First off thanks for the report, we are tracking the antivirus behavior constantly as just about everything done in automation is walking quite close to what viruses try to do.
For this case, I’m relatively confident in saying this is a false-positive, but would be crucial to get the quarantine reason from these cases so a couple of questions:
- I assume you are running on Windows?
- Does the AVG have any corporate rules set or is it “out-of-the-box”?
- Can you share details on what AVG reported as the reason for the quarantine?
- Can you share the
conda.yaml of your robot so that we can reproduce the same environment?
python.exe in question (along with a number of binaries and executables) are loaded from conda-forge and/or PyPI. The possibility for that
python.exe actually containing malicious parts is highly unlike as only the Python organization releases can end up in conda-forge channels. The executables in the virtual isolated environment are not signed and they pretty much cannot be due to relocation so that is my first guess at why the file got flagged.
Adding bigger exclusions via whitelisting needs to be done with care as you can pretty much add anything in PyPI to your environment dependencies (
conda.yaml) so having an antivirus scanning the incoming stuff is a good thing to have.
Basically, a sizable chunk of the data science community is working on top of anaconda and conda-force technologies that we use, so a bigger hit from virus scanners will quite quickly hit a big community so any heads-up on these is key… especially if the hit is to the very core block like python itself.