Solved

Overrides before Webroot identifies as virus

  • 12 September 2013
  • 9 replies
  • 70 views

Hello,
 
I create serval scripts(in AutoIT) that allow me to automate deploying updates to my users, or gathering info, ect...  Every script I create gets flagged as a virus.  My question is, is there a way I can create an override before I deploy the software and get a message that there is a virus?
 
Thanks for your input.
 
Rich
icon

Best answer by explanoit 12 September 2013, 22:38

View original

9 replies

I guess I am asking if there is any easy way to get an md5 value, as I have to turn off webroot to compile my scripts.

Is there another way to get an md5 value?
Userlevel 7
Badge +6
Hey rich,
I'm very busy the rest of the day so this won't be a complete answer. Yes WSA can be paranoid about how the AutoIT file is compiled and compressed. 
 
A trick to getting Webroot to work with AutoIT compiliation all the time is to put these lines at the top of your script. It turns off UPX compression. Your exe will be ~1MB instead ~200KB but WSA _shouldn't_ freak out about it. You can then whitelist it with a tool like http://www.dominik-reichl.de/software.html#vishash
 
#Region
#AutoIt3Wrapper_UseUpx=n
#EndRegion
 
Otherwise, you can whitelist the AutoIT compiler, whitelist the MD5 only after it's detected or there's also an option that makes Webroot ask you what to do, but I'm too busy to look it up right now.
 
Userlevel 7
Excellent suggestions from Explanoit! Also, have you tried whitelisting the compiler itself?
Thanks, I think I will try not using UPX and see how that goes, and I think that Visual Hash was what I was looking for to whitelist it before I deploy it. Thanks.

Let me know if you find what setting it is to make Webroot ask you what do to.

Thanks,

Rich
Sorry to 'rehash' this, but its getting extreamly frustrating.
 
So I took your advice and tried compling the script without UPX.  Good new thats worked. I was able to compile the script.   BUT, right after the file finshed compiling webroot removed the compiled file.  Just trying to find a good work flow that makes since.  At this point I cant even use the hash tool to exclude.  Is there any settings I can tweak or anything I can do to optimize my workflow? What is your recommnedation?
 
Rich
Userlevel 7
Rich, did you try whitelisting the compiler?
Yes. Its not the compiling process that's the issue (UPX causes the compiling problem) its after its compiled I run into issues.

Rich
Userlevel 7
Rich, on this particular endpoint, could you try disabling the setting "scan files when written or modified?" Please let us know how that goes. That may give you time to collect the hash and override it, after you compile the file but before you run it.
Ill give it a try. Thanks for your input!

Reply