Recently Browsing 0 members
No registered users viewing this page.
Au3toCmd --- Avoid false virus positives
Since many virus scanners sometimes prevent a "compiled autoit EXE" from being executed as "false positive", the "*.A3X" format is a suitable format to avoid this problem.
See here for more information.
In order to simplify this procedure, I wrote the Au3toCmd script. Here a *.Cmd file is generated from a *.Au3 file. The necessary files Autoit3.exe and *.A3x are added to the "*.Cmd" file as "alternate data streams" "Base64" encoded data.
Now the Autoit Script can be called by clicking on the cmd file and the anti-virus scanners do not recognize the "false positive".
If the short-term flashing of the CMD window bothers you, you can click the desktop shutcut that runs in a minimized window.
Unfortunately, because the "alternate data streams", this CMD file cannot be distributed via FTP or email.
Only a USB sti ck or removable disk formatted with NTFS can be used.
As the new version now uses Base64 data instead of ADS, this statement is out of date.
For reasons of compatibility, the old version was sunk into the spoiler here.
The script can be called with a file name of an AU3 script as a parameter.
If no name is entered, a query is made.
For more information, see the header of the script.
Suggestions, improvements and bug reports are welcome.
Here the versions using base64 data
Version: 2022.05.12 (Support blanks in pathnames)
Version: 2022.06.23 (Support release candidates. Changed @CrLf to @Lf. Annual cleaning. Optimized #AutoIt3Wrapper handling)
Version: 2022.07.22 (Support scripts with the same name but different content in different directories)
Version: 2022.07.27 (Support blanks in usernames)
Version: 2022.09.01 (Optimized annual cleaning)
I having some hard times getting false-positive, probably because I am trying to execute my AutoUpdater.
Here is my code:
Global $iUpdateTimer = 0 While 1 checkUpdates(10) WEnd Func checkUpdates($iDelay = 10) $iDelay = $iDelay * 1000 * 60 If TimerDiff($iUpdateTimer) > $iDelay Then ConsoleWrite('checking for updates...' & @CRLF) $iUpdateTimer = TimerInit() If FileExists('AutoUpdater.exe') Then ShellExecuteWait('AutoUpdater.exe') ; this is the line which cause my problem EndIf EndFunc And AutoUpdater code:
#include <MsgBoxConstants.au3> #include <FileConstants.au3> Global $sExecName = 'test.exe' Global $sUpdatePath = @UserProfileDir &'\desktop\AnyAppName\update\'& $sExecName Global $sUserPath = @UserProfileDir &'\desktop\AnyAppName\'& $sExecName Global $sCopyright = 'someUniqueStringHere' If Not FileExists($sUpdatePath) Then Exit 0 If FileGetVersion($sUpdatePath, $FV_LEGALCOPYRIGHT) <> $sCopyright Then Exit 0 ; checking if we really want to update and execute the file If FileGetVersion($sUpdatePath) > FileGetVersion($sUserPath) Then $iResponse = MsgBox(BitOR($MB_YESNO, $MB_ICONQUESTION),'AnyAppName', 'There is an update available, would you like to update?') If $iResponse == $IDYES Then If ProcessExists($sExecName) Then ProcessClose($sExecName) Sleep(500) EndIf FileCopy($sUpdatePath, $sUserPath, $FC_OVERWRITE) Sleep(3000) ShellExecute($sUserPath) Exit 1 EndIf EndIf Exit 0 I am not trying to ask, why is my code is getting recognized as false-positive, because this is quite obvious, but is there any other way to get things done without running external process?
hello autoit team
is there any wey to check if any process run as admin or no?
i mean e.g if i want to restart any process, now i have the ability to get the process path and commands line
what i need is a wey to check if the process was runing as admin or no to restart it with the same state.
here is the part that am using it to restart the process
func _processRestart($i_pid, $s_ProcessPath) if not (ProcessExists($i_ProcessPid)) then return SetError(1, 0, -1) local $s_ProcessWorkDir = _WinAPI_GetProcessWorkingDirectory($i_ProcessPid) ProcessClose($i_ProcessPid) ProcessWaitClose($i_ProcessPid) ProcessWait(ShellExecute($i_pid,"", $s_ProcessWorkDir)) ProcessesGetList() return true endFunc thanks in advance
Hi AutoIT masters,
Good day! Sorry to have bothered this forum but we really need help. We are working on an automation project that is running on VDI server. The BOTS are in .exe are running fine until AV detected them and deleted the files. The files were re-compiled and AV kept on deleting them. The copy of the .exe BOT deleted were sent to Symantec for whitelisting. After whitelisting, it is no longer deleted but no longer working as designed (showing Line script error). We checked the scripts and there were no issues since we run it using SciTE editor and it performed the desired task. Good thing we found on this thread the solution using .a3x and the BOTS worked fine and no longer deleted. Now, the problem is they are asking why the BOTS won't run in .EXE and what is the reason behind Symantec AV deleting them. We raised a case with Symantec but they cannot provide further information as they are always seeing the file as "False Positive". We even tested with Symantec turned off and those .EXE files are working fine, however, after re-enabling, it got deleted.
Just seeking help on how to better convince them that it is really Symantec causing the issue and the .a3x file.
Greetings to all,
This may relate in regards to
If I have 2 different au3 scripts compiled individually as a standalone executable(s) (compilation settings are the same)
If I have one au3 script compiled as a standalone executable(s) with different compilation settings.
Does an Anti Virus see them as one signature for all? or treated as unique signatures?
My reason behind this is that I am trying to plan ahead on how to deal with these false positives.
I am a part of a small IT admin team that would like to automate some repeatable tasks using Autoit.
Our AV is Sophos if one is curious.
Any insights are highly appreciated!, many thanks in advance!