Hello,
I create serval scripts(in AutoIT) that allow me to automate deploying updates to my users, or gathering info, ect... Every script I create gets flagged as a virus. My question is, is there a way I can create an override before I deploy the software and get a message that there is a virus?
Thanks for your input.
Rich
Answer
Overrides before Webroot identifies as virus
Best answer by explanoit
Hey rich,
I'm very busy the rest of the day so this won't be a complete answer. Yes WSA can be paranoid about how the AutoIT file is compiled and compressed.
A trick to getting Webroot to work with AutoIT compiliation all the time is to put these lines at the top of your script. It turns off UPX compression. Your exe will be ~1MB instead ~200KB but WSA _shouldn't_ freak out about it. You can then whitelist it with a tool like http://www.dominik-reichl.de/software.html#vishash
#Region
#AutoIt3Wrapper_UseUpx=n
#EndRegion
Otherwise, you can whitelist the AutoIT compiler, whitelist the MD5 only after it's detected or there's also an option that makes Webroot ask you what to do, but I'm too busy to look it up right now.
I'm very busy the rest of the day so this won't be a complete answer. Yes WSA can be paranoid about how the AutoIT file is compiled and compressed.
A trick to getting Webroot to work with AutoIT compiliation all the time is to put these lines at the top of your script. It turns off UPX compression. Your exe will be ~1MB instead ~200KB but WSA _shouldn't_ freak out about it. You can then whitelist it with a tool like http://www.dominik-reichl.de/software.html#vishash
#Region
#AutoIt3Wrapper_UseUpx=n
#EndRegion
Otherwise, you can whitelist the AutoIT compiler, whitelist the MD5 only after it's detected or there's also an option that makes Webroot ask you what to do, but I'm too busy to look it up right now.
I guess I am asking if there is any easy way to get an md5 value, as I have to turn off webroot to compile my scripts.
Is there another way to get an md5 value?
Is there another way to get an md5 value?
+6Hey rich,
I'm very busy the rest of the day so this won't be a complete answer. Yes WSA can be paranoid about how the AutoIT file is compiled and compressed.
A trick to getting Webroot to work with AutoIT compiliation all the time is to put these lines at the top of your script. It turns off UPX compression. Your exe will be ~1MB instead ~200KB but WSA _shouldn't_ freak out about it. You can then whitelist it with a tool like http://www.dominik-reichl.de/software.html#vishash
#Region
#AutoIt3Wrapper_UseUpx=n
#EndRegion
Otherwise, you can whitelist the AutoIT compiler, whitelist the MD5 only after it's detected or there's also an option that makes Webroot ask you what to do, but I'm too busy to look it up right now.
I'm very busy the rest of the day so this won't be a complete answer. Yes WSA can be paranoid about how the AutoIT file is compiled and compressed.
A trick to getting Webroot to work with AutoIT compiliation all the time is to put these lines at the top of your script. It turns off UPX compression. Your exe will be ~1MB instead ~200KB but WSA _shouldn't_ freak out about it. You can then whitelist it with a tool like http://www.dominik-reichl.de/software.html#vishash
#Region
#AutoIt3Wrapper_UseUpx=n
#EndRegion
Otherwise, you can whitelist the AutoIT compiler, whitelist the MD5 only after it's detected or there's also an option that makes Webroot ask you what to do, but I'm too busy to look it up right now.
---------------------------------------- Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise administrator over 2000 clients First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester Find me on Twitter!
Excellent suggestions from Explanoit! Also, have you tried whitelisting the compiler itself?
Thanks, I think I will try not using UPX and see how that goes, and I think that Visual Hash was what I was looking for to whitelist it before I deploy it. Thanks.
Let me know if you find what setting it is to make Webroot ask you what do to.
Thanks,
Rich
Let me know if you find what setting it is to make Webroot ask you what do to.
Thanks,
Rich
Sorry to 'rehash' this, but its getting extreamly frustrating.
So I took your advice and tried compling the script without UPX. Good new thats worked. I was able to compile the script. BUT, right after the file finshed compiling webroot removed the compiled file. Just trying to find a good work flow that makes since. At this point I cant even use the hash tool to exclude. Is there any settings I can tweak or anything I can do to optimize my workflow? What is your recommnedation?
Rich
So I took your advice and tried compling the script without UPX. Good new thats worked. I was able to compile the script. BUT, right after the file finshed compiling webroot removed the compiled file. Just trying to find a good work flow that makes since. At this point I cant even use the hash tool to exclude. Is there any settings I can tweak or anything I can do to optimize my workflow? What is your recommnedation?
Rich
Rich, did you try whitelisting the compiler?
Yes. Its not the compiling process that's the issue (UPX causes the compiling problem) its after its compiled I run into issues.
Rich
Rich
Rich, on this particular endpoint, could you try disabling the setting "scan files when written or modified?" Please let us know how that goes. That may give you time to collect the hash and override it, after you compile the file but before you run it.
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.