Jump to content

Yet another Compiled Script & AV Question


Recommended Posts

Greetings to all,

This may relate in regards to

My question:
If I have 2 different au3 scripts compiled individually as a standalone executable(s) (compilation settings are the same)

OR

If I have one au3 script compiled as a standalone executable(s) with different compilation settings.

Does an Anti Virus see them as one signature for all? or treated as unique signatures?

 

My reason behind this is that I am trying to plan ahead on how to deal with these false positives.
I am a part of a small IT admin team that would like to automate some repeatable tasks using Autoit.
Our AV is Sophos if one is curious.

Any insights are highly appreciated!, many thanks in advance!

Link to comment
Share on other sites

Often it seems to me, that UPX is a factor in false positives.

So you could have one compiled version that doesn't use UPX compression ... or uses an older version of it ... or uses a different compressor program.

Depends on your file size requirement I guess.

The upx.exe program file can be found in the Aut2Exe folder.

That type of change might give you enough difference.

However, I don't know enough about signatures to comment on that side of it.

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Link to comment
Share on other sites

You could also just compile your scripts as .a3x "it's a radio option in the compiler" and then launch them via a shortcut created that points to the autoit3.exe and the .a3x file as a command line option.  I have been slowly moving all my automations over to that as they never seem to get flagged.

Link to comment
Share on other sites

Or just associate the .a3x file with wherever you have autoit3.exe located.

A good solution that has never occurred to me. No doubt successful because essentially just text based like a script (plus dependencies), and I have never seen a script flagged by AV. And autoit3.exe has been signed and doesn't change very often.

Edited by TheSaint

Make sure brain is in gear before opening mouth!
Remember, what is not said, can be just as important as what is said.

Spoiler

What is the Secret Key? Life is like a Donut

If I put effort into communication, I expect you to read properly & fully, or just not comment.
Ignoring those who try to divert conversation with irrelevancies.
If I'm intent on insulting you or being rude, I will be obvious, not ambiguous about it.
I'm only big and bad, to those who have an over-active imagination.

I may have the Artistic Liesense ;) to disagree with you. TheSaint's Toolbox (be advised many downloads are not working due to ISP screwup with my storage)

userbar.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...