kckennedy

This script works well for the current user and default user on both XP and Windows 7, but will not get all other pre-existing user profiles. To do that, you would have to make sure all profiles listed in "HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionProfileList" are at least temporarily loaded into the registry (so they can be modified under the HKEY_USERS hive). From what I can tell, in Windows XP you will only see in HKEY_USERS all profiles loaded that have logged in since the last bootup (plus system profiles). In Windows 7, you will only see the current user loaded under HKEY_USERS (plus system profiles)...

I'll try this out - thanks! Looks like you have a typo on the 2nd to last line though (_USUER instead of _USER): ;write to current profile RegWrite("HKEY_CURRENT_USUER" & $keyname, $valuename, $type, $value) ^

You can also troubleshoot this by disabling the "Allow Insight lookups for threat detection (recommended)" option in the client under "Change Settings"; "Client Management"; "Configure Settings" button; Submissions tab.

The Microsoft documentation is wrong. Here is the correct key to exclude a program from PAC: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility AssistantExecutablesToExclude If you use both 32-bit and 64-bit operating systems, you may need to do something like this: If @OSArch = "X86" Then RegWrite("HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility Assistant", "ExecutablesToExclude", "REG_MULTI_SZ", "C:WindowsMyProgram.exe") Else RegWrite("HKEY_LOCAL_MACHINE64SoftwareMicrosoftWindows NTCurrentVersionAppCompatFlagsCompatibility Assistant", "ExecutablesToExclude", "REG_MULTI_SZ", "C:WindowsMyProgram.exe") EndIf

The new 12.1.1101.401 RU1 MP1 version is what we are testing now... The x64-bit install seems to perform fine with no issues on our Windows 7 64-bit machines. It's the x32 install on Windows XP we are having the issue even when compiling without UPX compression in Auto v3.3.8.1. If you go to Client Management settings and turn off their new "Insight lookups" function, the performance problems go away altogether (this is not recommended though - can lead to more false positives). Seems like Symantec could make this work similar between x32 and x64, but when we opened a ticket with them they also suggested doing exceptions. We are looking at that, but this is causing us problems with other executables besides compiled AutoIt scripts.

We found that disabling the "Use Upx" option did not resolve this issue when using AutoIt version v3.3.8.1. However, disabling the "Use Upx" option did resolve the issue for us when we went back and tested with the v3.3.6.1 and v3.3.0.0 versions of AutoIt.