Postman Posted June 22, 2009 Share Posted June 22, 2009 Hello, I have a strange problem. I have several AutoIt scripts compiled as EXE (with UPX and without). If I copy one of these compiled scripts in another directory on my PC, it takes a long time until the file is copied. I have discovered that the problem relates to AutoIt and the Antivirus application. If I disable the Antivirus application, the copying of the script file is very fast. I tested it on multiple PCs. All of them use Sophos or McAffee Antivirus and all of them have the problem. If I copy another EXE-file, e.g. an C# or C++ application, the copying is not delayed. Has somebody an explanation or a workaround for this problem? Thanks. Link to comment Share on other sites More sharing options...
Bert Posted June 22, 2009 Share Posted June 22, 2009 Try changing how the code is compiled. The Vollatran project My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
Inverted Posted June 22, 2009 Share Posted June 22, 2009 Are you sure it happens even when the compiled exe is not UPX'ed ? You can try to lower the heuristics/aggression of the antiviruses, see if that helps. Link to comment Share on other sites More sharing options...
Postman Posted June 23, 2009 Author Share Posted June 23, 2009 Hiho, I tried different Au2Exe options with ANSI, UPX/non-UPX etc. But none of them brought a change. Could it be that the created EXE files do not have any kind of signature? The most windows application are signed in some way, so that windows knows that they are from a trusted manufacture. Changing the security level in the antivirus application is not an option. However I played a little bit with some options. Using Sophos there is a option called "Use 32-bit-executable emulator" (or something like that) causing the problem. If I disable this option, the copying is not delayed. As I said for production use, I cannot change the security level. ??? Link to comment Share on other sites More sharing options...
Inverted Posted June 23, 2009 Share Posted June 23, 2009 (edited) Yes, they use an emulator to emulate the execution of the executable without actually running it, because static scan is pretty useless, a lot of executables are packed and they want to get to the unpacked code. But I don't know why they choke on the AutoIt executables, something with the weird structure I guess (interpreter+attached encrypted script) A LOT of common program executables aren't signed anyway. Anyway, I'm pretty sure the delay happens only the first time the file is copied to a new location. Afterwards, the antiviruses just checksum it to be sure it hasn't changed. The only idea I have now is to try using another packer (one of my favourites is PE Compact), maybe you'll get lucky. And if you have time,. email the antivirus vendors with a couple of samples and whiiiine !!! Edited June 23, 2009 by Inverted Link to comment Share on other sites More sharing options...
Datus Posted June 24, 2009 Share Posted June 24, 2009 i have the same problem today when i upgraded the script compiler. fix was to un-install it and install and older version. hope they fix the issue on next release. We live as we dream alone! Link to comment Share on other sites More sharing options...
Inverted Posted June 24, 2009 Share Posted June 24, 2009 Don't whine on the AutoIt forum, people, whine to the antivirus vendors, it's their problem ! Link to comment Share on other sites More sharing options...
Datus Posted June 25, 2009 Share Posted June 25, 2009 Hope you never get to see a proper whine if you think people have been whining on this post. The comments are to make people aware and how to over come them. Heres a WHINE. A previous compiler ok newer one isnt, if there is A history of AV not liking the compiler it cant be hard before releasing a new version to test it before launch to see if the most popular AV's have an issue. But didnt want to post that........ We live as we dream alone! Link to comment Share on other sites More sharing options...
James Posted June 25, 2009 Share Posted June 25, 2009 AutoAV (it's a link). Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now