pyinstaller false positives

[DPaul]

An executable produced by pyinstaller is automatically removed by my Norton antivirus.
I know this has been adressed by Buran (some time ago) and multiple sites offer the same
suggestion i.e. "compile a pyinstaller bootloader"... ? to counter false positives.
2 questions:
1) This happened overnight, 2 days ago I was happily using pyinstaller with no warnings.
Is it known what triggers this behaviour ?
2) The name of the "detected" "virus" is "Heur.AdvML.B" .
Why shouldn't I feed that to the exclusion list of Norton, looks kiss to me.
Or... some people suggest to pip install an older version of pyinstaller ?
thx,
Paul

[DPaul]

I found that I can restore the executable from Norton quarantine.
Scan it again with Norton, finding nothing this time.
Feed it to virusTotal, where 2 of the 50 detect a Trojan.
Each one a different Trojan.(?)
Much ado about nothing ?
Paul

[carecavoador]

It is a known issue. As you could see, there are numerous different approaches to "solve" it. But ultimately it relies on the anti virus companies to "green flag" these executables so they don't get quarantined. To my knowledge, the best we can do is to report these events as false positives and hope for a fix in the future.