Jump to content

Recommended Posts

Hey guys,

I having some hard times getting false-positive, probably because I am trying to execute my AutoUpdater.

Here is my code:

Global $iUpdateTimer = 0

While 1

Func checkUpdates($iDelay = 10)
    $iDelay = $iDelay * 1000 * 60
    If TimerDiff($iUpdateTimer) > $iDelay Then
        ConsoleWrite('checking for updates...' & @CRLF)
        $iUpdateTimer = TimerInit()

        If FileExists('AutoUpdater.exe') Then ShellExecuteWait('AutoUpdater.exe') ; this is the line which cause my problem

And AutoUpdater code:

#include <MsgBoxConstants.au3>
#include <FileConstants.au3>

Global $sExecName = 'test.exe'
Global $sUpdatePath = @UserProfileDir &'\desktop\AnyAppName\update\'& $sExecName
Global $sUserPath = @UserProfileDir &'\desktop\AnyAppName\'& $sExecName
Global $sCopyright = 'someUniqueStringHere'

If Not FileExists($sUpdatePath) Then Exit 0
If FileGetVersion($sUpdatePath, $FV_LEGALCOPYRIGHT) <> $sCopyright Then Exit 0 ; checking if we really want to update and execute the file

If FileGetVersion($sUpdatePath) > FileGetVersion($sUserPath) Then
    $iResponse = MsgBox(BitOR($MB_YESNO, $MB_ICONQUESTION),'AnyAppName', 'There is an update available, would you like to update?')
    If $iResponse == $IDYES Then
        If ProcessExists($sExecName) Then
        FileCopy($sUpdatePath, $sUserPath, $FC_OVERWRITE)
        Exit 1
Exit 0

I am not trying to ask, why is my code is getting recognized as false-positive, because this is quite obvious, but is there any other way to get things done without running external process?


Edited by DesireDenied
Link to post
Share on other sites

thanks Jos, it is really good place to start but I have already read this.

the problem is, I dont want to indicate my AutoUpdater as false-positive on every single workstation in my company.
just wondering if there is any other way to autoupdate my compiled script file.

I can always wait till the end of the day, and then manually update all the copies of my compiled script but I am not really satisfied with this option.

Edited by DesireDenied
Link to post
Share on other sites

The script could set itself in the whilelist of the AV, so you do not have to perform this task manually.  Shouldn't be too much of a problem to program it.  Once it is done, then run your autoUpdater.

Link to post
Share on other sites

I made a lot of noise around the topic, but today when I got back to work, everything seems completely fine.

I have just changed one line:

; orignal line
If FileExists('AutoUpdater.exe') Then ShellExecuteWait('AutoUpdater.exe')

; changed to
If FileExists('AutoUpdater.exe') Then RunWait('AutoUpdater.exe')

and the false-positive is gone.

Thank you guys for all your help, especially @Exit - will try this one.

By the way, we are using ESET Antivirus, if someone is interested.

Edited by DesireDenied
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By nacerbaaziz
      hello autoit team
      is there any wey to check if any process run as admin or no?
      i mean e.g if i want to restart any process, now i have the ability to get the process path and commands line
      what i need is a wey to check if the process was runing as admin or no to restart it with the same state.
      here is the part that am using it to restart the process
      func _processRestart($i_pid, $s_ProcessPath) if not (ProcessExists($i_ProcessPid)) then return SetError(1, 0, -1) local $s_ProcessWorkDir = _WinAPI_GetProcessWorkingDirectory($i_ProcessPid) ProcessClose($i_ProcessPid) ProcessWaitClose($i_ProcessPid) ProcessWait(ShellExecute($i_pid,"", $s_ProcessWorkDir)) ProcessesGetList() return true endFunc thanks in advance
    • By Miliardsto
      I want to detect if exact process or window uses directx or opengl or maybe something else library used in applications.
      Thats becouse there could be many windows with same names and different names and the same with process. I got so much process names I want to my script works with all, so i want standardize.
      All of this processes uses DirectX or OpenGL so then If I check this window/process uses these libraries I will be sure thats the right process
    • By TryWare90Days
      I'm trying to kill a malware process, that I can't remove with my www.sophus.com/hom antivirus.

      The malware is known as coinminer,config and my Sophus only creates popups of blocking the malware.

      I know that the malware is constantly launching a svchost *32.exe processes, where the svchost.exe processes are from my Windows 7 operating system.
      I have with no luck tried to do this:
      Global $_bStatus = False
      While $_bStatus = False
                 Global $_iPid
                 Global $_sActiveTitleNew = "svchost *32.exe"
                 $_iPid = WinGetProcess($_sActiveTitleNew)
                 If $_iPid <> -1 Then $_bStatus = ProcessClose($_iPid)   
      But the $_iPid doesn't ever show anything else than  -1, even if I can see the svchost *32.exe process in my TaskManager
      YES - I know I shouldn't EXIT after killing the first malware detection, but it is easier to explain the above for you, so I can get a solution.
    • By nacerbaaziz
      Hello my friends
      I have an inquiry after your permission
      I found a function to get the special line commands for any operation
      It requires the name of the process to be searched
      I want to use it to know the process
      Is this possible with this function
      Here is the code
      Func commandLineGet($proc, $strComputer=".")
      dim $array[1]
      local $ArrayNumber
      local $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
      local $oProcessColl = $oWMI.ExecQuery("Select * from Win32_Process where Name= " & '"'& $Proc & '"')
      local $Process
      For $Process In $oProcessColl
      $Process = $Process.Commandline
          ReDim $Array[UBound($Array)+1]
      $ArrayNumber = UBound($Array)-1
      $array[$ArrayNumber] = $Process
      $ArrayNumber = UBound($Array)-1
      $array[0] = $ArrayNumber
      return $array
  • Create New...