Developers Jos Posted March 20, 2018 Developers Posted March 20, 2018 17 minutes ago, Sergeant_Shultz said: Open to suggestions. Other than this list in the first post?: There isn't too much we can do from our side but we are always open to suggestions. Jos Draygoes 1 SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Sergeant_Shultz Posted March 27, 2018 Posted March 27, 2018 Does this mean you are abandoning support or I didn't provide enough information?
Moderators JLogan3o13 Posted March 27, 2018 Moderators Posted March 27, 2018 It isn't a matter of "abandoning support". The AutoIt team cannot control the false flags created by various AV companies. That is the point of this entire thread - of you are receiving false positives there is a method for reporting this to the AV company. BTW I answered the same way in your email, and would clarify that you didn't "receive no response" in this thread, just not the one you were wanting. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Sergeant_Shultz Posted March 27, 2018 Posted March 27, 2018 Thank you. I was being through. I deal with people who lie, so it really reflects well that you got back to me so fast. Thanks again.
Moderators JLogan3o13 Posted March 27, 2018 Moderators Posted March 27, 2018 (edited) Why would anyone lie to you? Your response makes no sense to me (not to mention being insulting). Edited March 27, 2018 by JLogan3o13 "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Sergeant_Shultz Posted March 27, 2018 Posted March 27, 2018 People do. Im also kinda dumb. Like I said, it reflects well. Thanks again!
cal Posted April 23, 2018 Posted April 23, 2018 Arg. Windows has gone nuts this weekend and declared all my compiled programs to be infected. Bad Microsoft Bad.... ok Rant over. I feel better. Guess I need to install the full autoit for a coworker who needs my apps right now. Its a bit frustrating when both my home machine and work machine delete stuff the moment I compile it. I could ignore the dir but I'd rather not do that. I've always just used the defaults when compiling. Is there something I can change to hopefully prevent the false positive. I've had this happen a few times but never to this extent. Found the microsoft page to submit false positives. I'll do that. Just wondering if I have any options for now on my side.
iamtheky Posted April 23, 2018 Posted April 23, 2018 (edited) care to post the compiler flags you are using, and if it is defender what are the existing exclusions? There is some due diligence to be exercised by the author and user before you need to include the vendors. Edited April 23, 2018 by iamtheky ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
cal Posted April 23, 2018 Posted April 23, 2018 Right.... Thats what I'm asking about. Current is default. Right click and compile. That is it. I do not have any compile instructions in the au3. No exclusions. At least not before today. I have excluded this one exe now on one coworkers computer to get it working. I was going to install auto it but I have a few custom includes both from here and of my own. I did not feel like replicating my file structure elsewhere and then having to maintain it. Its not excluded on mine. I run the au3 anyhow. And I want to see if there is something I can do to help prevent the false positive. I have not submitted anything yet to any vendors. If its something I can change about they way I'm doing my compile then I'm happy to test that out first. Hence my post.
iamtheky Posted April 23, 2018 Posted April 23, 2018 (edited) 57 minutes ago, cal said: I do not have any compile instructions in the au3 so playing with compiler flags will probably start to vary results, especially the recommendations throughout this thread. Edited April 23, 2018 by iamtheky ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
eliass123 Posted May 23, 2018 Posted May 23, 2018 Hey, I've already seen the sticky thread on autoit virusses but the first post doesn't mention windows defender and the thread is quite inactive so I made a new one. I tried sending a simple keycombination to a program when my pc starts using 1) task scheduler and then 2) windows autostart folder. In both cases it's detected as a virus. I also tried adding the files as exeptions to windows defender while they were in their original folder, the autostart folder and I chose the .exes as well as the .au3s I also tried to add an exeption using the process name you can find on the task manager. (Tried to type in the name with .exe as well as without) I also changed the properties of the scripts so that they are started as an administrator. My script looks like this Sleep(15000) ControlSend ( "OBS 21.1.0 (64bit, windows) - Profil: Unbenannt - Szenen: Unbenannt", "", "[CLASS:Qt5QWindowIcon; INSTANCE:1]", "+{f8}" ) please help me... those guys from microsoft are mental Bilgus 1
Bilgus Posted May 23, 2018 Posted May 23, 2018 I think its this.. ControlSend ( "OBS 21.1.0 (64bit, windows) - Profil: Unbenannt - Szenen: Unbenannt", "", "[CLASS:Qt5QWindowIcon; INSTANCE:1]", "+{f8}" ) Should be ControlSend ( "OBS 21.1.0 (64bit, windows) - Profil: Tote Pferde, die ich geschlagen habe - Szenen: Unbenannt", "", "[CLASS:Qt5QWindowIcon; INSTANCE:1]", "+{f8}" )
bogQ Posted May 23, 2018 Posted May 23, 2018 So what is stopping you to install avast on your comp that will disable windows defender cos he is running? I had relatively easy time with him and false positive detection. TCP server and client - Learning about TCP servers and clients connectionAu3 oIrrlicht - Irrlicht projectAu3impact - Another 3D DLL game engine for autoit. (3impact 3Drad related) There are those that believe that the perfect heist lies in the preparation.Some say that it’s all in the timing, seizing the right opportunity. Others even say it’s the ability to leave no trace behind, be a ghost.
Moderators Melba23 Posted May 23, 2018 Moderators Posted May 23, 2018 eliass123, Quote I've already seen the sticky thread on autoit virusses but the first post doesn't mention windows defender and the thread is quite inactive so I made a new one. And I have merged it into the sticky thread - we have it for a reason. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area
eliass123 Posted May 23, 2018 Posted May 23, 2018 1 hour ago, bogQ said: So what is stopping you to install avast on your comp that will disable windows defender cos he is running? I had relatively easy time with him and false positive detection. avast didn't work but I used regedit to permanently disable windows defender #imoneofthehardones
iamtheky Posted May 23, 2018 Posted May 23, 2018 (edited) Did you turn upx off? The fewer lines your code has, the more it matches malware sigs. Your script, to a robot, shares 99.999% of its code with other verified malicious compiled .au3s. Its best to not compress it for detection purposes. shell:startup is an awkward place to run interactive scripts from. How about the script in the startup folder consists of one line that runs and exits, calling this script from another location. Or use schedule tasks to create a task that runs on startup + X seconds and simply executes a command like Run(@AutoItExe & ' /AutoIt3ExecuteLine "ControlSend (''OBS 21.1.0 (64bit, windows) - Profil: Tote Pferde, die ich geschlagen habe - Szenen: Unbenannt'', '''', ''[CLASS:Qt5QWindowIcon; INSTANCE:1]'', ''+{f8}'' )"') nuking defender might not be necessary. Edited May 23, 2018 by iamtheky ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
Nomad_RJ Posted June 1, 2018 Posted June 1, 2018 (edited) I had a file being tagged as "Trojan:Win32/Tilken.B!cl" by Windows Defender on Windows 10, with "severe" risk. This was the only false positive among several of my scripts, so I decided to investigate the code... Found out this particular script had "#pragma" directives, something I don't use anymore for quite a long time. So I replaced them with "#AutoIt3Wrapper" directives, recompiled and voilá, no more warnings on Windows Defender! I have no idea the reason why, but this is definitely worth checking... PS: It seems like UPX is unchecked by default by Autoit3Wrapper PS2: Using version 3.3.14.2 Edited June 1, 2018 by Nomad_RJ
careca Posted June 3, 2018 Posted June 3, 2018 (edited) My player is being killed by windows defender, got other programs that weren't flagged, lines and compile method is the same, im confused. #Region ;Wrapper #AutoIt3Wrapper_UseUpx=n #AutoIt3Wrapper_UseX64=n #AutoIt3Wrapper_Run_Tidy=y #AutoIt3Wrapper_Res_SaveSource=y #AutoIt3Wrapper_Run_Debug_Mode=n #AutoIt3Wrapper_Icon=BPlayer.ico #pragma compile(CompanyName, 'careca') #pragma compile(x64, false) #pragma compile(UPX, False) #AutoIt3Wrapper_Res_Comment=By: Careca #AutoIt3Wrapper_Res_Icon_Add=BPlayer.ico #AutoIt3Wrapper_Res_Description=Audio Player #AutoIt3Wrapper_AU3Check_Parameters=-d -w 1 -w 2 -w 3 -w- 4 -w 5 -w 6 -w- 7 #EndRegion ;Wrapper EDIT: after i submitted the file to windows defender support, they un-flagged it from the system for the future. Edited June 3, 2018 by careca Windows defender support unflagged the file. Spoiler Renamer - Rename files and folders, remove portions of text from the filename etc. GPO Tool - Export/Import Group policy settings. MirrorDir - Synchronize/Backup/Mirror Folders BeatsPlayer - Music player. Params Tool - Right click an exe to see it's parameters or execute them. String Trigger - Triggers pasting text or applications or internet links on specific strings. Inconspicuous - Hide files in plain sight, not fully encrypted. Regedit Control - Registry browsing history, quickly jump into any saved key. Time4Shutdown - Write the time for shutdown in minutes. Power Profiles Tool - Set a profile as active, delete, duplicate, export and import. Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes. NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s. IUIAutomation - Topic with framework and examples Au3Record.exe
Developers Jos Posted July 13, 2018 Developers Posted July 13, 2018 (edited) 1 minute ago, jonasmehler46 said: Much obliged JS, does anyone have something else to include before I bolt this? nah... go ahead and bolt your stuff! Edited July 13, 2018 by Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
bdr529 Posted August 8, 2018 Posted August 8, 2018 I'm sorry but I do not write in English I need to google translator my first very simple script (autoit 3.3.14.5) #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Outfile=simple_32bit_3-3-14-5.exe #AutoIt3Wrapper_Outfile_x64=simple_64bit_3-3-14-5.exe #AutoIt3Wrapper_Compression=0 #AutoIt3Wrapper_Compile_Both=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** msgbox(0,0,0) this is the virustotal result of the 32-bit versionhttps://www.virustotal.com/#/file/000a78b60fd3f9e3e5c0d27ba7d10914fb34972cb6babfe331ba57d4e2f3ba3e/detectionthis is the virustotal result of the 64-bit versionhttps://www.virustotal.com/#/file/15ab96e9c663db258f36696f0cba61788d0d91ba2229bd5066a057abd16a9603/detection my second very simple script (autoit 3.3.14.2) #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Outfile=simple_32bit_3-3-14-2.exe #AutoIt3Wrapper_Outfile_x64=simple_64bit_3-3-14-2.exe #AutoIt3Wrapper_Compression=0 #AutoIt3Wrapper_Compile_Both=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** msgbox(0,0,0) this is the virustotal result of the 32-bit version https://www.virustotal.com/#/file/7961c6b6a6dd492c2bcf36f45a07c81394c57d7b84775c84d448aa382233e82a/detection this is the virustotal result of the 64-bit version https://www.virustotal.com/#/file/5a65f4837ceea5a2e3387de9a69a773759dbe4a1b591a9ddf0ec8d0f0e559af5/detection why are there different results? To community goes all my regards and thanks
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now