Skysnake

McAfee Antivirus Plus killing my compiled scripts

4 posts in this topic

#1 ·  Posted (edited)

Howdy, 

In a bizarre twist of events a client installed McAfee Antivirus Plus (the paid version).  I have scripts running there, the simplest is a little HTTP downloader, which opens HTML pages and downloads some files.  These scripts have been running for years.  The new AV kills the process.  The process just "disappears" with no warning.

I can not find an "exception" setting.  IT on site had to kill it in the Task Manager and restart the PC.  All other AV products (even the free ones) have an easily accessible Exception setting.

Note that the standard McAfee that typically comes with Acrobat does not do this, yet.

Any advice on this please? Other than "get a new AV"? This has been suggested and as they just dished out the cash, not a current option.

Edited by Skysnake

Skysnake

Why is the snake in the sky?

Share this post


Link to post
Share on other sites



Send a report?


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

i had the same problem, my au .exe was delete by Avira antivirus , and this is avira show

E:\autoit\automhk v1.exe (SHA-256: f9a02cff6eac9501572db4d5e8869051763eff68426e3b9d56ec3c7e6a1c7f7f)
[DETECTION] Contains suspicious code HEUR/APC (Cloud)

Share this post


Link to post
Share on other sites

So report these false positives to the AV companies - we can do nothing.

And we shut the cage door - again - to protect the poor old Oozlum bird. Thread locked.

M23

 

 


Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind._______My UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Similar Content

    • irishsurfer22
      By irishsurfer22
      Hi,
      I'm trying to automate the process of configuring the three McAfee settings seen in the image I've attached (Host IPS, Network IPS and Firewall).  Clicking one of them toggles the setting and closes the menu.  I want them all OFF.  This script will be used on different computers so the settings might be have different initial setups.
      This is my first time using AutoIt and I have very limited coding experience--mostly MATLAB.  Please excuse any lack of knowledge or terminology. 
      So far my code is able to
      1. Find the visible McAfee icon in the system tray. 
      2. Click the icon.
      3. Send "Q" to open up the Quick Settings menu.
      4. Toggle settings blindly using keystrokes.
      The problem I'm having is I don't know how to "read" the status of the setting before toggling it.  This means I might be switching it from Off to On by mistake,
      when I should really just leave it alone. 
       
      I'm wondering a couple of things. 
       
      1. Is there an easy way to "read" the status of the setting?  This would solve the problem.  Part of the challenge with this overall assignment is that there doesn't
      seem to be any sort of "control" built into these menus.  In other words, the only thing that changes in Au3Info when you hover over different options is the
      coordinates of the mouse--there aren't any unique control IDs or texts to my knowledge that differentiate between different settings or menus.  I don't know how to search for text in a menu and get an index or anything like that.  I've attached my code at the bottom and commented-out two ideas I had for reading the status and acting accordingly after "Send (Q)".  Neither of which were fruitful. 
       
      2. Is there an alternative to the overall method I've chosen that is simpler and more robust?  It seems like there must be an alternative path to these settings besides the system tray, but I don't know of any such paths.   The final script is going to be used on a number of computers which may have the McAfee icon either hidden or visible in the system tray, but currently my script only works if it is visible.  I haven't figured out how to access hidden icons with mouse clicks yet. 
       
      I should also mention that most of my code for step 1 (find the McAfee icon) comes from something I found online.  I've stared at it for a while, and I think I know how it works, but I wouldn't have known those GUI commands existed and wouldn't have been able to write that bit of code on my own.    I don't want you to overestimate my understanding of AutoIt.  Sorry for the long post, just wanted to provide all the relevant info. 
       
      Any advice you can offer would be greatly appreciated!  Thanks in advance.
      -Cody
       
      #cs AutoIt McAfee disable #ce #Include <GuiToolBar.au3> #Include <GUIConstants.au3> Local $Array[3] For $Element In $Array Global $hSysTray_Handle, $iSystray_ButtonNumber Global $sToolTipTitle = "McAfee status: OK" ; <<<<<<<<<<<<<<<< Enter some tooltip text for the icon you want here $iSystray_ButtonNumber = Get_Systray_Index($sToolTipTitle) If $iSystray_ButtonNumber = 0 Then MsgBox(16, "Error", "Icon not found in system tray") Exit Else Sleep(500) _GUICtrlToolbar_ClickButton($hSysTray_Handle, $iSystray_ButtonNumber, "right") EndIf Send( "Q" ) ;$DropDownHandle = Controlgethandle( "", "Host IPS - on", "") ;$text = ControlGetText( "", "Host IPS - on", "") ;If "Host IPS - on" = 1 Then ; Send( $Element ) ;EndIf Next Exit ;........ Func Get_Systray_Index($sToolTipTitle) ; Find systray handle $hSysTray_Handle = ControlGetHandle('[Class:Shell_TrayWnd]', '', '[Class:ToolbarWindow32;Instance:1]') If @error Then MsgBox(16, "Error", "System tray not found") Exit EndIf ; Get systray item count Local $iSystray_ButCount = _GUICtrlToolbar_ButtonCount($hSysTray_Handle) If $iSystray_ButCount = 0 Then MsgBox(16, "Error", "No items found in system tray") Exit EndIf ; Look for wanted tooltip For $iSystray_ButtonNumber = 0 To $iSystray_ButCount - 1 If StringInStr(_GUICtrlToolbar_GetButtonText($hSysTray_Handle, $iSystray_ButtonNumber), $sToolTipTitle) = 1 Then ExitLoop Next If $iSystray_ButtonNumber = $iSystray_ButCount Then Return 0 ; Not found Else Return $iSystray_ButtonNumber ; Found EndIf EndFunc  

    • Leo1906
      By Leo1906
      Hey there,
      I didn't really know how to name the titel .. so let me explain it a bit further.
      You all might know that a compiled Autoit-Exe gives an error message containing the Error and the line when it crashes. Often those messages aren't usefull because it states the line in the compiled script is not the line in your script if you have used includes. Decompiling the exe often doesn't help either. Well .. I don't want to start a discussion about the benefits of those messages.
      I just want to disable them. I want my exe to just fail an crash and that's it. Nothing more. When there's an error there's an error. Autoit is the only language I have ever noticed those message boxes.
      I think now you can understand me ..
      Do you know any way to do this?
      Some compiler options or so? Or is it that deep implemented in Autoit that it can't be removed?
      Thanks for your help!
      Leo1906
    • Chocolade
      By Chocolade
      I'm using csharp with the autoitx3.
      I added to my project referenced the autoit dll's. Everything was working find until I got exception say:
      "Unable to load DLL 'AutoItX3_x64.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)"
      And I downloaded and installed the autoit and added the dll files referenced them to my project also the file name:
      AutoitX3_x64.dll but for some reason I don't see this dll file in the project tried to add it as reference few times and in the References I see only two files of Autoit: AutoItX3.Assembly.dll and Interop.AutoItX3Lib.dll but for some reason it's not adding the AutoitX3_x64.dll as reference.
       
      How should I add then the AutoitX3_x64.dll to my project ? I keep getting the exception message that it's missing.
       
    • Anteaus
      By Anteaus
      Think this has been discussed before, but is there any way of signing a compiled script with a certificate?
      Reason I ask is that some AV products keep on producing 'Generic Trojan' false positives on compiled scripts. I'm told that signing with a certificate from a trusted source might reduce this problem.
    • zbigj
      By zbigj
      I simultanously run some threads and from time to time I have a message, that there is concurrent deadlock exception (update conflict with concurrent update). I know, that it sometimes happens, but is it possible to somehow turn off displaying messaging from Firebird? Or better somehow handle this exceptions ?