Developers Jos Posted August 8, 2018 Developers Posted August 8, 2018 52 minutes ago, bdr529 said: why are there different results? No idea but you really need to read and try to understand the first post in this thread! Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
AutoBert Posted August 8, 2018 Posted August 8, 2018 Ask the developer of the av-scanner, and tell them also it's a false positive.
bdr529 Posted August 8, 2018 Posted August 8, 2018 I'm sorry but I do not write in English I need to google translator it is strange that you get different results from different versions of the same software (Aut2exe.exe and Aut2exe_x64.exe) To community goes all my regards and thanks
Developers Jos Posted August 8, 2018 Developers Posted August 8, 2018 No it is not as it all depends how the AV company made it's signature., so contact them for support as this is the wrong place! Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
timmy2 Posted November 17, 2018 Posted November 17, 2018 Two apparent false positives. Probably unrelated. No action requested here, but I figured I should document them in case others encounter these issues. Please know that I'm posting this after submitting a false positive report to MalwareBytes and Microsoft for Defender. First, I installed AutoIt (v3.3.14.5 according to the associated Help file title page) on a W10 virtual machine (Windows ver 1803 (17134.407). I could not compile or even syntax check my AutoIt script because Defender kept blocking it. Defender cited this file: C:\Users\(my username)\AppData\Local\AutoIt v3\Aut2exe\autAB90.tmp.exe. Said it's infected with Trojan:Win32/Zpevdo.A (Alert level: Severe). Defender popped up a window I've never seen before about some new feature they've added. I was too interested in testing my script idea to explore this anomaly so I just told Defender to exclude C:\FGCDIR. (come to think of it, where did that folder come from!?! Now that I have a moment I'll investigate) Second, on my production machine, using AutoIt 3.3.14.2, I've hit a snag with Malwarebytes Premium quarantining anything I compile if I include GuiEdit.au3, citing a threat named "MachineLearning/Anomalous.100%".
Developers Jos Posted November 17, 2018 Developers Posted November 17, 2018 10 minutes ago, timmy2 said: (come to think of it, where did that folder come from!?! Which folder? 10 minutes ago, timmy2 said: C:\Users\(my username)\AppData\Local\AutoIt v3\Aut2exe As already explained ample times, this directory should be excluded from AV scanning as the compiler activity often gives issues with AV activated. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
timmy2 Posted November 17, 2018 Posted November 17, 2018 C:\FGCDIR 22 minutes ago, timmy2 said: ... so I just told Defender to exclude C:\FGCDIR. The only reason I know this is because when I looked in Defender's Allowed Threats that folder was excluded on the same date that the threat was detected. Interesting that excluding the threat did not exclude C:\Users\(my username)\AppData\Local\AutoIt v3\Aut2exe\ but excluded this oddball folder. I apologize for lack of detail. To me it was just another "what fresh hell is this?" moment. Thank you for the heads-up about the AutoIt folder that should be excluded. Despite having used AutoIt for a fairly long time, albeit sporadically, I missed that memo.
Developers Jos Posted November 17, 2018 Developers Posted November 17, 2018 20 minutes ago, timmy2 said: The only reason I know this is because when I looked in Defender's Allowed Threats that folder was excluded on the same date that the threat was detected. Interesting that excluding the threat did not exclude C:\Users\(my username)\AppData\Local\AutoIt v3\Aut2exe\ but excluded this oddball folder. I apologize for lack of detail. To me it was just another "what fresh hell is this?" moment. No clue what directory FGCDIR has to do with the compile of your script unless you have files in there the script has an FileInstall() for. A quick search gave this info, but obviously don't know if that is also in your case: Quote What is the FGCDIR folder? Does anyone know what the FGCDIR folder is for and whether it or any of its contents can be safely deleted? ----- Answer -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Remants of Virtual Sandbox and Fortes Grand antispyware / antimalware. Don't remove it if you are using that sofware. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
timmy2 Posted November 17, 2018 Posted November 17, 2018 I did indeed test Fortres Grand's Clean Slate several days ago so that explains the presence of the folder. They probably added their folder to Defender's exclude list, and it just so happened that that was the same day I installed AutoIt and discovered that Defender blocked compiling, syntax checking, etc. I definitely could not make any progress with AutoIt until I told Defender to do something (exclude, ignore, whatever), but I no longer recall what I did, and for that I apologize. Maybe if I find the time I'll revert the VM, install AutoIt, and try again. This was more of an observation in case others experience it, prompted mostly by Malwarebytes blocking me today -- a few days after the Defender issue. Coincidence I guess. Thank you!
timmy2 Posted November 18, 2018 Posted November 18, 2018 Excluding C:\Users\(my username)\AppData\Local\AutoIt v3\Aut2exe in Windows Defender solved the problem of Defender halting a Build.
nbarrosuriburu Posted February 23, 2019 Posted February 23, 2019 Hello, I'm new in autoit, but have some experience scripting on python, lisp, batch, also programming macros on office and stuff alike. I become interested on Autoit because of a recent virus in my pc: i found an exe presumably compiled by autoit v3.1 that seemed to try to access to the keyboard (some kind of keylogger) and the package had some measures so it would be hard to delete: the application was in startup also was autoit v3 script. in the folder there were four files with .txt or .etc: were compiled scripts, surely, named wrong for hide purpose. I don't know exactly how I was infected but have some ideas since my pc is used by 2 other people more and they are very basic pc users, maybe they were navigating and some shit they downloaded and opened it. I found the source, change in regedit so wouldn't continue protecting itself and eliminate them finally. I'm convinced that the main reason of the false positives you call is because of malwares that use autoit. The virus found this time has 3 folders, in "c:\desktop" and some numbers just to camouflage, in "c:\ProgramData\Autoit" and in "c:\Program Files\" and a folder in hex , the name of the malware was in hex too. in each folder 4 files, on with some hexnumber .exe, shell.txt (but was some compiled program, by trying read it), autoit.exe and dump.doc (another compiled program) it was on those places most of it so the c:\ProgramData\Autoit would not be eliminated. a program running copied the files if there weren't there, controlling minute by minute, by copying from one of the safe places. Also in registry there were some calls to the program and the autoit.exe in the common places so it run at start. I couldn't find the original package downloaded from internet probably some zip file or some vbe script. the autoit.exe file it seems it is the same as Autoit3.exe interpreter to run compiled .a3x (shell.txt and dump.doc probably were .a3x renamed for camouflage) since autoit.exe has digital signature, i feel intrigued about this and started look around about autoit, and here I am. Well, just for all of you to know. Nicolas
Moderators JLogan3o13 Posted February 23, 2019 Moderators Posted February 23, 2019 @nbarrosuriburu everything you state above is well known to the community. You are finding that, like other languages such as python, no one can control what a few bad apples choose to do with it. All we can do is keep the forum as free of that kind of stupidity as possible, to protect the reputation of the language. That is why you will see the forum rules specifically forbid things such as keyloggers, game bots, security measure bypasses, etc. Skysnake, Somerset and mLipok 1 2 "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Somerset Posted February 23, 2019 Posted February 23, 2019 Some of those "false positives" will even be reported to you as .au3 extensions, not just binary files alone.
Guest Posted March 31, 2019 Posted March 31, 2019 (edited) Breaking News: You may not have problems only with AVs! Google itself & google chrome may block your website and any autoit you download even if the file is 98% clean according to VirusTotal. There is nothing you can do if you get f** by google because it turns out that the f***s are not going to support you. Edited April 2, 2019 by Guest
Developers Jos Posted April 1, 2019 Developers Posted April 1, 2019 7 hours ago, gil900 said: Breaking News: You may not have problems only with AVs! Google itself & google chrome may block your website and any autoit you download even if the file is 98% clean according to VirusTotal. There is nothing you can do if you get f** by google because it turns out that the f***s are not going to support you. Nothing breaking about that and don't tell me I didn't warn you! You should NOT include compiled scripts in your distribution and for sure not use UPX compression as that can get you flagged. We had the same here when the SciTE4AutoIt3 installer got flagged. Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Guest Posted April 2, 2019 Posted April 2, 2019 By saying, "not distribute" you mean to be open source? I am considering to make it open source and make the website to block google products. I dont think that I am the one that did something wrong.. Google did something wrong probably because if you scan it on VT you will get 2/80 detections. I may be stupid but not wrong. So as I see it, it is very right thing to block google products. They did a lot of things wrong. For example I got no notification that website was blacklisted for a whole month Google are not god, they also wrong sometimes. I accept mistakes, but the way I got support, the way their "safe browsing" works... it is too much bad. So I will for sure block any google chrome browser with notification why it was blocked. Sorry for that the talk is being out of scope of the thread
Developers Jos Posted April 2, 2019 Developers Posted April 2, 2019 Venting is fine but not going to solve your problems. I have solved our problems against this issue by simply not providing any compiled script but rather ony the source which is run by the official and signed AutoIt3.exe. As simple as that! Jos SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Guest Posted April 2, 2019 Posted April 2, 2019 50 minutes ago, Jos said: Venting is fine but not going to solve your problems. I have solved our problems against this issue by simply not providing any compiled script but rather ony the source which is run by the official and signed AutoIt3.exe. As simple as that! Jos I finished to do my logic calculations and I will 1) use github to host it with the source code and compiled exe under license https://creativecommons.org/licenses/by-nd/3.0/ 2) Work on the Microsoft Store version of the app 3) Keep selling it as it is 4) Consider to blacklist google chrome browser on the offical website
Skysnake Posted May 19, 2019 Posted May 19, 2019 I have recently experienced Windows Defender identifying Inet includes (downloaders) as a variety of trojans. Just saying. Skysnake Why is the snake in the sky?
eagle4life69 Posted June 24, 2019 Posted June 24, 2019 On 5/19/2019 at 3:41 AM, Skysnake said: I have recently experienced Windows Defender identifying Inet includes (downloaders) as a variety of trojans. Just saying. I have been fighting Windows Defender on the enterprise level trying to get it to stop blocking my programs. Doesn't matter if I have Upx on or off... Its getting old quick, I think to many bad guys are using Autoit... I need to figure out how to digital sign my programs to see if that allows them...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now