Yet another Compiled Script & AV Question

[ambad4u]

Greetings to all,

This may relate in regards to

My question:
If I have 2 different au3 scripts compiled individually as a standalone executable(s) (compilation settings are the same)

OR

If I have one au3 script compiled as a standalone executable(s) with different compilation settings.

Does an Anti Virus see them as one signature for all? or treated as unique signatures?

 

My reason behind this is that I am trying to plan ahead on how to deal with these false positives.
I am a part of a small IT admin team that would like to automate some repeatable tasks using Autoit.
Our AV is Sophos if one is curious.

Any insights are highly appreciated!, many thanks in advance!

[TheSaint]

Often it seems to me, that UPX is a factor in false positives.

So you could have one compiled version that doesn't use UPX compression ... or uses an older version of it ... or uses a different compressor program.

Depends on your file size requirement I guess.

The upx.exe program file can be found in the Aut2Exe folder.

That type of change might give you enough difference.

However, I don't know enough about signatures to comment on that side of it.

[ambad4u]

Thank you @TheSaint

I guess I may need to go to Sophos forums for this one and have the real examples for them to see if signatures differs or not.

[BigDaddyO]

You could also just compile your scripts as .a3x "it's a radio option in the compiler" and then launch them via a shortcut created that points to the autoit3.exe and the .a3x file as a command line option.  I have been slowly moving all my automations over to that as they never seem to get flagged.

[TheSaint]

Or just associate the .a3x file with wherever you have autoit3.exe located.

A good solution that has never occurred to me. No doubt successful because essentially just text based like a script (plus dependencies), and I have never seen a script flagged by AV. And autoit3.exe has been signed and doesn't change very often.

Edited April 30, 2019 by TheSaint