Symantec AntiVirus Quarantines AutoIT Files

[flanque]

neh, i don think so. NAV and McAfee does not have such an option.

its not like the firewall rules where we can add exception lists...

:">

Actually if you're using Symantec Anti-Virus (not Norton Anti-Virus) you can add exclusions, but I'd doubt it'll help you because, last time I was doing it, you added extensions as exclusions... you surely don't want to exclude all .exe files!

[Skruge]

Actually if you're using Symantec Anti-Virus (not Norton Anti-Virus) you can add exclusions, but I'd doubt it'll help you because, last time I was doing it, you added extensions as exclusions... you surely don't want to exclude all .exe files!

True. You can also exclude entire directory structures.

I had my dev folders excluded so I could keep coding, but couldn't deploy anything until the defs were updated for all the client machines. (not going to exclude System32)

[jacky_ckw]

Some locations may not have it set to quarantine, they might have it set to delete.

yup, its 1st action is to clean, then 2nd to delete. so i can't get it from the quatantine...

[CJ Greiner]

I'm glad you guys posted about this problem and took actions to fix it.

I've used AutoIt to create a very useful program for our local guys in the office. While it's not an absolutely necessary program, it certainly helps to have it running...

So this morning I showed up at work, and it was gone!

Apparently the auto-scan that's run every week on our computers skipped right over quarantine and jumped to delete.

It deleted the file I wrote, as well as several AutoIt installation and SciTe files. I don't have the full list, but it appeared as though every .exe in the "full download" for AutoIt was identified as a "downloader" by Symantec. (i.e. it thought they were programs that downloaded trojans/spyware from the 'net.)

So, I went to the backup disc and re-compiled the file, but this time instead of "allow decompile", I chose a high compression with no decompile -- and that worked. It still wanted to delete my AutoIt .exe files, as well as a .bin file in the "toExe" directory.

Hopefully this doesn't happen again anytime soon!

[CJ Greiner]

I'm glad you guys posted about this problem and took actions to fix it.

I've used AutoIt to create a very useful program for our local guys in the office. While it's not an absolutely necessary program, it certainly helps to have it running...

So this morning I showed up at work, and it was gone!

Apparently the auto-scan that's run every week on our computers skipped right over quarantine and jumped to delete.

It deleted the file I wrote, as well as several AutoIt installation and SciTe files. I don't have the full list, but it appeared as though every .exe in the "full download" for AutoIt was identified as a "downloader" by Symantec. (i.e. it thought they were programs that downloaded trojans/spyware from the 'net.)

So, I went to the backup disc and re-compiled the file, but this time instead of "allow decompile", I chose a high compression with no decompile -- and that worked. It still wanted to delete my AutoIt .exe files, as well as a .bin file in the "toExe" directory.

Hopefully this doesn't happen again anytime soon!

So far, I haven't had any problems with the newly-recompiled versions of my programs.

BUT: my company hasn't updated to a more-recently released antivirus definitions yet so I haven't been able to see if any of the AutoIT3 release files are still targeted.

Is anyone else still having problems?