Sign in to follow this  
Followers 0
zeevid

Symantec AntiVirus Quarantines AutoIT Files

25 posts in this topic

#1 ·  Posted (edited)

SAV (version 10 at least) with today's 9/20/2006 Rev. 18 Signatures is quarantining the following files:

  • UpdateDefs.exe from c:\program files\autoit3\scite\defs
  • AutoIt3Wrapper.exe from c:\program files\autoit3\scite\autoit3wrapper
  • SciteConfig.exe from c:\program files\autoit3\scite\
SAV thinks that these files are infected with the "Downloader" trojan.

HELP!

Edited by zeevid

Share this post


Link to post
Share on other sites



3rd post with this problem...contact symantec :) or use ZoneAlarm never had a problem with it :P

Share this post


Link to post
Share on other sites

3rd post with this problem...contact symantec :) or use ZoneAlarm never had a problem with it :P

ZoneAlarm isnt really a anti-virus scanner.

Thanks,

JS


AutoIt Links

File-String Hash Plugin Updated! 04-02-2008 Plugins have been discontinued. I just found out.

ComputerGetInfo UDF's Updated! 11-23-2006

External Links

Vortex Revolutions Engineer / Inventor (Web, Desktop, and Mobile Applications, Hardware Gizmos, Consulting, and more)

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Unfortunately we are stuck with this as it is the "Corporate standard". We're about half way through a roll-out of a new application and now we're 'f'd as it were. Looking at Symantec's site it would appear that Jon can post a dispute at :

https://submit.symantec.com/security_risks/dispute/

and we can all hope it get's fixed. How long before other anti-virus providers block Autoit???

UPDATE!

I just used the latest BETA for my scripts and a quick test shows it working for my purposes. We've called Symantec about a fix for the other version as well.. What a PAIN!

Edited by newton1171

Share this post


Link to post
Share on other sites

We have platinum support with Symantec. We submitted a false-positive report earlier this afternoon and are waiting on a response.

... holding my breath

Share this post


Link to post
Share on other sites

We have platinum support with Symantec. We submitted a false-positive report earlier this afternoon and are waiting on a response.

... holding my breath

I just had the same problem! I will contact our IT department but these things go very slowly in a big company like mine. I am also afraid that they may ban our use of AutoIt!

I hope Jon can contact Symantec and get this sorted out. This would be as if they banned the Python interpreter because you can write malicious python scripts! :-(

Angel

Share this post


Link to post
Share on other sites

One of our server engineers contacted our TAM and opened a support case. He's still on the phone with a rep (on hold), but the initial indication I got is that this will be fixed in tomorrow's definitions, 9/21/06 10:00am. (didn't think to ask about the timezone)

Fingers crossed...


[font="Tahoma"]"Tougher than the toughies and smarter than the smarties"[/font]

Share this post


Link to post
Share on other sites

buggerbuggerbuggerbuggerbuggerbuggerdamn

Share this post


Link to post
Share on other sites

sucks, its not only detecting it as downloader virus. its deleting it! must be due to the policy to delete all virus files detected.

hope this issue is resolved... they cant ban Autoit?! :)


New to script...But getting the hang of it.

Share this post


Link to post
Share on other sites

Run LiveUpdate again and update to definitions "20/09/2006 rev. 52" and that should clear it up. Has here.

Share this post


Link to post
Share on other sites

Run LiveUpdate again and update to definitions "20/09/2006 rev. 52" and that should clear it up. Has here.

hurray! updated virus def and its ok now. but it had deleted some of the autoit program files. had to reinstall the program back.

:)


New to script...But getting the hang of it.

Share this post


Link to post
Share on other sites

Is it possible to put these files in a exception list in the anti virus software? That way, even if Symantec f's up, you won't have your stuff deleted.

neh, i don think so. NAV and McAfee does not have such an option.

its not like the firewall rules where we can add exception lists...

:">


New to script...But getting the hang of it.

Share this post


Link to post
Share on other sites

hurray! updated virus def and its ok now. but it had deleted some of the autoit program files. had to reinstall the program back.

:)

Why not just go into your quarantine and restore them.

Share this post


Link to post
Share on other sites

Thanks, worked on my pc, notfied the admin to get the symantec servers updated so all pcs get updated, then they have to back thru and start restoreing all my installation apps that were removed.

Sitting with my hands tied till they get everything updated.


SciTE for AutoItDirections for Submitting Standard UDFs

 

Don't argue with an idiot; people watching may not be able to tell the difference.

 

Share this post


Link to post
Share on other sites

Why not just go into your quarantine and restore them.

Some locations may not have it set to quarantine, they might have it set to delete.


SciTE for AutoItDirections for Submitting Standard UDFs

 

Don't argue with an idiot; people watching may not be able to tell the difference.

 

Share this post


Link to post
Share on other sites

Good news! :)

The latest symantec virus definition file (from today, september 21st 2006) fix the issue.

Cheers,

Angel

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0