MadMakz Posted May 22, 2012 Share Posted May 22, 2012 (edited) May 18, 2012 Trojan.Komodola false positive on probably any (i can confirm this for 3 tottaly different projects of mine) AutoIT compiled Programm.For devs and users that use Symantec AV's together with AuotoIT Applications: Please help to verify and to get this sorted quick.False Positives can be complained at https://submit.symantec.com/false_positive/ and make sure to ship a note that you'll get this issue with any (please test) AutoIT compiled executable.ThanksUpdate: Not all Apps seems to be issued. I'm rying to reproduce the similarities now. Edited May 22, 2012 by MadMakz Link to comment Share on other sites More sharing options...
MadMakz Posted May 22, 2012 Author Share Posted May 22, 2012 (edited) obfuscator triggers the issue already on uncompiled state. <script>_obfuscated.au3 wich would then be packed inside the .exe. #AutoIt3Wrapper_Run_Obfuscator=Y MsgBox(0, "Test", "Hello World!") Compiling without Obfuscator renders the .exe clean. #AutoIt3Wrapper_Run_Obfuscator=N MsgBox(0, "Test", "Hello World!") Edited May 22, 2012 by MadMakz Link to comment Share on other sites More sharing options...
water Posted May 22, 2012 Share Posted May 22, 2012 Try this obfuscator settings so no encryption happens: #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Run_Obfuscator=y #Obfuscator_Parameters=/striponly #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** MsgBox(0, "Test", "Hello World!") My UDFs and Tutorials: Spoiler UDFs:Active Directory (NEW 2022-02-19 - Version 1.6.1.0) - Download - General Help & Support - Example Scripts - WikiExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example ScriptsOutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - WikiOutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - DownloadOutlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - WikiPowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - WikiTask Scheduler (NEW 2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs:Excel - Example Scripts - WikiWord - Wiki Tutorials:ADO - WikiWebDriver - Wiki Link to comment Share on other sites More sharing options...
MadMakz Posted May 22, 2012 Author Share Posted May 22, 2012 (edited) Thanks. Yes, this does indeed trigger no warning. Done some more testing after you pointed to the settings; /Convert_Strings=1 /Convert_Numerics=1 both trigger the issue independent. /Convert_Funcs=1 /Convert_Vars=1are fine. Edited May 22, 2012 by MadMakz Link to comment Share on other sites More sharing options...
jazzyjeff Posted May 22, 2012 Share Posted May 22, 2012 We had this happen on utilities that we use this morning. A support all was made to Symantec and we have been told to wait between 24 and 36 hourS for a fix.p Link to comment Share on other sites More sharing options...
Zedna Posted May 22, 2012 Share Posted May 22, 2012 Resources UDF ResourcesEx UDF AutoIt Forum Search Link to comment Share on other sites More sharing options...
MadMakz Posted May 22, 2012 Author Share Posted May 22, 2012 (edited) yes, but i opened this thread because symantec suddenly started to block autoit while there where no issues with legit autoit applications since ages and to point as many devs as possible to this recent event so symantec may act faster due to a larger f/p confirming rate.@jazzyjeff; thanks for the info. Edited May 22, 2012 by MadMakz Link to comment Share on other sites More sharing options...
Zedna Posted May 22, 2012 Share Posted May 22, 2012 (edited) yes, but i opened this thread because symantec suddenly started to block autoit while there where no issues with legit autoit applications since ages ...Then uninstall (shit) Symantec software a install some competition product.There is no obligation to use Symantec.EDIT: There is another possible solution - use exception from scanning for directories with AutoIt's EXE files Edited May 22, 2012 by Zedna Resources UDF ResourcesEx UDF AutoIt Forum Search Link to comment Share on other sites More sharing options...
MadMakz Posted May 22, 2012 Author Share Posted May 22, 2012 (edited) Then uninstall (shit) Symantec software a install some competition product.There is no obligation to use Symantec.EDIT: There is another possible solution - use exception from scanning for directories with AutoIt's EXE filesi have no control over the AV my "customers" are using.i'm personally using symantec because i get free licences from my ISP. Edited May 23, 2012 by MadMakz Link to comment Share on other sites More sharing options...
Chimaera Posted May 23, 2012 Share Posted May 23, 2012 i get free licences from my ISP.Because its sh1t If Ive just helped you ... miracles do happen. Chimaera CopyRobo() * Hidden Admin Account Enabler * Software Location From Registry * Find Display Resolution * _ChangeServices() Link to comment Share on other sites More sharing options...
Bhrawn Posted May 23, 2012 Share Posted May 23, 2012 Today from AVG Free I started getting virus warnings in every single one of my scripts (ok, so it's only 3, but all 3 were tagged) for: dropper.generic_c.MKS Grrrrrr Link to comment Share on other sites More sharing options...
MadMakz Posted May 23, 2012 Author Share Posted May 23, 2012 ^as expected; others start to index it too. this is sh** Link to comment Share on other sites More sharing options...
jazzyjeff Posted May 23, 2012 Share Posted May 23, 2012 This is what I received from Symantec. We are writing in relation to your submission through Symantec's on-line Security Risk / False Positive Dispute Submission form for your software being detected by Symantec Software. Thanks to reports like yours we were able to quickly pinpoint the problem conditions that users like you were experiencing. In response to this issue, Symantec Security Response has removed this detection from the definitions. You can retrieve the latest available Rapid Release definitions from here: http://www.symantec.com/security_response/definitions.jsp Or, you can retrieve the fix from LiveUpdate as well. Definition versions 20120522.018 and later contain the fix. Decisions made by Symantec are subject to change if alterations to the Software are made over time or as classification criteria and/or the policy employed by Symantec changes over time to address the evolving landscape. Sincerely, Symantec Security Response Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now