I understand what is in the README and that you don't control what virus tool companies do with it, but your Yara rule for PyInstaller seems like it is significantly increasing false positives. These false positives are having a significant impact on open source projects that are just trying to distribute apps for Windows.

We started building the PyInstaller bootloaders using gcc, clang, and MSVC and submitting them to VirusTotal daily. We are getting about 2 false positives for bootloaders your rule doesn't detect, and 9 for the ones your rule does detect.

There is nothing about PyInstaller that makes it malicious software, could you please remove this rule? Thanks!

I support you. I also need check barbtblaze rules one day.

Also please look: https://github.com/bartblaze/Yara-rules/blob/master/README.md#help-a-generic-rule-is-hitting-my-software

Yup, as I mentioned, I read the README. I understand that the rule is just information, unfortunately that information is having a negative impact on us trying to ship open source software.