mLipok Posted September 26, 2019 Posted September 26, 2019 3 minutes ago, JLogan3o13 said: @Mobius Just curious, if you were one of the big AV companies - how would you police and decide who is a hobbyist and who is not, so that you could apply different levels of response logic? IMHO: By allowing local admin to add a certificate to trusted zone (on central AV admin console). And if APP Dev is using the same certificate for CodeSigning then such EXE file should be always treated as SECURE. But did you ever seen any AV Software which has a feature to add a certificate to trusted zone? Signature beginning:* Please remember: "AutoIt"..... * Wondering who uses AutoIt and what it can be used for ? * Forum Rules ** ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Code * for other useful stuff click the following button: Spoiler Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API * ErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 * My contribution to others projects or UDF based on others projects: * _sql.au3 UDF * POP3.au3 UDF * RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF * SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane * Useful links: * Forum Rules * Forum etiquette * Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * Wiki: * Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX IE Related: * How to use IE.au3 UDF with AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler * IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related: * How to get reference to PDF object embeded in IE * IE on Windows 11 * I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions * EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *I also encourage you to check awesome @trancexx code: * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuff * OnHungApp handler * Avoid "AutoIt Error" message box in unknown errors * HTML editor * winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/ "Homo sum; humani nil a me alienum puto" - Publius Terentius Afer"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming" , be and \\//_. Anticipating Errors : "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty." Signature last update: 2023-04-24
Mobius Posted September 26, 2019 Posted September 26, 2019 32 minutes ago, JLogan3o13 said: @Mobius Just curious, if you were one of the big AV companies - how would you police and decide who is a hobbyist and who is not, so that you could apply different levels of response logic? To be honest I thought the sole purpose/concern of an antivirus company would be to ascertain what is malicious vs that which is not, and not just to green light those willing to pay and red light those that are not or cannot. Hobbyist vs not should not concern them in the least. It is worth noting looking back at the early origins of digital signatures, malicious application developers were one of the biggest buyers so the point of recommending digital signatures seems a bit flat to me.
Earthshine Posted September 26, 2019 Posted September 26, 2019 (edited) so, you have zero ideas of how to implement it. So, you can stop complaining in other words. i wish this thread would get locked. I had an issue, I went to MS and had them whitelist my autoit apps, no more issues. Edited September 26, 2019 by Earthshine My resources are limited. You must ask the right questions
Mobius Posted September 26, 2019 Posted September 26, 2019 1 minute ago, Earthshine said: so, you have zero ideas of how to implement it. So, you can stop complaining in other words. i wish this thread would get locked. I had an issue, I went to MS and had them whitelist my autoit apps, no more issues. "ascertain what is malicious vs that which is not" There is my idea of implementing a model that works in plain english, not your strong point huh? <(rhetoric)
Earthshine Posted September 26, 2019 Posted September 26, 2019 HAGHAHAHAHA, and how are they to do that? do you think they have unlimited resources? You get ignored now. My resources are limited. You must ask the right questions
Mobius Posted September 26, 2019 Posted September 26, 2019 2 minutes ago, Earthshine said: HAGHAHAHAHA, and how are they to do that? do you think they have unlimited resources? You get ignored now. It's called reverse engineering, but I suppose ignorance IS bliss for some, no offense intended in my statements but yet there is always one.
Moderators JLogan3o13 Posted September 26, 2019 Moderators Posted September 26, 2019 41 minutes ago, Earthshine said: so, you have zero ideas of how to implement it. So, you can stop complaining in other words. i wish this thread would get locked. I had an issue, I went to MS and had them whitelist my autoit apps, no more issues. Not sure why you: A: think this post would be locked just because you don't like the content and B: don't move along if you don't like said content rather than ranting. I think you're getting your underwear in a twist over nothing. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
iamtheky Posted September 26, 2019 Posted September 26, 2019 (edited) 43 minutes ago, Mobius said: "ascertain what is malicious vs that which is not" so even if you look to something like cylance, where its 'pure math' there are still decision trees it has to follow (and that inexplecibably ended at a file size limit in their last reported bypass) and thresholds that breed false positives. There is no magic bullet, and as long as you write small scripts that are 99.8% the same as every other autoit dropper ever, you will need to get your hashes whitelisted. And that process is pretty easy these days, just need to work audit and exclusion tasks into the gantt for your project. Edited September 26, 2019 by iamtheky bad grammar, the worst. ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
Musashi Posted September 26, 2019 Posted September 26, 2019 (Aside from the dispute that is currently taking place) Just my personal experiences :Q : Is a quality certificate beneficial ? A : Yes (in the vast majority of cases) Q : Does it make sense to report 'false positives' to the antivirus companies ? A : Yes (most of the problems will be solved within a few days) As @iamtheky already wrote : There is no magic bullet. I always find it somehow irritating, that people easily pay $1000+ per year for their mobile phone but getting a heart attack if they have to spend $200 on a good certificate. (a bit off topic)What concerns me more from a privacy point of view is : The development goes increasingly in the direction of real-time cloud protection services. You can still disable this feature (at the moment), but my trust in this approach is rather low. From a technical perspective this might be great, but we all know what will happen to our personal informations . Earthshine 1 "In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."
BrewManNH Posted September 27, 2019 Posted September 27, 2019 BTW, I would never implicitly trust a self-signed certificate, and neither should ANY AV company. If it doesn't come from a reputable certificate issuer, then it's not worth the metaphorical paper it's written on. Just because someone with Admin rights has installed such a cert (self-signed) doesn't mean that the cert in question is secure, in any way shape or form, it just means someone that has admin credentials installed it. Earthshine 1 If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator
spudw2k Posted September 30, 2019 Posted September 30, 2019 On 9/27/2019 at 8:45 PM, BrewManNH said: doesn't mean that the cert in question is secure Minor nit pick here: The issue isn't no so much that a self-signed cert isn't secure, but whether or not the issuer of a cert is trustworthy. Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF
tcurran Posted October 1, 2019 Posted October 1, 2019 To reaffirm some of what's been said before: Try compiling... with UPX off with compression set to Low or Lowest/Off launching the 64-bit version of the exe. Sometimes this will work when the 32-bit will not One of the above or some combination of them will very likely work for you.
Jokerman Posted October 1, 2019 Posted October 1, 2019 10 minutes ago, tcurran said: To reaffirm some of what's been said before: Try compiling... with UPX off with compression set to Low or Lowest/Off launching the 64-bit version of the exe. Sometimes this will work when the 32-bit will not One of the above or some combination of them will very likely work for you. To add on to this - if the first version you compile gets flagged try adding a new comment line, or edit an existing one, and compile again. Or add a new unused variable (which you can then comment/uncomment in future attempts at bypassing the AV filter). I've found that changes as small as these can cause a compiled exe to miraculously no longer be flagged. YMMV.
iamtheky Posted October 1, 2019 Posted October 1, 2019 That is indeed a thing, I might have scripts in the wild with some commented out Lorem Ipsum and Beowulf 🙋♂️ It has been years though, I really havent had a problem with the newer enterprise AVs. Jokerman 1 ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
bowain Posted October 1, 2019 Posted October 1, 2019 On 9/27/2019 at 6:45 AM, BrewManNH said: BTW, I would never implicitly trust a self-signed certificate, and neither should ANY AV company. If it doesn't come from a reputable certificate issuer, then it's not worth the metaphorical paper it's written on. Just because someone with Admin rights has installed such a cert (self-signed) doesn't mean that the cert in question is secure, in any way shape or form, it just means someone that has admin credentials installed it. My approach was meant more for in a work around in my corporate environment and not for public. If I were to distribute anything I code I would indeed buy a cert. And as you emphasize this will not work outside as it is a self signed cert. I have had to whitelist most of my apps on my home lab as the AV here flags them. Mainly the older ones that were not signed and complied with UPX. I'm not sure if that is why or not.
BrewManNH Posted October 1, 2019 Posted October 1, 2019 4 hours ago, bowain said: My approach was meant more for in a work around in my corporate environment and not for public. But it shouldn't work with a self-signed exe, the AV companies shouldn't be accepting them as valid proof you're not sending viruses around was my point. There's no reputation behind a SSC, it's just you saying "hey I swear I'm not encrypting everyone's files because I signed my exe." Mobius 1 If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator
bowain Posted October 1, 2019 Posted October 1, 2019 @BrewManNH This is just white listed on the corporate rules, not by the AV company. Corporate created the cert on an in house CA so we know we can trust it on the corporate machines. This would never, should not ever and will not ever be used outside of our environment. As I said if I wanted to go beyond out corp area I would buy a cert from a recognized CA.
BrewManNH Posted October 2, 2019 Posted October 2, 2019 That does make sense, I guess I was looking at it in a more general view. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator
Jokerman Posted November 21, 2019 Posted November 21, 2019 (edited) @stephensmith You may want to have a look at the Forum Rules post - specifically the 4th bullet point. Most things about games are specifically off-limits on these forums so think carefully before bringing them up. 😉 Edited November 21, 2019 by Jokerman Somehow posted before I hit submit
Moderators JLogan3o13 Posted November 21, 2019 Moderators Posted November 21, 2019 On 11/3/2019 at 1:58 PM, stephensmith1211 said: I don't know much about this. Just one thing to ask, can it affect my rom file downloaded from https://garoms.com/pokemon-black/ to play pokemon game? Jokerman is quite right, @stephensmith1211 this forum does not support game automation questions in any form. Please familiarize yourself with the rules before continuing to post. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now