Anarethos Posted November 29, 2020 Posted November 29, 2020 Hi everyone! I am developing a free software for helping IT people creating recovery partition on Windows 7/8/10 computer since many years. My tools use a mix of AutoIT, CMD and PowerShell script. Until now, I always sought help on a different forum because I had mostly issue with non-AutoIT related stuff. Saddly, now, I need help for the AutoIT part and so here I am. The problem? Virus false positives on some of my script. My whole package is tagged as a Virus since some of my included script are false positive. And I am afraid that sooner or later, my whole web site will be flagged as bad. In the past I was able to fix that by either changing AutoIT version, playing with UPX or even send my EXE file to AntiVirus company to have that fixed. I also went the route to self-signe my EXE file and install the root certificate on the target computer (it was a documented solution in my script and IT people could resing my EXE with their onw valid certificate if needed). But I decided to do it in a different way now with my new version. I won’t compile anymore my script but simplu put the AU3 file + AutoIT3 executable (both 32 and 64 version) on the computer. Works great! Well, mostly. I still have 1 situation where I can’t do that. In the Windows 7 Recovery Environment, the name shown in the menu is extracted from the “ProductName” of the EXE. Idem for the Icon. Putting AutoIT exe file there to call my AU3 script create a problem because it won’t show “Recovery Tools” with my Icon by the AutoIT icon with the AutoIT name. Sure, I could probably fix that my using a ResHacker to change the EXE info, but I pretty sure it goes against all copyright law, forums rules and EULA so I won’t go this route at all. So I though about the following solution but I am unsure about the best solution. 1 1) Password protect my package and give the password on my web site. Should works but not a clean solution 2) Not provide the compiled EXE in my script but having AutoIT compile It automatically during the installation process 3) Try to learn another programming language to create a launcher to run my non-compiled script 4) Leave it as it is right now. The EXE will be in a WIM image, so the target computer won’t see the file and AV software won’t say anything. Still, my package will still be flagged. 5) Another solution that maybe you have in head other that contacting AV software. It is a never-ending game going this route Right now, I am going to use the 4+1 route. Leaving the EXE intact in my archive and password protect it. Anyone can give me another solution?
GokAy Posted November 29, 2020 Posted November 29, 2020 (edited) Hey, For 1) Not sure of normal zips, but for self-extracting zips you can edit the texbox that asks for the password and write on it with ResHacker, no need to provide anything anywhere unless they are blind 😛 I don't know if it would help you buy maybe give new ideas to explore, check out my way of avoiding flags. Check out the link at the start too. Edit: The problem with self-extracting exe is chrome doesn't download anymore from a Google Drive (not signed and definitely unknown file) Edited November 29, 2020 by GokAy
Exit Posted November 29, 2020 Posted November 29, 2020 (edited) @Anarethos Just use Au3toCmd -- Avoid false positives (see my signature) Edited November 29, 2020 by Exit App: Au3toCmd UDF: _SingleScript()
Exit Posted November 29, 2020 Posted November 29, 2020 (edited) sorry, duplicate post. Edited November 29, 2020 by Exit App: Au3toCmd UDF: _SingleScript()
Anarethos Posted November 30, 2020 Author Posted November 30, 2020 @GokAy @Exit Thanks for your suggestion but they won't work. The WinRE don't have any WOW64 option. Wo the 64bits WinRE can only run native 64 bits apps. Cannot run 32bits apps. Also there is no real gui. It is just a menu that launch simple EXE files. The name/icon in the menu are extracted from the EXE file. Finally I am pretty sure I can't save NTFS ADS on a WinRAR SFX volume. Anyway, my tools need to bu installed from the bootable USB key sued to install Windows which don't support ADS since it is not NTFS. I took another look at my old code and I will be able to migrate another script. It will leave only 1 EXE compiled from AutoIT script. Everything else will be run with the interpreter directly. Not bad. I think I will do like I did in the past (and that @GokAy also said) and will but the uncompress password in the WinRAR SFX screen. Anyway, one day, I will stop supporting Windows 7 with my stuff and the problem will then be gone.
Zedna Posted December 1, 2020 Posted December 1, 2020 (edited) Some tips: 1) Add directory containing AutoIt's stuff (EXE files) to exclusion in your AV (antivirus software) 2) Try to compile to A3X instead of EXE Edited December 1, 2020 by Zedna Resources UDF ResourcesEx UDF AutoIt Forum Search
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now