Jump to content
MarkIT

Reason behind why compiled 32-bit .exe are AV flagged but not 64-bit

Recommended Posts

Hi AutoIT Masters,

Sorry again but Just want to know if you have any idea why the AutoIT scripts converted into 32-bit.exe files are being deleted by AV but not 64-bit.exe. If we raise it to the AV whitelisting, they come back saying it is false positive.

I disabled AV and everything goes well.

OS: Windows 10 - 64 bit

AV: Symantec

Thanks for the help.

AutoIT test.JPG

Edited by Melba23
Alterred thread title

Share this post


Link to post
Share on other sites
6 hours ago, MarkIT said:

have any idea why the AutoIT scripts converted into 32-bit.exe files are being deleted by AV

Are you using UPX program compression?

#AutoIt3Wrapper_UseUpx=Y

 

Edited by TheXman

Share this post


Link to post
Share on other sites

same thing occured to me with Windefender and no UPX.

I hope Jon see this post and can give us some high lights

Share this post


Link to post
Share on other sites

Signature beginning:   Wondering who uses AutoIT and what it can be used for ?
* GHAPI UDF - modest beginning - communication with GitHub REST API Forum Rules *
Include Dependency Tree (Tool for analyzing script relations)
ADO.au3 UDF     POP3.au3 UDF     XML.au3 UDF    How to use IE.au3  UDF with  AutoIt v3.3.14.x  for other useful stuff click the following button

Spoiler

Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind. 

My contribution (my own projects): * Debenu Quick PDF Library - UDF * Debenu PDF Viewer SDK - UDF * Acrobat Reader - ActiveX Viewer * UDF for PDFCreator v1.x.x * XZip - UDF * AppCompatFlags UDF * CrowdinAPI UDF * _WinMergeCompare2Files() * _JavaExceptionAdd() * _IsBeta() * Writing DPI Awareness App - workaround * _AutoIt_RequiredVersion() * Chilkatsoft.au3 UDF * TeamViewer.au3 UDF * JavaManagement UDF * VIES over SOAP * WinSCP UDF * GHAPI UDF - modest begining - comunication with GitHub REST APIErrorLog.au3 UDF - A logging Library *

My contribution to others projects or UDF based on  others projects: * _sql.au3 UDF  * POP3.au3 UDF *  RTF Printer - UDF * XML.au3 UDF * ADO.au3 UDF SMTP Mailer UDF * Dual Monitor resolution detection * * 2GUI on Dual Monitor System * _SciLexer.au3 UDF * SciTE - Lexer for console pane

Useful links: * Forum Rules * Forum etiquette *  Forum Information and FAQs * How to post code on the forum * AutoIt Online Documentation * AutoIt Online Beta Documentation * SciTE4AutoIt3 getting started * Convert text blocks to AutoIt code * Games made in Autoit * Programming related sites * Polish AutoIt Tutorial * DllCall Code Generator * 

Wiki: Expand your knowledge - AutoIt Wiki * Collection of User Defined Functions * How to use HelpFile * Good coding practices in AutoIt * 

IE Related:  * How to use IE.au3  UDF with  AutoIt v3.3.14.x * Why isn't Autoit able to click a Javascript Dialog? * Clicking javascript button with no ID * IE document >> save as MHT file * IETab Switcher (by LarsJ ) * HTML Entities * _IEquerySelectorAll() (by uncommon) * IE in TaskScheduler

I encourage you to read: * Global Vars * Best Coding Practices * Please explain code used in Help file for several File functions * OOP-like approach in AutoIt * UDF-Spec Questions *  EXAMPLE: How To Catch ConsoleWrite() output to a file or to CMD *

"Homo sum; humani nil a me alienum puto" - Publius Terentius Afer
"Program are meant to be read by humans and only incidentally for computers and execute" - Donald Knuth, "The Art of Computer Programming"
:naughty:  :ranting:, be  :) and       \\//_.

Anticipating Errors :  "Any program that accepts data from a user must include code to validate that data before sending it to the data store. You cannot rely on the data store, ...., or even your programming language to notify you of problems. You must check every byte entered by your users, making sure that data is the correct type for its field and that required fields are not empty."

Signature last update: 2020-09-18

Share this post


Link to post
Share on other sites

MarkIT,

As I posted when closing your completely unnecessary (although I know you were pointed there) Trac ticket - it is nothing to do with an AutoIt bug. If Symantec already agree it is a false positive then ask them to change their algorithm to prevent it being flagged - that has worked for me with other AV providers in the past.

Thread locked.

M23

 


Public_Domain.png.2d871819fcb9957cf44f4514551a2935.png Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind

Open spoiler to see my UDFs:

Spoiler

ArrayMultiColSort ---- Sort arrays on multiple columns
ChooseFileFolder ---- Single and multiple selections from specified path treeview listing
Date_Time_Convert -- Easily convert date/time formats, including the language used
ExtMsgBox --------- A highly customisable replacement for MsgBox
GUIExtender -------- Extend and retract multiple sections within a GUI
GUIFrame ---------- Subdivide GUIs into many adjustable frames
GUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView items
GUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeView
Marquee ----------- Scrolling tickertape GUIs
NoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxes
Notify ------------- Small notifications on the edge of the display
Scrollbars ----------Automatically sized scrollbars with a single command
StringSize ---------- Automatically size controls to fit text
Toast -------------- Small GUIs which pop out of the notification area

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By HenryJiu
      Hello!
      I have a question , about Mac and Autoit3.
      I want to convert my script to Mac App,but Aut2Exe just convert to EXE!
      So I asked if there was a way to convert scripts to MAC App
      My English isn't very good,so don't laugh please😃
    • By JoGa
      Greetings,
      here is a Autoit3 v3.3.14.5, 64 Bit installation on windows 10 with current updates.
      In a simple script I'm Dllcall'ing a 64 bit dll.
      # T1.au3 Local $name = "T1DLL.dll" if (FileExists($name)) Then ConsoleWrite("DLL '" &$name &"' exists" &@CRLF) EndIf Local $DLL = DllOpen($name) if (@ERROR OR $DLL = -1) then ConsoleWrite("DllOpen ERROR=" &@ERROR &" DLL=" &$DLL &@CRLF) Else ConsoleWrite("DllOpen Success" &@CRLF) endif DllCall($DLL, "none:cdecl", "SomeFunction", "str", "DLL Call from T1.au3") if (@ERROR) then ConsoleWrite("DllCall ERROR=" &@ERROR &" DLL=" &$DLL &@CRLF) Else ConsoleWrite("DllCall Success" &@CRLF) endif The C code contains one 64 bit OpenCV call:    cv::destroyAllWindows();.

      Excuting T1.au3 with SciTE gives:

      If the c code is compiled *without* the OpenCV call T1.au3 runs successful:
       
      I checked T1DLL.dll, it's definitely a 64 bit dll.
      What could cause the problem?
      Any hint would be very much appreciated.
      Thanks
      Wolf
       
       
       
       
    • By Prabuddha
      my .au3 file runs without any problems with SciTE editor. But when I compiled it to exe file, it is give me errors. below you can see my code and error with my AutoIt versions.
      How can I solve this?
      SciTE Version 4.1.0 autoIt script file name = gitversion.au3 complide exe file name = gitversion.exe  
      #RequireAdmin ;set mouse coordinates relative to window size by giving value 0 for second parameter AutoItSetOption('MouseCoordMode', 0) $System32Dir=@SystemDir $SystemDriveLetter=Stringleft($System32Dir,1) ;$SystemDriveLetter example is 'C' drive in the hard-disk (windows installed drive letter) ;msgbox(0,0,'System drive letter is: ' & $SystemDriveLetter) DirRemove($SystemDriveLetter & ":\GitTest\Git",1) DirCreate($SystemDriveLetter & ":\GitTest") Local $gitHere = $SystemDriveLetter & ":\GitTest" DirCreate($SystemDriveLetter & ":\JasperDesti") ; Disable user input from the mouse and keyboard. BlockInput(True) SplashTextOn("Installing","Please Wait..!", 200, 50) Run("cmd.exe") WinWaitActive("Administrator: " & $SystemDriveLetter & ":\WINDOWS\SYSTEM32\cmd.exe", "") $gitBashPath = $SystemDriveLetter & ":\Program Files\Git\bin\sh.exe" ControlSend("Administrator: " & $SystemDriveLetter & ":\WINDOWS\SYSTEM32\cmd.exe", "", "", '"' & $gitBashPath & '" --login') ;ControlSend("Administrator: C:\WINDOWS\SYSTEM32\cmd.exe", "", "", '"C:\Program Files\Git\bin\sh.exe" --login') Send("{Enter}") ControlSend("Administrator: " & $SystemDriveLetter & ":\WINDOWS\SYSTEM32\cmd.exe", "", "", 'cd ' & $gitHere) Send("{Enter}") ControlSend("Administrator: " & $SystemDriveLetter & ":\WINDOWS\SYSTEM32\cmd.exe", "", "", 'git clone https://mcmedisoft.visualstudio.com/Git/_git/Git && echo "cloned"') Send("{Enter}") Local $gitSignIn = WinWait('Sign in to your account', '', 6) $lowerSysDriveLetter = StringLower($SystemDriveLetter) ;$gitSignIn = 0 means sign in window didn't apper because user already signed in to bash. $gitSignIn != 0 means user hasn't signed in and should type passwords. If $gitSignIn == 0 Then ControlSend("MINGW64:/" & $lowerSysDriveLetter & "/GitTest", "", "", "cd Git") Send("{Enter}") ControlSend("MINGW64:/" & $lowerSysDriveLetter & "/GitTest", "", "", "git checkout WorkerEvent") Send("{Enter}") ControlSend("MINGW64:/" & $lowerSysDriveLetter & "/GitTest", "", "", "exit") Send("{Enter}") ControlSend("MINGW64:/" & $lowerSysDriveLetter & "/GitTest", "", "", "exit") Send("{Enter}") Else WinActivate('Sign in to your account') ;MouseClick('primary', 126, 338, 2, 0) SplashOff() ; Enable user input from the mouse and keyboard. BlockInput(False) WinWaitClose('Sign in to your account') ; Disable user input from the mouse and keyboard. BlockInput(True) SplashTextOn("Installing","Please Wait..!", 200, 50) ControlSend("MINGW64:/" & $lowerSysDriveLetter & "/GitTest", "", "", "cd Git") Send("{Enter}") ControlSend("MINGW64:/" & $lowerSysDriveLetter & "/GitTest", "", "", "git checkout WorkerEvent") Send("{Enter}") ControlSend("MINGW64:/" & $lowerSysDriveLetter & "/GitTest", "", "", "exit") Send("{Enter}") ControlSend("MINGW64:/" & $lowerSysDriveLetter & "/GitTest", "", "", "exit") Send("{Enter}") ; Enable user input from the mouse and keyboard. BlockInput(False) WinWaitActive("Administrator: " & $SystemDriveLetter & ":\WINDOWS\SYSTEM32\cmd.exe", "", 4) ControlSend("Administrator: " & $SystemDriveLetter & ":\WINDOWS\SYSTEM32\cmd.exe", "", "", 'exit') Send("{Enter}") EndIf ; Enable user input from the mouse and keyboard. BlockInput(False) WinWaitClose("MINGW64:/" & $lowerSysDriveLetter & "/GitTest") DirRemove($SystemDriveLetter & ":\JasperDesti\tomcat", 1) ;$tomcatCreateSuccess = DirCreate($SystemDriveLetter & ":\JasperDesti\tomcat") ;DirCreate($SystemDriveLetter & ":\JasperDesti\tomcat") $sSourceFolder = $SystemDriveLetter & ":\GitTest\Git" $sDestFolder = $SystemDriveLetter & ":\JasperDesti\tomcat" _CopyFolder($sSourceFolder,$sDestFolder) SplashTextOn("Completed","Done..!", 200, 50) Sleep(1000) SplashOff ; _CopyFolder funchtion is use to copy a folder while displaying a progress bar func _CopyFolder($sSourceFolder,$sDestFolder) dirremove($sDestFolder,1) local $iSourceSize = DirGetSize($sSourceFolder), $iDestSize local $pid = Run(@AutoItExe & ' /AutoIt3ExecuteLine "DirCopy(''' & $sSourceFolder & ''', ''' & $sDestFolder & ''')"') ProgressOn("Copy Progress", "Please Wait...") Do $iDestSize = dirgetsize($sDestFolder) local $ipct = int(($iDestSize/$iSourceSize)*100) ProgressSet($ipct,$ipct & ' percent complete') sleep(20) Until not ProcessExists($pid) ProgressOff() endfunc  

    • By tremolux66
      Is there a way to have Aut2Exe write its error messages to the console (stdout/stderr) instead of popping up a message window?
      We build our project software using Bash scripts that compile AutoIt scripts, compile C programs, install data files, etc. If Aut2Exe encounters an error when compiling an AutoIt script it pops-up a message window, which is problematic when running from a Bash script. It's worse when part or all of the build is executed remotely via SSH: if you're watching the build, you can kill the local script if it gets stuck (i.e., is waiting for Aut2Exe to exit), but the Aut2Exe process is still running on the remote machine and has to be killed there.
      A local Aut2Exe already exits with a non-zero status once the window is closed (which is only a minor problem; see below). The big snag is the remote processing; cleaner local processing would be a plus.
      Note: For use in repetitive compilation testing, I created an AutoIt script that waits for Aut2Exe error windows to appear and closes them. In a Bash test-script, this error monitoring script is started in the background at the beginning of the test and killed at the end. This could be used with local builds, but I doubt it can be adapted to work on a remote machine since the remote SSH processes run in Windows Session 0 (including the login shell). Session 0 doesn't seem to be an issue if Aut2Exe exits normally, however.
      Any suggestions?
      (Abandoning remote compilation is not an option at the moment; we're trying to work our way out of that.)
    • By Dreamfire
      Hi,
      Since today, exe's are being flagged as having a trojan by Windows Defender (Fuery.B!cl)
      Version:  3.3.14.3 - SciTE Version 3.7.3



       

×
×
  • Create New...