Intel Name: Python path configuration file creation – windows
Date of Scan: March 19, 2025
Impact: Medium
Summary: Detects the creation of a Python path configuration file (.pth) in library directories, which can be exploited for code execution and persistence. These files reference modules that execute automatically at every Python startup (v3.5+), even if not explicitly imported. Default locations include \lib\site-packages\*.pth on Windows and /lib/pythonX.Y/site-packages/*.pth on Unix and macOS.
