Jump to content

AutoUpdater - false / positive problem

DesireDenied
 Share Followers 4

Recommended Posts

DesireDenied

DesireDenied 1

Posted
Posted (edited)

Hey guys,

I having some hard times getting false-positive, probably because I am trying to execute my AutoUpdater.

Here is my code:
  

Global $iUpdateTimer = 0

While 1
    checkUpdates(10)
WEnd


Func checkUpdates($iDelay = 10)
    $iDelay = $iDelay * 1000 * 60
    If TimerDiff($iUpdateTimer) > $iDelay Then
        ConsoleWrite('checking for updates...' & @CRLF)
        $iUpdateTimer = TimerInit()

        If FileExists('AutoUpdater.exe') Then ShellExecuteWait('AutoUpdater.exe') ; this is the line which cause my problem
    EndIf
EndFunc

And AutoUpdater code: 

#include <MsgBoxConstants.au3>
#include <FileConstants.au3>

Global $sExecName = 'test.exe'
Global $sUpdatePath = @UserProfileDir &'\desktop\AnyAppName\update\'& $sExecName
Global $sUserPath = @UserProfileDir &'\desktop\AnyAppName\'& $sExecName
Global $sCopyright = 'someUniqueStringHere'

If Not FileExists($sUpdatePath) Then Exit 0
If FileGetVersion($sUpdatePath, $FV_LEGALCOPYRIGHT) <> $sCopyright Then Exit 0 ; checking if we really want to update and execute the file

If FileGetVersion($sUpdatePath) > FileGetVersion($sUserPath) Then
    $iResponse = MsgBox(BitOR($MB_YESNO, $MB_ICONQUESTION),'AnyAppName', 'There is an update available, would you like to update?')
    If $iResponse == $IDYES Then
        If ProcessExists($sExecName) Then
            ProcessClose($sExecName)
            Sleep(500)
        EndIf
        FileCopy($sUpdatePath, $sUserPath, $FC_OVERWRITE)
        Sleep(3000)
        ShellExecute($sUserPath)
        Exit 1
    EndIf
EndIf
Exit 0

I am not trying to ask, why is my code is getting recognized as false-positive, because this is quite obvious, but is there any other way to get things done without running external process?
 

ss.JPG

Edited by DesireDenied
Link to post
Share on other sites
DesireDenied

DesireDenied 1

Posted
  • Author
Posted (edited)

thanks Jos, it is really good place to start but I have already read this.

the problem is, I dont want to indicate my AutoUpdater as false-positive on every single workstation in my company.
just wondering if there is any other way to autoupdate my compiled script file.

I can always wait till the end of the day, and then manually update all the copies of my compiled script but I am not really satisfied with this option.

Edited by DesireDenied
Link to post
Share on other sites
Nine

Nine 1,521

Posted
Posted

The script could set itself in the whilelist of the AV, so you do not have to perform this task manually.  Shouldn't be too much of a problem to program it.  Once it is done, then run your autoUpdater.

Not much of a signature but working on it...

Spoiler

Block all input without UAC

Save/Retrieve Images to/from Text

 Monitor Management (VCP commands)

Tool to search content in au3 files

Date Range Picker

 Virtual Desktop Manager

Sudoku Game 2020

Overlapped Named Pipe IPC

 HotString 2.0 - Hot keys with string

x64 Bitwise Operations

Multi-keyboards HotKeySet

 Recursive Array Display

Fast and simple WCD IPC

Multiple Folders Selector

 

GIF Animation (cached)

Screen Scraping

 

 

Link to post
Share on other sites
DesireDenied

DesireDenied 1

Posted
  • Author
Posted (edited)

I made a lot of noise around the topic, but today when I got back to work, everything seems completely fine.

I have just changed one line:
  

; orignal line
If FileExists('AutoUpdater.exe') Then ShellExecuteWait('AutoUpdater.exe')

; changed to
If FileExists('AutoUpdater.exe') Then RunWait('AutoUpdater.exe')

and the false-positive is gone.

Thank you guys for all your help, especially @Exit - will try this one.

By the way, we are using ESET Antivirus, if someone is interested.

Edited by DesireDenied
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 4
Go to topic listing

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • nacerbaaziz
      check if any process run as administrator
      By nacerbaaziz
      hello autoit team
      is there any wey to check if any process run as admin or no?
      i mean e.g if i want to restart any process, now i have the ability to get the process path and commands line
      what i need is a wey to check if the process was runing as admin or no to restart it with the same state.
      here is the part that am using it to restart the process
      func _processRestart($i_pid, $s_ProcessPath) if not (ProcessExists($i_ProcessPid)) then return SetError(1, 0, -1) local $s_ProcessWorkDir = _WinAPI_GetProcessWorkingDirectory($i_ProcessPid) ProcessClose($i_ProcessPid) ProcessWaitClose($i_ProcessPid) ProcessWait(ShellExecute($i_pid,"", $s_ProcessWorkDir)) ProcessesGetList() return true endFunc thanks in advance
    • gurrenm3
      How to do image searching with multi-threading
      By gurrenm3
    • Miliardsto
      Detect DirectX or OpenGL
      By Miliardsto
      I want to detect if exact process or window uses directx or opengl or maybe something else library used in applications.
      Thats becouse there could be many windows with same names and different names and the same with process. I got so much process names I want to my script works with all, so i want standardize.
      All of this processes uses DirectX or OpenGL so then If I check this window/process uses these libraries I will be sure thats the right process
    • TryWare90Days
      how to get a pid for a *32 process
      By TryWare90Days
      I'm trying to kill a malware process, that I can't remove with my www.sophus.com/hom antivirus.

      The malware is known as coinminer,config and my Sophus only creates popups of blocking the malware.

      I know that the malware is constantly launching a svchost *32.exe processes, where the svchost.exe processes are from my Windows 7 operating system.
      I have with no luck tried to do this:
      Global $_bStatus = False
      While $_bStatus = False
                 Global $_iPid
                 Global $_sActiveTitleNew = "svchost *32.exe"
                 $_iPid = WinGetProcess($_sActiveTitleNew)
                 If $_iPid <> -1 Then $_bStatus = ProcessClose($_iPid)   
      Wend
      EXIT
       
      But the $_iPid doesn't ever show anything else than  -1, even if I can see the svchost *32.exe process in my TaskManager
       
      YES - I know I shouldn't EXIT after killing the first malware detection, but it is easier to explain the above for you, so I can get a solution.
    • nacerbaaziz
      how to get the process comands line by process pid
      By nacerbaaziz
      Hello my friends
      I have an inquiry after your permission
      I found a function to get the special line commands for any operation
      It requires the name of the process to be searched
      I want to use it to know the process
      Is this possible with this function
      Here is the code
       
      Func commandLineGet($proc, $strComputer=".")
      dim $array[1]
      local $ArrayNumber
      local $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
      local $oProcessColl = $oWMI.ExecQuery("Select * from Win32_Process where Name= " & '"'& $Proc & '"')
      local $Process
      For $Process In $oProcessColl
      $Process = $Process.Commandline
          ReDim $Array[UBound($Array)+1]
      $ArrayNumber = UBound($Array)-1
      $array[$ArrayNumber] = $Process
      Next
      $ArrayNumber = UBound($Array)-1
      $array[0] = $ArrayNumber
      return $array
      EndFunc
×
×
  • Create New...