Python app detected as virus by defender after addition of classes

Question

Not too long ago I changed a lot of my code around in my project to use classes. I'm fairly certain that ever since I did switch to classes. The program is now identified as a virus by windows defender. Prior it was not. I have an old build from last month that is not destroyed by windows defender.

Is there any way I can identify what exactly in my code is causing windows defender to detect it as a virus? I'm using auto-py-to-exe to build the program. I unfortunately do not have much of a record of previous versions of the application. Aside from an old build.

This is a VirusTotal report of the current build. This is the old build. The difference is specifically:

Answer 1

So it seems that in my prior code versions. I was importing sys and os from customtkinter. The library packed with custom tkinter doesn't trigger windows defender from what VirusTotal says.

In my later version. I was solely importing sys and os by themselves. Changing back to importing from customtkinter solves the issue.

I'm not 100% yet but I'm fairly certain that using sys from pip is causing the issue. Using sys and os included from customtkinter and the application is not deleted by windows defender.

It seems it is specific to the os library. Specifically using the following and it does not show up as a false positive in defender.

import sys
import customtkinter as ctk
from customtkinter import os