Au3toCmd -- Avoid false virus positives. (Version: 2022.09.01)

[Exit]

@Borje  You have already confirmed that it works with a desktop path without special letters.
Unfortunately, I can not undertake any further investigation because I have no suitable environment.

[Borje]

Ok, I understand i think it could also be in the power shell to I think a solution can be if it possible to change the code page encoding.

[Exit]

Here is a special debugging version.
It includes a codepage change: chcp 1252
Just show me the resulting window.

Obsolete code deleted.

 

Edited July 22, 2020 by Exit
Obsolete code deleted.

[Borje]

Hi Exit !

I have test the A2C.au3 and that works perfect it creates the icon on my desktop no problems. 

[Exit]

New version in the first post. Codepage 1252 inserted.

[Borje]

Thank you very much now all works i have also test and create users that have  ä å ö and all works perfect thanks for your help...

 

[MightyWeird]

Hi, 

Nice job creating this, looks realy promising. 

But... When I run the cmd file, my scripts starts just fine. But when I extract the zip and run the newly genereated CMD file, it looks like my script file is scrambled.

 

Any clues how to debug?

 

 

[Exit]

Thanks for your report.
Since the original CMD file works, I assume that there is a problem with the unzipper.
Which unzipper do you use?
Buildin Windows or 7Zip or ...?

Can you please try a simple script?
For example the one-liner:

MsgBox (0, default, "Hello world")

 

[MightyWeird]

Yes that worked, 

So I tried again, and remembered I cheated a little. When I run the au3tocmd script, it runs au3check.exe", ' -q, and gave me an error. So stubborn me, I removed that line.

So now I restored the line and fixed the error:  I run autoit from beta, so I modified  your script to "$sA3Dir & "\beta\" on several lines. 

Now it created a zip without issues

I extracted the zip again (tried 7zip and builtin windows explorer) ,and run the CMD file. Now it just does seem to run the autoit script at all. (But it does not give a scrambled autoit error either) When running from cmd prompt I get this:

 

The original cmd file gives me: processid = 644 and returnvalue = 0, and than the script starts up normally. 

I will try to extract the datastream with nirsoft AlternateStreamView and see how that goes.

 

I added the zip 

blogt4.cmd.ADS.zip

Edited September 11, 2020 by MightyWeird
Typos

[Exit]

16 hours ago, MightyWeird said:

Yes that worked, 

What worked? The one-liner in the zipped version? 
If YES, then send me please the source of the failing script for debugging.

[MightyWeird]

modern.7z

Yes, the onliner.

I included the script with a udf file.

[Exit]

I have now tested your script and found no errors. Neither in the CMD version nor in the zipped CMD version.
The GUI shows fine.
However, I haven't tested the beta version.

[MightyWeird]

You are correct. The problem was on my end. 

I got a fresh copy of your script without my beta modifications. I modified my script / setup to non beta. 

Looks fine now.

Thank you.

 

[Exit]

It was my pleasure to help you.
Do not hesitate if problems arise again.

[Exit]

Hello @MightyWeird . Just one more note if you want to use the Autoit Beta version:
Do not modify the Au3toCmd, just compile your script in the beta environment and use the resulting EXE file as input in Au3toCmd.

[Borje]

Hi Exit
Which is best to convert an exe file to a3x and then run yours
Au3toCmd or running the exe file in your Au3toCmd program?
Which of these options will be the best protection against Avoid false positives?

 

 

[t0nZ]

58 minutes ago, Borje said:

Hi Exit
Which is best to convert an exe file to a3x and then run yours
Au3toCmd or running the exe file in your Au3toCmd program?
Which of these options will be the best protection against Avoid false positives?

 

 

I am very interested in this topic. 

Never used the ax3 way only because I think is more vulnerable than a .exe (yes you can decompile... but I wrote password in crypted .ini files and some other tricks..)

In my company we use extensively Autoit EXEs (no a3x), so much that my company agree to  add global virus exceptions to the executables made with autoit.

And executables with FTP/SFTP instructions are always suspect to antiviruses....

But I don't love this approach, and also I want to distribute some executables outside my company (friends.. with other antiviruses)

I am trying this @Exit solution and it's working well, now I am guessing how to deploy my scripts remotely and autoMagically (you have to distribute a .zip, unzip, and first time launch a .cmd, check the existance of the icon...  ) 

Also my concern is about the alternate data stream... Maybe one day the AV (and other security tools we have...) can start to  check also the alternate data stream ... I don't know.... 

[Exit]

1 hour ago, Borje said:

Which of these options will be the best protection against Avoid false positives?

Hello @Borje, I think that the solution with entering an A3X file is better than entering an EXE file, because the "Autoit3.exe" file is accepted as trustworthy by most virus scanners.

19 minutes ago, t0nZ said:

now I am guessing how to deploy my scripts remotely

Hello @t0nZ,, unfortunately the way via a zip file is inevitable, as ADS files cannot be sent via FTP or email.

20 minutes ago, t0nZ said:

Also my concern is about the alternate data stream... Maybe one day the AV (and other security tools we have...) can start to  check also the alternate data stream ...

and that's why I recommended Borje to use the A3X variant.

[Musashi]

First of all : This is not a negative evaluation of the project made by @Exit !

53 minutes ago, t0nZ said:

Never used the ax3 way only because I think is more vulnerable than a .exe (yes you can decompile... but I wrote password in crypted .ini files and some other tricks..)

According to my knowledge, a standalone .a3x file is no different from the variant included in the .exe (experts like @Jos may correct me). Therefore an .a3x file is not more vulnerable at all.

The aspect "alternate data streams" has just been answered by @Exit  while I was writing this post .

[Jos]

Correct...  The exe has the same "file" included in the PE header.

Jos

Edited October 15, 2020 by Jos