Jump to content
JSThePatriot

Are my AutoIt EXEs really infected?

Recommended Posts

On 8/23/2019 at 8:47 AM, bowain said:

I had my work create a signing cert which I sign all my code with. I have a batch set up that is run after the compilation to do the signing.

The cert is recognized by the AV and that way I don't have to whitelist each exe. I do a lot of revisions and complies to test things so whitlisting hashes is a hassle. Also some remote devices don't update as they should so this eliminates that issue as well.

 

Does a certificate really guarantee your app won't get flagged?  We have a client that says our app was getting quarantined, so we signed it with Entrust CA.  Apparently Windows Defender is still flagging it, but now at least he gets an option to run it anyway.  There's a little bit of an English issue, but we're going to set up a laptop here with the same version of MS Windows Defender and see if we can duplicate it in-house.

Share this post


Link to post
Share on other sites
29 minutes ago, quickbeam said:

Does a certificate really guarantee your app won't get flagged?

No, it has zero effect, not even what certs are for.

certificates verify the author (not that the file is certified clean), its the code equivalent of a pretty cursive signature.

 

**That being said, you can whitelist things in your Enterprise AV based off any value.  Cert is as valid a value in that sense as any other.

Edited by iamtheky

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

I create a website builder with Autoit. Method is to merge text files and photos to build the website. Very simple. I scan the au3 file with virustotal. No virus. But when I scan the exe file, it is regarded as maleware by some virus scanners. I submit the software to Cnet. They reply approval is not given unless the problem is solved. 

Share this post


Link to post
Share on other sites
1 hour ago, JLogan3o13 said:

@Musashi why would you link to the exact same thread? 

I have given the link to this thread as an answer in another thread. There the OP described his problems with "false positives". Later the thread was merged/moved in here by a moderator, including my contribution. Now my answer is outside the original context, and appears therefore pointless ;).

Perhaps it would be a good idea to simply remove the link.

Edited by Musashi

Musashi-C64.png

"In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."

Share this post


Link to post
Share on other sites

Productive work with AutoIt Newest Version is no longer possible under Windows 10. Windows Defender permanently reports a virus when the script has been compiled and the ".EXE" file is saved in an automatically saved onedrive folder (e.g. Downloads or Desktop etc.). This means that online transfers to other users are no longer possible and no longer execute there.

best regards Chris

Share this post


Link to post
Share on other sites
15 hours ago, Eishockeyfan said:

Productive work with AutoIt Newest Version is no longer possible under Windows 10.

Did you really think, for as long as AutoIt has supported Windows 10 (on systems with Defender), that if this was the case it wouldn't have been advertised far and wide??

In the future, rather than making a definitive statement such as this and then having to come back and retract it, perhaps start by asking a question in the forum about the problems you're encountering.

Edited by JLogan3o13

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...