Unable to compile under Windows 11

[cubsfan]

This is my first AutoIt script I've tried under Windows 11. I used to use AutoIt a lot under WinXP/7/10 at another job, but it's been many years now since I've had a need for it as at my current job I primarily use a Mac (and I sure do wish there was a version of AutoIt for Mac!). But I digress... Obviously, Windows has changed a lot so perhaps there's something relatively simple that I'm missing.

I have a simple script that launches a shortcut which launches an app in a browser, waits for it to load, then sends some keys to start the program with certain options set. Nothing fancy. It works fine in interpreted mode, but when I try compiling I keep getting "Unable to add resources" error. I found some other threads here with the same or similar error and I have followed that advice and excluded the folder C:\Users\username\AppData\Local\AutoIt v3\ from Windows Defender. I've even tried disabling Defender altogether. I'm not running any other AV. But still no joy.

Ideas?

 

[argumentum]

If you can run a VM, install Win11 there and disable Defender. Use it just for building/compiling scripts. So there, a seemingly stupid idea but, you'd keep your local environment as is and have a compile station. That's what I would do to not touch my current workstation.

[Shark007]

here is a simple powershell command I use to set an ignore exclusion in Defender for a specific folder

Run(@ComSpec & ' /c powershell -Command Add-MpPreference -ExclusionPath ' & '"' & @ScriptDir & '"' & ' -Force', @ScriptDir, @SW_HIDE)

Use this command where ever your compiled script is to be created. By changing the word Add to Remove, it will remove the set exclusion.

This script will require Administrative rights to be able to perform its function(s).

 

Edited Thursday at 08:21 AM by Shark007

[WildByDesign]

11 hours ago, cubsfan said:

I've even tried disabling Defender altogether.

Since you've tried disabling Defender completely and exclusions, I would assume that the problem is not that.

Just to clarify, did you ever receive any dialog from Defender (during compile) indicating that it quarantined something?

I think that you will need to share the code for how you've added the resource. I've seen issues where it failed to add resources if the formatting for the path to resource was incorrect and things like that.

It's hard to know for sure without seeing some of that code.

[cubsfan]

4 hours ago, WildByDesign said:

Just to clarify, did you ever receive any dialog from Defender (during compile) indicating that it quarantined something?

I think that you will need to share the code for how you've added the resource. I've seen issues where it failed to add resources if the formatting for the path to resource was incorrect and things like that.

It's hard to know for sure without seeing some of that code.

No, nothing from Defender, so that makes sense that Defender is probably not at fault.

$Title="HVAC Launcher"
$Shortcut=@DesktopDir&"\IE 11.lnk" ; Yes, really IE, because Java...
If FileExists($Shortcut) Then
    ;MsgBox(1,$Shortcut,"Exists")
    ShellExecute($Shortcut)
    WinWaitActive("Windows Security","",60)
    If Not(WinActive("Windows Security")) Then
        MsgBox(11,$Title,"Something went wrong. Failure to launch.")
        Exit
    EndIf
    ; Saved credentials should already be entered, just need to press [Enter].
    Send("{Enter}")

    ; Accept the Java warning and run the program.
    WinWaitActive("Security Warning","",60)
    If Not(WinActive("Security Warning")) Then
        MsgBox(11,$Title,"Something went wrong. Failure to launch.")
        Exit
    EndIf
    Send("{TAB 3}")
    Send("{SPACE}")
    Send("{ENTER}")
Else
    MsgBox(1,$Shortcut,"Not found!")
EndIf

I don't know what resource it's referring to. Like I said, it's pretty simple.

 

[WildByDesign]

3 minutes ago, cubsfan said:

I don't know what resource it's referring to. Like I said, it's pretty simple.

It's compiling on mine without any failure or reference to missing resources error. Interesting.

Do you know if you can compile any AutoIt script at all?

Try compiling any example scripts and so on. If they all fail to compile in the same way, at least we know it's not something specific to this one script.

[ioa747]

press Ctrl + 1 (SciTE Config ), go to the 'Other Tools' tab
press 'Run Autolt3/SciTE check'
and look at the report, it might give you more information

maybe you can draw a conclusion
assumes you have  SciTE4AutoIt3.exe

[cubsfan]

16 minutes ago, ioa747 said:

press Ctrl + 1 (SciTE Config ), go to the 'Other Tools' tab
press 'Run Autolt3/SciTE check'
and look at the report, it might give you more information

Good idea, but everything looks OK. At least I learned something new!

[cubsfan]

38 minutes ago, WildByDesign said:

It's compiling on mine without any failure or reference to missing resources error. Interesting.

Do you know if you can compile any AutoIt script at all?

Try compiling any example scripts and so on. If they all fail to compile in the same way, at least we know it's not something specific to this one script.

I was able to compile an example script and Defender promptly deleted the compiled script. 🙄

Then I had an epiphany about the resource. It was the icon! I took that out and it compile fine. Of course, Defender did its due diligence. Any suggestions for how to work around that? Is there a thread here I should read that covers it? I obviously haven't looked yet.

Regardless, thanks for the help!

[WildByDesign]

Glad you got it working.

You said that you added an exclusion in Defender for the aut2exe folder where the binaries are compiled, if I recall correctly.

Since that did not work, I would suggest the next step would be to add exclusions based on process name. Try adding the various AutoIt processes used to compile as exclusions.

Link: https://learn.microsoft.com/en-us/defender-endpoint/configure-process-opened-file-exclusions-microsoft-defender-antivirus

Also, if it is snagging the actual au3 script files, you can add exclusions based on file type as well. I would add exclusion for .au3 or *.au3, I don’t recall off hand how the wildcards work for Defender exclusions.

Link: https://learn.microsoft.com/en-us/defender-endpoint/configure-extension-file-exclusions-microsoft-defender-antivirus

[WildByDesign]

I just realized that it may be their “cloud” detections that are more likely to target AutoIt compiled binaries.

With that in mind, it might be worthwhile to go into Defender settings and specifically disable the cloud detections. That might be all that you need. Disabling that feature would not degrade your overall security posture.

[cubsfan]

1 hour ago, WildByDesign said:

I just realized that it may be their “cloud” detections that are more likely to target AutoIt compiled binaries.

That seems to have done the trick. Thanks so much!

 

[WildByDesign]

I am so glad to hear that. The majority of the Defender "cloud" detections are done via machine learning anyway and they literally tag every compiled AutoIt script as malicious. So it's good to know that the one single setting is enough to resolve this type of issue for AutoIt users.