ambad4u Posted April 29, 2019 Posted April 29, 2019 Greetings to all, This may relate in regards to My question: If I have 2 different au3 scripts compiled individually as a standalone executable(s) (compilation settings are the same) OR If I have one au3 script compiled as a standalone executable(s) with different compilation settings. Does an Anti Virus see them as one signature for all? or treated as unique signatures? My reason behind this is that I am trying to plan ahead on how to deal with these false positives. I am a part of a small IT admin team that would like to automate some repeatable tasks using Autoit. Our AV is Sophos if one is curious. Any insights are highly appreciated!, many thanks in advance!
TheSaint Posted April 29, 2019 Posted April 29, 2019 Often it seems to me, that UPX is a factor in false positives. So you could have one compiled version that doesn't use UPX compression ... or uses an older version of it ... or uses a different compressor program. Depends on your file size requirement I guess. The upx.exe program file can be found in the Aut2Exe folder. That type of change might give you enough difference. However, I don't know enough about signatures to comment on that side of it. Make sure brain is in gear before opening mouth! Remember, what is not said, can be just as important as what is said. Spoiler What is the Secret Key? Life is like a Donut If I put effort into communication, I expect you to read properly & fully, or just not comment. Ignoring those who try to divert conversation with irrelevancies. If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it. I'm only big and bad, to those who have an over-active imagination. I may have the Artistic Liesense to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)
ambad4u Posted April 29, 2019 Author Posted April 29, 2019 Thank you @TheSaint I guess I may need to go to Sophos forums for this one and have the real examples for them to see if signatures differs or not.
BigDaddyO Posted April 29, 2019 Posted April 29, 2019 You could also just compile your scripts as .a3x "it's a radio option in the compiler" and then launch them via a shortcut created that points to the autoit3.exe and the .a3x file as a command line option. I have been slowly moving all my automations over to that as they never seem to get flagged. TheSaint 1
TheSaint Posted April 30, 2019 Posted April 30, 2019 (edited) Or just associate the .a3x file with wherever you have autoit3.exe located. A good solution that has never occurred to me. No doubt successful because essentially just text based like a script (plus dependencies), and I have never seen a script flagged by AV. And autoit3.exe has been signed and doesn't change very often. Edited April 30, 2019 by TheSaint Make sure brain is in gear before opening mouth! Remember, what is not said, can be just as important as what is said. Spoiler What is the Secret Key? Life is like a Donut If I put effort into communication, I expect you to read properly & fully, or just not comment. Ignoring those who try to divert conversation with irrelevancies. If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it. I'm only big and bad, to those who have an over-active imagination. I may have the Artistic Liesense to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)
.thumb.png.82dc9d6dc958dcab3f977d6fefcf7ef4.png)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now