quickbeam Posted December 3, 2019 Posted December 3, 2019 On 8/23/2019 at 8:47 AM, bowain said: I had my work create a signing cert which I sign all my code with. I have a batch set up that is run after the compilation to do the signing. The cert is recognized by the AV and that way I don't have to whitelist each exe. I do a lot of revisions and complies to test things so whitlisting hashes is a hassle. Also some remote devices don't update as they should so this eliminates that issue as well. Does a certificate really guarantee your app won't get flagged? We have a client that says our app was getting quarantined, so we signed it with Entrust CA. Apparently Windows Defender is still flagging it, but now at least he gets an option to run it anyway. There's a little bit of an English issue, but we're going to set up a laptop here with the same version of MS Windows Defender and see if we can duplicate it in-house. FossCoder 1
iamtheky Posted December 3, 2019 Posted December 3, 2019 (edited) 29 minutes ago, quickbeam said: Does a certificate really guarantee your app won't get flagged? No, it has zero effect, not even what certs are for. certificates verify the author (not that the file is certified clean), its the code equivalent of a pretty cursive signature. **That being said, you can whitelist things in your Enterprise AV based off any value. Cert is as valid a value in that sense as any other. Edited December 3, 2019 by iamtheky quickbeam 1 ,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-. |(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/ (_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_) | | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) ( | | | | |)| | \ / | | | | | |)| | `--. | |) \ | | `-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_| '-' '-' (__) (__) (_) (__)
sebrauf Posted December 13, 2019 Posted December 13, 2019 Kaspersky flagged as virus one program I did. I emailed them and they fixed it for the following updates Neutro 1
stkggo Posted December 14, 2019 Posted December 14, 2019 I create a website builder with Autoit. Method is to merge text files and photos to build the website. Very simple. I scan the au3 file with virustotal. No virus. But when I scan the exe file, it is regarded as maleware by some virus scanners. I submit the software to Cnet. They reply approval is not given unless the problem is solved.
Musashi Posted December 15, 2019 Posted December 15, 2019 https://www.autoitscript.com/forum/topic/34658-are-my-autoit-exes-really-infected/ "In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."
Moderators JLogan3o13 Posted December 16, 2019 Moderators Posted December 16, 2019 @Musashi why would you link to the exact same thread? "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Musashi Posted December 16, 2019 Posted December 16, 2019 (edited) 1 hour ago, JLogan3o13 said: @Musashi why would you link to the exact same thread? I have given the link to this thread as an answer in another thread. There the OP described his problems with "false positives". Later the thread was merged/moved in here by a moderator, including my contribution. Now my answer is outside the original context, and appears therefore pointless . Perhaps it would be a good idea to simply remove the link. Edited December 16, 2019 by Musashi seadoggie01 and Danp2 2 "In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."
Eishockeyfan Posted December 27, 2019 Posted December 27, 2019 Productive work with AutoIt Newest Version is no longer possible under Windows 10. Windows Defender permanently reports a virus when the script has been compiled and the ".EXE" file is saved in an automatically saved onedrive folder (e.g. Downloads or Desktop etc.). This means that online transfers to other users are no longer possible and no longer execute there.best regards Chris
Eishockeyfan Posted December 27, 2019 Posted December 27, 2019 Gotta correct me! Before you compile the script you should work with #Pragmas, then Windows Defender is silent. Problem solved ... thanks
Moderators JLogan3o13 Posted December 27, 2019 Moderators Posted December 27, 2019 (edited) 15 hours ago, Eishockeyfan said: Productive work with AutoIt Newest Version is no longer possible under Windows 10. Did you really think, for as long as AutoIt has supported Windows 10 (on systems with Defender), that if this was the case it wouldn't have been advertised far and wide?? In the future, rather than making a definitive statement such as this and then having to come back and retract it, perhaps start by asking a question in the forum about the problems you're encountering. Edited December 27, 2019 by JLogan3o13 seadoggie01, Musashi and FrancescoDiMuro 3 "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Tripredacus Posted January 14, 2021 Posted January 14, 2021 Some recent update to Defender in Windows 10 (noticed today) that some AutoIT .exe are being detected as Trojan:Win32/Fuerboos.D!cl and being quarantined automatically. Unfortunately, due to the sensitivity of the programs I've made, I cannot submit them for review to anyone. Twitter | MSFN | VGCollect
Moderators JLogan3o13 Posted January 14, 2021 Moderators Posted January 14, 2021 Well, if you can't submit to anyone, you're out of luck. Without source, no AV company can do anything. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Musashi Posted January 15, 2021 Posted January 15, 2021 (edited) 10 hours ago, Tripredacus said: Some recent update to Defender in Windows 10 (noticed today) that some AutoIT .exe are being detected as Trojan:Win32/Fuerboos.D!cl and being quarantined automatically. Considering your post count, you'll probably know the following info already . Furthermore, this has been mentioned numerous times in this and other threads. Just in case it has escaped your attention until now, here is a brief summary (simplified) : Compile your scripts in a3x format instead of exe. To execute a3x scripts on the target machine, there are several ways, e.g. : Install AutoIt, then you can execute a3x scripts similar to .exe by double-clicking. However, this option is often not desired by the recipient. If the scripts should only run on your own computer this is irrelevant, because an AutoIt installation already exists. Copy the appropriate file(s) AutoIt3.exe or AutoIt3_x64.exe to the target computer. Associate the extension a3x with the interpreter (AutoIt3.exe). Execution of a3x scripts by double-clicking possible. Since this requires a change in the registry of the target computer, it may also be undesirable. Copy the appropriate file(s) AutoIt3.exe or AutoIt3_x64.exe to the target computer. a3x files can be executed e.g. via a .cmd or a shortcut. This is the least invasive variant. I have switched all my scripts to the a3x format and since then virtually no problems with virus software anymore . Regarding security : au3 scripts will be embedded as a3x when compiling an .exe, so there are no differences. ==> Definitely worth a look is the solution from @Exit , see : au3tocmd-avoid-false-positives Edited January 15, 2021 by Musashi typo Exit, quickbeam and seadoggie01 3 "In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."
Shark007 Posted April 12, 2021 Posted April 12, 2021 (edited) If at all possible, compile your exe's as 64-bit. This trick no longer works in AutoIt v3.3.16.0 When compiled as 32-Bit, I get as many as 12-18 virus detections from VirusTotal. The exact same script, compiled as 64-Bit, only has 2-3 detections. Almost all Windows computer systems these days are 64-Bit operating systems. Take NOTICE: special considerations are required for the Windows Registry, Windows\System* files and ProgramFiles* directories. Edited March 27, 2022 by Shark007 joseLB 1
IlanMS Posted July 18, 2021 Posted July 18, 2021 When using VirusTotal, several anti-viruses that are not listed here false positive, most important of which is Miscrosoft av.
Moderators JLogan3o13 Posted July 19, 2021 Moderators Posted July 19, 2021 On 7/18/2021 at 5:53 AM, IlanMS said: When using VirusTotal, several anti-viruses that are not listed here false positive Not surprising when the original list was compiled 15 years ago The workaround is the same, as mentioned numerous times throughout this thread, there are things you can do to mitigate false positives. Failing these suggestions, you need to contact the AV vendor. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
mLipok Posted August 24, 2021 Posted August 24, 2021 (edited) 2 weeks ago I starts having issue in time when I compile one of my projects. Funny thing is that solution to all my problems was to add at the top of my scirpts, this following line: If Not @Compiled Then ConsoleWrite('ESET') Today it starts hapening for my other projects. I also remember such case: Several years ago, I was working on corrections to one of my projects. I have been correcting it for several hours of work. At the end, when I achieved the desired effect, I noticed that I had a linguistic error (a typo) in one of the messages. So I literally corrected one letter and sent the amendment to the update server. Then, in a remote connection (TeamViewer) at the client's workstation, I wanted to finally update the product. It turned out that changing one letter in the program code regarding the displayed message may cause the heuristic methods of antivirus programs to recognize the program as a virus. Edited March 14, 2022 by mLipok Skysnake and xSunLighTx3 1 1 Signature beginning:* Please remember: "AutoIt"..... * Wondering who uses AutoIt and what it can be used for ? * Forum Rules ** ADO.au3 UDF * POP3.au3 UDF * XML.au3 UDF * IE on Windows 11 * How to ask ChatGPT for AutoIt Code * for other useful stuff click the following button: Spoiler Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST API * ErrorLog.au3 UDF - A logging Library * Include Dependency Tree (Tool for analyzing script relations) * Show_Macro_Values.au3 * My contribution to others projects or UDF based on others projects: * _sql.au3 UDF * POP3.au3 UDF * RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF * SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane * Useful links: * Forum Rules * Forum etiquette * Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * Wiki: * Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * OpenOffice/LibreOffice/XLS Related: WriterDemo.au3 * XLS/MDB from scratch with ADOX IE Related: * How to use IE.au3 UDF with AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler * IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) * PDF Related: * How to get reference to PDF object embeded in IE * IE on Windows 11 * I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions * EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *I also encourage you to check awesome @trancexx code: * Create COM objects from modules without any demand on user to register anything. * Another COM object registering stuff * OnHungApp handler * Avoid "AutoIt Error" message box in unknown errors * HTML editor * winhttp.au3 related : * https://www.autoitscript.com/forum/topic/206771-winhttpau3-download-problem-youre-speaking-plain-http-to-an-ssl-enabled-server-port/ "Homo sum; humani nil a me alienum puto" - Publius Terentius Afer"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming" , be and \\//_. Anticipating Errors : "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty." Signature last update: 2023-04-24
Popular Post jchd Posted August 24, 2021 Popular Post Posted August 24, 2021 15 minutes ago, mLipok said: It turned out that changing one letter in the program code regarding the displayed message may cause the heuristic methods of antivirus programs to recognize the program as a virus. That's the drawback of heuristics: they can misinterpret a tree as a school bus when a bird leaves its nest in the tree. sudeepjd, mLipok, Musashi and 3 others 1 5 This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)
obiwanceleri Posted June 13, 2022 Posted June 13, 2022 (edited) Not sure where to post this but this week I've been programming again and discovered that my new compiled scripts are being flagged as infected with "Trojan:Win32/Sabsik.FL.A!ml" It's an obvious false positive. And Defender doesn't even let me create an exception (the only way around this is to tell Defender to skip the folder(s) where I am compiling the scripts). IMPORTANT: this only affect the 32 bit version and not the 64 bit one. So at least there's a workaround. IMPORTANT: this also affect the beta version in the same way I did send the 'offending' .EXE to Microsoft but there's no way of telling them this is a actual false positive. Here are a few version numbers for you AutoIt version : 3.3.16.0 Windows version : 19044.1706 (21H2) Defender client version : 4.18.2203.5 Defender engine : 1.1.19200.6 Defender version : 1.367.1454.0 Anti-Spyware version : 1.367.1454.0 Here's the script that got flagged (as you can see, there's nothing offending here). I've compiled a few scripts and I get the same issue. #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Version=Beta #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** ; Test 01 tester les clsid ; Ordinateur\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders --> {374DE290-123F-4565-9164-39C4925E467B} #include <File.au3> #include<Array.au3> $sChemin = RegRead('HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders','{374DE290-123F-4565-9164-39C4925E467B}') $aDir = _FileListToArray($sChemin,"*") _ArrayDisplay($aDir) If this is in the wrong section, please tell me where I can post this. Edited June 13, 2022 by obiwanceleri Help a newbie, comment your code!
argumentum Posted June 13, 2022 Posted June 13, 2022 30 minutes ago, obiwanceleri said: Not sure where to post this ...not much that can be done. Exempt the EXEs or/and folders in Defender. obiwanceleri 1 Follow the link to my code contribution ( and other things too ). FAQ - Please Read Before Posting.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now