Compiled exe files getting deleted in other machines

[DJ143]

I have autoit in my machine and generated a exe file so that it can be copied to any other machine and run the application (.exe) file easily without installation of AutoIT in other machine.

Issue: whenever I copy the file to other machine it gets deleted. Giving an error that "you do not have permission to access this".

Is this due to the AV like symantec/McAfee?

Please help me on this on how I can overcome.

Edited December 11, 2018 by DJ143

[Aelc]

you tried to unload McAffee and copy it?

what maschine u use

what os u use

Edited December 11, 2018 by Aelc

[DJ143]

Thank you for responding.

Windows os. The machines are either with Symantec or McAfee. I cannot unload the AV as I do not have admin rights.

[Danny35d]

I have the same issue at my work.  Now I'm using digital sign tool to add a certificate to my script and the antivirus won't deleted.

 

https://www.autoitscript.com/forum/topic/186971-digital-sign-tool/?tab=comments#comment-1342693

[Jos]

2 hours ago, DJ143 said:

Is this due to the AV like symantec/McAfee?

Please help me on this on how I can overcome.

Guess that is something only you can check. Also have a look at the sticky topic:  

 

Jos

[TheSaint]

I haven't done this yet myself with any of my programs, but I recall TheDcoder uploaded his ProxAllium program to some AV the other day and they changed the flag so no longer recognized as malicious or suspect.

Generally though, I just set an exception in my AV and or advise others to as well.

[TheDcoder]

8 minutes ago, TheSaint said:

but I recall TheDcoder uploaded his ProxAllium program to some AV the other day and they changed the flag so no longer recognized as malicious or suspect.

I did for Microsoft Defender and they pretty quickly unflagged it after analysis, but I don't think this is relevant to OP's original question/issue.

@DJ143 Your best option is to ask your system administrator to add an exception, or you can try to report the false positive to whatever AV you use. If I understand correctly, the AV isn't actively interfering (by showing an alert or deleting the file), so it may not be related to anti-virus at all. Please verify the issue and let us know in order to help you.

Edited December 11, 2018 by TheDcoder

[BigDaddyO]

I gave up on using compiled .exe's at my company.  I now compile as .a3x

Save AutoIt3.exe and the .a3x to the same location and create a shortcut to the AutoIt3.exe passing the .a3x file as a switch to launch.

 

[DJ143]

@BigDaddyO Can you please explain on how I can do this? since cannot use any third party tools for adding signature/certificate.

[BigDaddyO]

When you compile a script with the Scite: Tools > Compile

There is a option in the first tab for Output Type:  Select A3X

the Target file, specify your file name as whatever.a3x

Then click compile.

You will need to copy the AutoIt3.exe into the same location as the .a3x to easily launch it.

Simply create a shortcut to the AutoIt3.exe, then edit the shortcut to add the .a3x file as a command line switch.

You could also change the icon for the shortcut if you want your users to easily identify the application.

Then, all you need to do is double click the updated shortcut to launch

 

I also noticed when I started using the .a3x that the icon is the same as .au3, so I threw together a quick reg-edit to update the icons for .a3x on my computer

Change default Icons for a3x files on your system

[DJ143]

To prevent this I did the following:

You need to have following Applications/exe files from MS Visual Studio SDKs. You can also copy these files from some other machine where Visual studio has been installed

1. CertMgr

2. makecert

3. signtool

 

open the command prompt and change the directory to the folder where you have all these files. Then give the following commands:

1. makecert -r -pe -ss sampleCertName sampleCertName.cer

This command will create certificate 

2. CertMgr -add sampleCertName.cer -s -r <localMachine/currentUser> root

This will add your created certificate to the store

3. signtool sign /s sampleCertName application.exe

the stored sertificate with name "sampleCertName " will be sign digitally to your exe file.

 

Note: for some antivirus you need compile and build your exe files using UPX in AutoIT2exe then need to follow these steps.

 

 

[Earthshine]

you do NOT want to use UPX compression. Defender just flagged one of my installer tools.

[TekWeis]

My security officer is now requesting I use something else instead of Autoit. Powershell just doesn't cut it, but since Autoit is always getting flagged I am told to use something else or make powershell do what I need. If I can easily digitally sign my work, then that may help, but anyone else facing similar issues? Whitelisting in the AV all the time is not going to be acceptable.

 

[TheDcoder]

@TekWeis Use the AutoIt interperter (AutoIt3.exe) to execute your plain text .au3 scripts or compile them to the .a3x format. This way most AV would not falsely flag your scripts as no executable would be associated with them.

[jchd]

6 hours ago, TekWeis said:

My security officer is now requesting I use something else instead of Autoit.

Your "security officer" urgently needs one or more of: brain surgery, basic education, brain software update, getting fired.

(S)he shoots hundreds of ammunitions to anything in sight that shows the slightest move, gets sure the thing is dead, then gets close and shouts "You souldn't have moved!" at the dead body.  I wouldn't have liked to be a fellow soldier of your "genocide officer".

As the lengthy thread already mentionned shows, the culprit is the one who choose an under-par AV (another "security officer" perhaps?), not the employee using AutoIt for the benefit of the company.

Edited August 23, 2019 by jchd

[TekWeis]

@TheDcoder - Thank you. I will try this, and see if I can get approval to use this. Powershell is so frustrating when using something like StringTrimRight() doesn't exist, and takes more steps to accomplish.

 

@jchd - I agree, but this is a publicly held company I work for, and the security officer gets to dictate these things regardless of our opinions sometimes. If there was a paid version of Autoit, that would have some type of commercial license and support, it would more easily get accepted. Sounds weird, but it's what happens in large companies. And, there has been  several articles about AutoIt being used for bad things which raises the flags (Albeit falsely). Doesn't make AutoIT bad at all, but unfortunately I am stuck where I am having a difficult time using the tool that has allowed me to make literally magic happen for years.

I am hoping if I can get these scripts to be digitally signed, this will help, but not sure. Anyone that has or is in my position has some insight would be helpful. Telling my company to educate the security officer or dump an antivirus product knows these things do not happen in large corporations. I know this may be going off-topic slightly, but custom MSI's do not get falsely detected as often and I am looking for any methods to help push my case to continue using AutoIT.

 

 

[jchd]

@TekWeis, I know about all the points your raised.  I'm also perfectly aware that my post was both excessive and questionable humour.

There are a number of contributors to this forum who experience the same issues you mention.  Many contributors also try hard to promote AutoIt in corporate contexts and this is clearly an ongoing effort.

AutoIt reputation is unduly biaised: you can do a lot of bad things as well with almost any language of your choice.  Unfortunately its extremely easy and comfortable to dismiss AutoIt: poor VB editors take very little risk by blindly flagging anything produced by AutoIt as bad, without ever having to actually analyze and characterize real threats potentially hidden inside.

[MarkIT]

This helped a lot with the current issue I am facing with Symantec!!! God bless ya'll.