Hi AutoIT masters,
Good day! Sorry to have bothered this forum but we really need help. We are working on an automation project that is running on VDI server. The BOTS are in .exe are running fine until AV detected them and deleted the files. The files were re-compiled and AV kept on deleting them. The copy of the .exe BOT deleted were sent to Symantec for whitelisting. After whitelisting, it is no longer deleted but no longer working as designed (showing Line script error). We checked the scripts and there were no issues since we run it using SciTE editor and it performed the desired task. Good thing we found on this thread the solution using .a3x and the BOTS worked fine and no longer deleted. Now, the problem is they are asking why the BOTS won't run in .EXE and what is the reason behind Symantec AV deleting them. We raised a case with Symantec but they cannot provide further information as they are always seeing the file as "False Positive". We even tested with Symantec turned off and those .EXE files are working fine, however, after re-enabling, it got deleted.
Just seeking help on how to better convince them that it is really Symantec causing the issue and the .a3x file.
Greetings to all,
This may relate in regards to
If I have 2 different au3 scripts compiled individually as a standalone executable(s) (compilation settings are the same)
If I have one au3 script compiled as a standalone executable(s) with different compilation settings.
Does an Anti Virus see them as one signature for all? or treated as unique signatures?
My reason behind this is that I am trying to plan ahead on how to deal with these false positives.
I am a part of a small IT admin team that would like to automate some repeatable tasks using Autoit.
Our AV is Sophos if one is curious.
Any insights are highly appreciated!, many thanks in advance!
I've recently been getting hammered by Symantec SEP deleting all of my compiled scripts so I'm trying to figure out how I could run my scripts uncompiled.
Problem is, these scripts are typically launched from inside Citrix sessions that I don't have control of so I can't install AutoIT in there to get all the #Include files that my scripts are using.
I tried to use AU3Stripper and while, yes that did create a single file and I could run it. it put it in a state that I couldn't easily maintain going forward.
Is there any existing way to pull all the functions and drop them at the end of the main script? Not sure about the Globals and Constants though, I guess they would have to go to the top which shoves everything else down. I also need to maintain the current script spacing and comments as I often have to update older scripts and need the comments to help with that.
Local $sAxName Local $oMSComm $sAxName = "MSCOMMLib.MSComm.1" $oMSComm = ObjCreate($sAxName) MsgBox(0, Default, StringFormat("Name: %s, Obj %d, Err %d", $sAxName, IsObj($oMSComm), @error)) I'm talking to serial ports (for Arduino) using the MSComm object. It all runs fine from SciTE or .exe. If I compile to .a3x the object is not created. I could manage without .a3x but I like it because it compiles faster.
Think this has been discussed before, but is there any way of signing a compiled script with a certificate?
Reason I ask is that some AV products keep on producing 'Generic Trojan' false positives on compiled scripts. I'm told that signing with a certificate from a trusted source might reduce this problem.