WinHttp.WinHttpRequest.5.1 vs Windows Defender

sersam · June 30, 2021

I have problem with this object (WinHttp.WinHttpRequest). if I use this obj, the windows defender finding a virus (Win32/Wacapew.C!ml) when compiling.

Anybody know why happen it?

Edit: It's not happen every time. Interesting... May my pc has got a virus unconnected with autoit?

Edited June 30, 2021 by sersam

Luke94 · June 30, 2021

I'm using a 64-bit OS and if I use the Compile Script or Compile Script (x86) options, Windows Defender flags it as a virus. I have to specifically use the Compile Script (x64) option.

Maybe that'll help?

sersam · June 30, 2021

1 hour ago, Luke94 said:

I'm using a 64-bit OS and if I use the Compile Script or Compile Script (x86) options, Windows Defender flags it as a virus. I have to specifically use the Compile Script (x64) option.

Maybe that'll help?

Yeap it help but not enought. I tried 50 times with different options in aut2exe. (Lowest,low,normal,high,highest, and upx compress) Result is random. You may right, in x64 never did happen it but in x32 sometimes did happen it.

Thanks

Edited June 30, 2021 by sersam

Nine · June 30, 2021

Just exclude folders from AV...

sersam · June 30, 2021

3 hours ago, Nine said:

Just exclude folders from AV...

what is point? When I copy execute file it will already be detected. I mean the virus is not detected only when compile also it in compiled exe file. And I need to use exe on different computers. So I need to fix it, not cover it up.

Thanks for advice

Nine · June 30, 2021

5 minutes ago, sersam said:

So I need to fix it, not cover it up.

You won't fix it. You need to organize your computer environment properly. But if you do not want to help yourself, I guess I won't try to help you either.

Musashi · June 30, 2021

45 minutes ago, sersam said:

So I need to fix it, not cover it up.

@Nine 's advice is not just a "cover-up" but a legitimate solution !!

@sersam :

On your development machine, exclude the entire ..\AutoIt directory (and subfolders) from scanning by the virus software.

On third party computers create a directory, e.g. ..\AutoItExe, and exclude it from scanning. Afterwards copy your compiled AutoIt-Scripts into it.

If you do not have access rights to these computers, then the following alternative may help you :

https://www.autoitscript.com/forum/topic/34658-are-my-autoit-exes-really-infected/?do=findComment&comment=1472906

sersam · June 30, 2021

6 minutes ago, Musashi said:

@Nine 's advice is not just a "cover-up" but a legitimate solution !!

@sersam :

On your development machine, exclude the entire ..\AutoIt directory (and subfolders) from scanning by the virus software.

On third party computers create a directory, e.g. ..\AutoItExe, and exclude it from scanning. Afterwards copy your compiled AutoIt-Scripts into it.

If you do not have access rights to these computers, then the following alternative may help you :

https://www.autoitscript.com/forum/topic/34658-are-my-autoit-exes-really-infected/?do=findComment&comment=1472906

Ok, I guess I wasn't clear enough but @Nine 's advice is not useful for me. Also your method too. Let me explain, I'm programming a free software with Autoit. I know it's not designed for it but it's simple and powerful so I choose it. But I can't say to users that "you need to exclude program folders from your antivirus" or "I will give a3x file and please copy the AutoIt3_x64.exe to run the program." bla bla bla. They never do it.

But you and @Nine is right, I can't fixed because flags is flag and looks like that anti-viruses don't like autoit.

Thanks for help and advices. Be happy!

Musashi · June 30, 2021

7 minutes ago, sersam said:

But I can't say to users that "you need to exclude program folders from your antivirus" or "I will give a3x file and please copy the AutoIt3_x64.exe to run the program." bla bla bla. They never do it.

I suspect that you did not fully understand the workflow with the .a3x scripts. Maybe you should take a second look at it .The customer himself does not have to copy the interpreter (i.e. the AutoIt3.exe) from somewhere. You provide the interpreter, together with the script (or scripts), and a .cmd file to start it. BTW : The AutoIt interpreter (AutoIt3.exe / AutoIt3_x64) can be provided as stand-alone, even for commercial projects. Put everything into a .zip file if you like, and send it to the customer.

A third option for you could be the solution from @Exit , see : au3tocmd-avoid-false-positives

Block all input without UAC	Save/Retrieve Images to/from Text	Monitor Management (VCP commands)
Tool to search in text (au3) files	Date Range Picker	Virtual Desktop Manager
Sudoku Game 2020	Overlapped Named Pipe IPC	HotString 2.0 - Hot keys with string
x64 Bitwise Operations	Multi-keyboards HotKeySet	Recursive Array Display
Fast and simple WCD IPC	Multiple Folders Selector	Printer Manager
GIF Animation (cached)	Screen Scraping	Multi-Threading Made Easy

Block all input without UAC	Save/Retrieve Images to/from Text	Monitor Management (VCP commands)
Tool to search in text (au3) files	Date Range Picker	Virtual Desktop Manager
Sudoku Game 2020	Overlapped Named Pipe IPC	HotString 2.0 - Hot keys with string
x64 Bitwise Operations	Multi-keyboards HotKeySet	Recursive Array Display
Fast and simple WCD IPC	Multiple Folders Selector	Printer Manager
GIF Animation (cached)	Screen Scraping	Multi-Threading Made Easy

Sign In

WinHttp.WinHttpRequest.5.1 vs Windows Defender

Recommended Posts

sersam

Link to comment

Share on other sites

Luke94

Link to comment

Share on other sites

sersam

Link to comment

Share on other sites

Nine

Link to comment

Share on other sites

sersam

Link to comment

Share on other sites

Nine

Link to comment

Share on other sites

Musashi

Link to comment

Share on other sites

sersam

Link to comment

Share on other sites

Musashi

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta