Sign in to follow this  
Followers 0
seanhart

McAfee detecting AutoIt as virus

11 posts in this topic

Just a quick notice that McAfee AntiVirus with DAT files version 5180 (Dec 7) are detecting script compiled with AutoIt 3.2.2.0 as being infected with the YahLover.worm virus.

I have opened a support ticket with McAfee and will provide an update when I have one.

Share this post


Link to post
Share on other sites



We just heard from Mcafee they are working on a new dat to resolve the issue Eta is monday

Share this post


Link to post
Share on other sites

I just finished working with McAfee support and doing testing, and they have confirmed the issue and said they will release the new DAT files (5181) today.

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

You don't need to make threads like this, they don't matter. And this doesn't belong in the general help and support.

Edited by JustinReno

Share this post


Link to post
Share on other sites

I beg to differ, this was very helpful information, saves me a call to McAfee, I do everything that I can with Autoit and was wondering why some of my scheduled tasks were not firing.

Share this post


Link to post
Share on other sites

Yes, but its very unnessesary crap added to the forum where over 99 percent of people know that AutoIt is blacklisted by many antivirus programs. Read the FAQ.

Share this post


Link to post
Share on other sites

For those of us using AutoIt in our day to day jobs it's good to share information like this that could affect what we're doing. As soon as I started having these problems I checked the forums first to see if there was a known issue, and I'm glad to see others benefiting from this post.

In any case, McAfee has now released an "emergency update" and specifically referenced AutoIt compiled scripts as the reason why. It's good to see it recognized as a legitimate program by one of the leading anti-virus vendors.

McAfee mentions the false detection of AutoIt here: http://vil.nai.com/vil/content/v_140628.htm

Share this post


Link to post
Share on other sites

It happened to me today also. McAfee ate my compiled program. I knew that McAfee sometimes had false detections with AutoIt programs in the past, so I checked here first.


"I've seen your work in the past, and it's novice at best..." SmOke_N

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

I just finished working with McAfee support and doing testing, and they have confirmed the issue and said they will release the new DAT files (5181) today.

Thanks for posting that, seanhart.

@JustinReno: I disagree with you. A post of "McAffee says my script is infected... what do I do?!" is clearly not needed, but the calm example of doing exactly what's needed by seanhart is refreshing. Note that the sticky "Are my AutoIt EXEs really infected?" is locked, so the details of the resolution of this particular false positive could not be posted there.

I would personally like to see an open sticky where people could log doing exactly what you are supposed to do, and the results they get. This would build a community running history of:

AutoIt version

AV Software and version

DAT file version

Details of false positive report

When reported to AV Co.

Response from AV Co.

In this particular example, it documents an incident that reflects well on McAffee. They received a report of a false positive, took it seriously, and replied in a prompt manner. Kudos to them.

:)

Edited by PsaltyDS

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Thanks for posting that, seanhart.

@JustinReno: I disagree with you. A post of "McAffee says my script is infected... what do I do?!" is clearly not needed, but the calm example of doing exactly what's needed by seanhart is refreshing. Note that the sticky "Are my AutoIt EXEs really infected?" is locked, so the details of the resolution of this particular false positive could not be posted there.

I would personally like to see an open sticky where people could log doing exactly what you are supposed to do, and the results they get. This would build a community running history of:

AutoIt version

AV Software and version

DAT file version

Details of false positive report

When reported to AV Co.

Response from AV Co.

In this particular example, it documents an incident that reflects well on McAffee. They received a report of a false positive, took it seriously, and replied in a prompt manner. Kudos to them.

:)

I like you idea. Does anyone think there is a chance of this happening?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0