from these cases so a couple of questions:

  • I assume you are running on Windows?
  • Does the AVG have any corporate rules set or is it “out-of-the-box”?
  • Can you share details on what AVG reported as the reason for the quarantine?
  • Can you share the conda.yaml of your robot so that we can reproduce the same environment?

The python.exe in question (along with a number of binaries and executables) are loaded from conda-forge and/or PyPI. The possibility for that python.exe actually containing malicious parts is highly unlike as only the Python organization releases can end up in conda-forge channels. The executables in the virtual isolated environment are not signed and they pretty much cannot be due to relocation so that is my first guess at why the file got flagged.

Adding bigger exclusions via whitelisting needs to be done with care as you can pretty much add anything in PyPI to your environment dependencies (conda.yaml) so having an antivirus scanning the incoming stuff is a good thing to have.

Basically, a sizable chunk of the data science community is working on top of anaconda and conda-force technologies that we use, so a bigger hit from virus scanners will quite quickly hit a big community so any heads-up on these is key… especially if the hit is to the very core block like python itself.

Br, Kari