Jump to content

Au3toCmd -- Avoid false virus positives. (Version: 2022.09.01)


Exit
 Share

Recommended Posts

  • 1 month later...

Thanks for your report.
Since the original CMD file works, I assume that there is a problem with the unzipper.
Which unzipper do you use?
Buildin Windows or 7Zip or ...?

Can you please try a simple script?
For example the one-liner:

MsgBox (0, default, "Hello world")

 

App: Au3toCmd              UDF: _SingleScript()                             

Link to comment
Share on other sites

Yes that worked, 

So I tried again, and remembered I cheated a little. When I run the au3tocmd script, it runs au3check.exe", ' -q, and gave me an error. So stubborn me, I removed that line.

So now I restored the line and fixed the error:  I run autoit from beta, so I modified  your script to "$sA3Dir & "\beta\" on several lines. 

Now it created a zip without issues

I extracted the zip again (tried 7zip and builtin windows explorer) ,and run the CMD file. Now it just does seem to run the autoit script at all. (But it does not give a scrambled autoit error either) When running from cmd prompt I get this:

 

test4.png.75af6b2c9acd4cd35e14f96f316889c3.png

The original cmd file gives me: processid = 644 and returnvalue = 0, and than the script starts up normally. 

I will try to extract the datastream with nirsoft AlternateStreamView and see how that goes.

 

I added the zip 

blogt4.cmd.ADS.zip

Edited by MightyWeird
Typos
Link to comment
Share on other sites

  • 1 month later...

Hi Exit
Which is best to convert an exe file to a3x and then run yours
Au3toCmd or running the exe file in your Au3toCmd program?
Which of these options will be the best protection against Avoid false positives?

 

 

Link to comment
Share on other sites

58 minutes ago, Borje said:

Hi Exit
Which is best to convert an exe file to a3x and then run yours
Au3toCmd or running the exe file in your Au3toCmd program?
Which of these options will be the best protection against Avoid false positives?

 

 

I am very interested in this topic. 

Never used the ax3 way only because I think is more vulnerable than a .exe (yes you can decompile... but I wrote password in crypted .ini files and some other tricks..)

In my company we use extensively Autoit EXEs (no a3x), so much that my company agree to  add global virus exceptions to the executables made with autoit.

And executables with FTP/SFTP instructions are always suspect to antiviruses....

But I don't love this approach, and also I want to distribute some executables outside my company (friends.. with other antiviruses)

I am trying this @Exit solution and it's working well, now I am guessing how to deploy my scripts remotely and autoMagically (you have to distribute a .zip, unzip, and first time launch a .cmd, check the existance of the icon...  ) 

Also my concern is about the alternate data stream... Maybe one day the AV (and other security tools we have...) can start to  check also the alternate data stream ... I don't know.... 

Link to comment
Share on other sites

1 hour ago, Borje said:

Which of these options will be the best protection against Avoid false positives?

Hello @Borje, I think that the solution with entering an A3X file is better than entering an EXE file, because the "Autoit3.exe" file is accepted as trustworthy by most virus scanners.

19 minutes ago, t0nZ said:

now I am guessing how to deploy my scripts remotely

Hello @t0nZ,, unfortunately the way via a zip file is inevitable, as ADS files cannot be sent via FTP or email.

20 minutes ago, t0nZ said:

Also my concern is about the alternate data stream... Maybe one day the AV (and other security tools we have...) can start to  check also the alternate data stream ...

and that's why I recommended Borje to use the A3X variant.

App: Au3toCmd              UDF: _SingleScript()                             

Link to comment
Share on other sites

First of all : This is not a negative evaluation of the project made by @Exit !

53 minutes ago, t0nZ said:

Never used the ax3 way only because I think is more vulnerable than a .exe (yes you can decompile... but I wrote password in crypted .ini files and some other tricks..)

According to my knowledge, a standalone .a3x file is no different from the variant included in the .exe (experts like @Jos may correct me). Therefore an .a3x file is not more vulnerable at all.

The aspect "alternate data streams" has just been answered by @Exit  while I was writing this post :lol:.

Musashi-C64.png

"In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."

Link to comment
Share on other sites

  • Developers

Correct...  The exe has the same "file" included in the PE header.

Jos

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

  • Exit changed the title to Au3toCmd -- Avoid false virus positives. (Version: 2022.09.01)

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...