mtrank

I tried that on an individual basis early on but not en masse. It still had the issue. There are many autoit scripts that run daily on a large number of machines and have been working fine for many years. It is ONLY the recent combination of the SEP 12 client and certain autoit 3.3.8.1 compiled scripts. We initially saw this on Win7 64bit PCs but are now seeing it on XP machines with SEP 12 as well. The SEP client version speaking of is 12.1.2015.2015. Again, the issues are seemingly random. One way we saw the issue is on win7 64bit machines, if you simply right-click an autoit .EXE file, it would either hang windows explorer or take many seconds until the context menu popped up. Again, is anyone experiencing any issues with SEP 12 and autoit 3.3.8.1. compiled scripts? Is there anyone using this combination at all? Thank you very much. -Mike

Hi All. Is anyone having issues with the latest v.3.3.8.1 autoit scripts and Symantec Endpoint Protection 12? I am doing several development and scripting projects for a large enterprise and beginning around November 7th, 2012, we started noticing strange issues with our autoit scripts that use the latest AutoIt 3.3.8.1. The issues are seemingly random (scripts hang, cannot install them on to PCs, etc.). We ultimately traced it to Symantec Endpoint Protection v12 blocking our scripts (confirmed by removing SEP off of many PCs). Apparently, the SONAR portion of SEP12 would flag our script executables as "Suspicious.Cloud.2" type virus. SONAR is the heuristics or suspicious activity detection engine. I've been told this engine works similar to anti-spam in that the target item gets a "score" based on its analysis, if that "score" is above some kind of threshold, will block it as a possible virus. We tested older (pre-v.3.3.8.1) compiled autoit scripts and it does not affect them. Only the latest v.3.3.8.1 compiled scripts. Again, it does not happen every time. The autoit scripts may work fine one day on a PC, then all of a sudden it won't. And the statistical frequency of this has changed as new symantec definitions have been rolled out. But still, sometimes it blocks the scripts, sometimes it does not. Has ANYONE else experienced these or similar issues? Thank you. -Mike