LoWang Posted January 19, 2012 Share Posted January 19, 2012 Hello, I noticed this very strange thing. I have some autoit programs which I created for myself running ony my work laptop and when I tried to ping this machine from the second one I have strange thing happened - one of those programs wanted to reply to that ping and Symantec firewall noticed me about it if I want to allow it or not! Why the heck would my program do this? The one which did it just now has some network functions but they do something only when I click a button in it and otherwise it just loops sleep The second program which did it does not even have any network functions at all. So what the heck is that? Maybe this is normal and I freak out like a noob, so tell me. But I always thought it is the OS which should reply to pinging... Link to comment Share on other sites More sharing options...
LoWang Posted January 20, 2012 Author Share Posted January 20, 2012 where are all those valued autoiters who should know this? Link to comment Share on other sites More sharing options...
AdmiralAlkex Posted January 20, 2012 Share Posted January 20, 2012 Sleeping in the private developer forum? Lol, but seriously, since it's about a compiled script, I'm not sure how a normal user is supposed to know this. .Some of my scripts: ShiftER, Codec-Control, Resolution switcher for HTC ShiftSome of my UDFs: SDL UDF, SetDefaultDllDirectories, Converting GDI+ Bitmap/Image to SDL Surface Link to comment Share on other sites More sharing options...
water Posted January 20, 2012 Share Posted January 20, 2012 Don't know but please wait at least 24 hours before you bump a thread (according to forum FAQ). My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki  Link to comment Share on other sites More sharing options...
Developers Jos Posted January 20, 2012 Developers Share Posted January 20, 2012 I always thought the IP Stack did the reply to an ICMP. So you are actually seeing an ICMP come in and an AutoIt3 script tries to reply? SciTE4AutoIt3 Full installer Download page  - Beta files    Read before posting   How to post scriptsource   Forum etiquette Forum Rules  Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Blue_Drache Posted January 20, 2012 Share Posted January 20, 2012 I always thought the IP Stack did the reply to an ICMP. So you are actually seeing an ICMP come in and an AutoIt3 script tries to reply?If I read his babble correctly, he was saying a self-created autoit script is what's initiating the ping. Lofting the cyberwinds on teknoleather wings, I am...The Blue Drache Link to comment Share on other sites More sharing options...
LoWang Posted January 21, 2012 Author Share Posted January 21, 2012 (edited) Thank you for replying. Well, Blue_drache, you are not reading it correctly I said that I ping my first laptop from the second one I have to see if my wifi works (ping command from the command line) and then suddendly on my first one I see this message from our corporate Symantec Endpoint Protection!pripojCdrive.exe is my script which I created for myself and colleagues and we use it to connect smb shares in our company and when I get home I sometimes leave it running. But there is absolutely no functionality which should reply to pings from another computers At least none that I know of. It does not matter if I say yes or no to this window - ping works normally and gets response.And this was not the only case. Also another of my scripts tried to reply to pings and it has no network functions at all (as I wrote before) but I haven't made a photo of that warning window... Edited January 21, 2012 by LoWang Link to comment Share on other sites More sharing options...
LoWang Posted January 25, 2012 Author Share Posted January 25, 2012 bump... Link to comment Share on other sites More sharing options...
jvanegmond Posted January 25, 2012 Share Posted January 25, 2012 Software firewalls are retarded. Try another brand. github.com/jvanegmond Link to comment Share on other sites More sharing options...
LoWang Posted January 30, 2012 Author Share Posted January 30, 2012 (edited) Why the heck would SciTE jump want to access my network? I doubt the "problem" is in a firewall ... Edited January 30, 2012 by LoWang Link to comment Share on other sites More sharing options...
guinness Posted January 30, 2012 Share Posted January 30, 2012 SciTE Jump doesn't access the Internet. UDF List:  _AdapterConnections() • _AlwaysRun() • _AppMon() • _AppMonEx() • _ArrayFilter/_ArrayReduce • _BinaryBin() • _CheckMsgBox() • _CmdLineRaw() • _ContextMenu() • _ConvertLHWebColor()/_ConvertSHWebColor() • _DesktopDimensions() • _DisplayPassword() • _DotNet_Load()/_DotNet_Unload() • _Fibonacci() • _FileCompare() • _FileCompareContents() • _FileNameByHandle() • _FilePrefix/SRE() • _FindInFile() • _GetBackgroundColor()/_SetBackgroundColor() • _GetConrolID() • _GetCtrlClass() • _GetDirectoryFormat() • _GetDriveMediaType() • _GetFilename()/_GetFilenameExt() • _GetHardwareID() • _GetIP() • _GetIP_Country() • _GetOSLanguage() • _GetSavedSource() • _GetStringSize() • _GetSystemPaths() • _GetURLImage() • _GIFImage() • _GoogleWeather() • _GUICtrlCreateGroup() • _GUICtrlListBox_CreateArray() • _GUICtrlListView_CreateArray() • _GUICtrlListView_SaveCSV() • _GUICtrlListView_SaveHTML() • _GUICtrlListView_SaveTxt() • _GUICtrlListView_SaveXML() • _GUICtrlMenu_Recent() • _GUICtrlMenu_SetItemImage() • _GUICtrlTreeView_CreateArray() • _GUIDisable() • _GUIImageList_SetIconFromHandle() • _GUIRegisterMsg() • _GUISetIcon() • _Icon_Clear()/_Icon_Set() • _IdleTime() • _InetGet() • _InetGetGUI() • _InetGetProgress() • _IPDetails() • _IsFileOlder() • _IsGUID() • _IsHex() • _IsPalindrome() • _IsRegKey() • _IsStringRegExp() • _IsSystemDrive() • _IsUPX() • _IsValidType() • _IsWebColor() • _Language() • _Log() • _MicrosoftInternetConnectivity() • _MSDNDataType() • _PathFull/GetRelative/Split() • _PathSplitEx() • _PrintFromArray() • _ProgressSetMarquee() • _ReDim() • _RockPaperScissors()/_RockPaperScissorsLizardSpock() • _ScrollingCredits • _SelfDelete() • _SelfRename() • _SelfUpdate() • _SendTo() • _ShellAll() • _ShellFile() • _ShellFolder() • _SingletonHWID() • _SingletonPID() • _Startup() • _StringCompact() • _StringIsValid() • _StringRegExpMetaCharacters() • _StringReplaceWholeWord() • _StringStripChars() • _Temperature() • _TrialPeriod() • _UKToUSDate()/_USToUKDate() • _WinAPI_Create_CTL_CODE() • _WinAPI_CreateGUID() • _WMIDateStringToDate()/_DateToWMIDateString() • Au3 script parsing • AutoIt Search • AutoIt3 Portable • AutoIt3WrapperToPragma • AutoItWinGetTitle()/AutoItWinSetTitle() • Coding • DirToHTML5 • FileInstallr • FileReadLastChars() • GeoIP database • GUI - Only Close Button • GUI Examples • GUICtrlDeleteImage() • GUICtrlGetBkColor() • GUICtrlGetStyle() • GUIEvents • GUIGetBkColor() • Int_Parse() & Int_TryParse() • IsISBN() • LockFile() • Mapping CtrlIDs • OOP in AutoIt • ParseHeadersToSciTE() • PasswordValid • PasteBin • Posts Per Day • PreExpand • Protect Globals • Queue() • Resource Update • ResourcesEx • SciTE Jump • Settings INI • SHELLHOOK • Shunting-Yard • Signature Creator • Stack() • Stopwatch() • StringAddLF()/StringStripLF() • StringEOLToCRLF() • VSCROLL • WM_COPYDATA • More Examples... Updated: 22/04/2018 Link to comment Share on other sites More sharing options...
jvanegmond Posted January 30, 2012 Share Posted January 30, 2012 I doubt the "problem" is in a firewall ...Software firewalls are retarded.Very retarded. github.com/jvanegmond Link to comment Share on other sites More sharing options...
Mobius Posted January 30, 2012 Share Posted January 30, 2012 (edited) Software firewalls are retarded.Very retarded.The worst are those that give very cryptic often verbose descriptions without actually giving information that is useful to the end user (or gives it in a manner that no user, experienced or not can use in an effective way).Alternatively the worst case scenario is that an author of a tool uses a method they do not fully understand and thus causes such security software to freak out about the most casual of things. Edited January 30, 2012 by Mobius Link to comment Share on other sites More sharing options...
BrewManNH Posted January 30, 2012 Share Posted January 30, 2012 Download and fire up WireShark and monitor your network traffic, wait until you get the message from your firewall and see what is actually sending the information to the NIC. Then you'll know where the "problem" actually is. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator Link to comment Share on other sites More sharing options...
LoWang Posted January 30, 2012 Author Share Posted January 30, 2012 Another onetext from the details:File Version: File Description: TC_changetext.exeFile Path: C:scriptypokusyTC_changetext.exeDigital Signature: Process ID: 0x3ec (Hexadecimal) 1004 (Decimal)Connection origin: local initiatedProtocol: ICMPLocal Address: 192.168.1.35ICMP Type: 0 (Echo Reply)ICMP Code: 0 Remote Name: Remote Address: 192.168.1.40Ethernet packet details:Ethernet II (Packet Length: 74)Destination: 00-15-00-15-dd-a8Source: 58-94-6b-79-bf-88Type: IP (0x0800)Internet ProtocolVersion: 4Header Length: 20 bytesFlags:.0.. = Don't fragment: Not set..0. = More fragments: Not setFragment offset:0Time to live: 128Protocol: 0x1 (ICMP - Internet Control Message Protocol)Header checksum: 0x9dad (Correct)Source: 192.168.1.35Destination: 192.168.1.40Internet Control Message ProtocolType: 0 (Echo Reply)Code: 0Data (36 bytes)Binary dump of the packet:0000: 00 15 00 15 DD A8 58 94 : 6B 79 BF 88 08 00 45 00 | ......X.ky....E.0010: 00 3C 09 88 00 00 80 01 : AD 9D C0 A8 01 23 C0 A8 | .<...........#..0020: 01 28 00 00 5B 54 02 00 : F8 07 61 62 63 64 65 66 | .(..[T....abcdef0030: 67 68 69 6A 6B 6C 6D 6E : 6F 70 71 72 73 74 75 76 | ghijklmnopqrstuv0040: 77 61 62 63 64 65 66 67 : 68 69 | wabcdefghi Link to comment Share on other sites More sharing options...
jchd Posted January 30, 2012 Share Posted January 30, 2012 Does it need a (user) program running to have the network stack answer an ICMP request, assuming it isn't kept away from doing so by registry settings? Looks like an automated response which doesn't need user code to happen. It may simply be that the firewall sees the ICMP being automagically issued by the network stack and (mis)associates it with the PID having had the last user time slot, or something like that. In the vein "some process HAS to be guilty for that". A comparable answerless question would probably arise if a "DVD reader firewall" tries to associate a user program with the "something caused the DVD tray to open" when a human pressed the eject button of this drive. Do ping responses occur without any AutoIt script running? This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
LoWang Posted January 30, 2012 Author Share Posted January 30, 2012 (edited) hm when you say it like this it may be the case. We had some bad experience with symantec products in our company before :-] But did you see the packet dump I pasted? What's with that alphabet in it?! I just continuously ping my primary laptop from the second one to check the wifi network stability and I get normal responses. From time to time - just now for example when I typed this sentence) one of the compiled autoit scripts decides to answer that pinging too! And yes ping still works after I exited all my scripts. But just a second after I launch one of them again it wants to reply to it :-] If I answer no but without remembering it seems not to try again...at least for some time. I will try wireshark tomorrow because now I will probably go to sleep. (Without having done what I wanted again because of this disturbing mystery :- ) Edited January 30, 2012 by LoWang Link to comment Share on other sites More sharing options...
jchd Posted January 30, 2012 Share Posted January 30, 2012 I only use Ghost (which is a product Norton got by buying the company which made it) and no other Norton product. The last one I was involved in was their beta and release of the (very good at that time) C/C++ compiler originated by Zortech. Symantec destroyed this product shortly afterwards. Having seen too many "kits" that teens could use to take control over a Norton/Symantec "protection" on any PC worldwide further kept me forever away from their products (especially what they call security products). Yet what you report is a bit strange. This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
LoWang Posted January 30, 2012 Author Share Posted January 30, 2012 Guess what...File Version: File Description: SciTE.exeFile Path: C:Program Files (x86)AutoIt3SciTESciTE.exeDigital Signature: Process ID: 0x2260 (Hexadecimal) 8800 (Decimal)Connection origin: local initiatedProtocol: ICMPLocal Address: 192.168.1.35ICMP Type: 0 (Echo Reply)ICMP Code: 0 Remote Name: Remote Address: 192.168.1.40Ethernet packet details:Ethernet II (Packet Length: 74)Destination: 00-15-00-15-dd-a8Source: 58-94-6b-79-bf-88Type: IP (0x0800)Internet ProtocolVersion: 4Header Length: 20 bytesFlags:.0.. = Don't fragment: Not set..0. = More fragments: Not setFragment offset:0Time to live: 128Protocol: 0x1 (ICMP - Internet Control Message Protocol)Header checksum: 0xee9f (Correct)Source: 192.168.1.35Destination: 192.168.1.40Internet Control Message ProtocolType: 0 (Echo Reply)Code: 0Data (36 bytes)Binary dump of the packet:0000: 00 15 00 15 DD A8 58 94 : 6B 79 BF 88 08 00 45 00 | ......X.ky....E.0010: 00 3C 17 37 00 00 80 01 : 9F EE C0 A8 01 23 C0 A8 | .<.7.........#..0020: 01 28 00 00 13 4B 02 00 : 40 11 61 62 63 64 65 66 | .(...K..@.abcdef0030: 67 68 69 6A 6B 6C 6D 6E : 6F 70 71 72 73 74 75 76 | ghijklmnopqrstuv0040: 77 61 62 63 64 65 66 67 : 68 69 | wabcdefghi Link to comment Share on other sites More sharing options...
LoWang Posted January 30, 2012 Author Share Posted January 30, 2012 (edited) OMG and now it has gone completely crazy. It reports various exe files that are supposedly trying to do ICMP reply. procex64.exe, ProtectionUtilSurrogate.exe (symantec something), SynTPEnh.exe (Thinkpad utility). So the problem is not in autoit it seems... Now even C:\Windows\System32\csrss.exe. :-] Edited January 30, 2012 by LoWang Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now