Virus false-positives
Forum rules
Discuss Autohotkey related topics here. Not a place to share code.
Discuss Autohotkey related topics here. Not a place to share code.
Virus false-positives
I know there's a sticky on this and its been an ongoing problem, but after upgrading to Windows 11, AutoHotKey has become basically useless as a tool writing scripting language anymore since everyone who I send my tools to thinks I'm sending them a virus. It's not just the scripts, but if you just scan the shipping AutoHotKey.exe (or heck, even the installer executable, AutoHotkey_1.1.33.10_setup.exe) with Defender, it shows Trojan:Script/Sabsik.FL.A!ml. I know folks are being guided to submit their scripts to Microsoft for exclusion, but when even a compiled script containing "Sleep, 100", gets tagged as being a trojan, its not the script that's the problem. So the problem is not our scripts, its the language binaries themselves. Has the project itself submitted its exe's to Microsoft for an exclusion, because unless they do, I think its pointless for users to do it because there will be zero success. I've spent an enormous amount of time writing programs in this language--many of which need to be compiled. Naturally, I can make an exception or use other Virus software, but if MS is basically saying AHK has been declared a virus no matter what and AHK is not going to raise a lawsuit over this, then I can't use it as a tool anymore since my software is raising too many red flags with my users. Bummer.
Re: Virus false-positives
viewtopic.php?t=73724
Maybe try the version from Microsoft store.
Maybe try the version from Microsoft store.
Re: Virus false-positives
No go. Just tried that Microsoft store version, but it is also "infected"
Just run a Windows Defender scan of this file, and you'll see it finds the same trojan. So apparently you can't trust MS app store apps.
C:\Program Files\WindowsApps\HaukeGtze.AutoHotkeypoweredbyweatherlights.com_1.1133.103.0_x64__6bk20wvc8rfx2\Autohotkey.exe
Just run a Windows Defender scan of this file, and you'll see it finds the same trojan. So apparently you can't trust MS app store apps.
C:\Program Files\WindowsApps\HaukeGtze.AutoHotkeypoweredbyweatherlights.com_1.1133.103.0_x64__6bk20wvc8rfx2\Autohotkey.exe
Re: Virus false-positives
I dont get infected warning but have notice that i get high cpu usage in windows defender when autohotkeys is running. the two together are now using 30% of my i7 9700k. Windows 11 pro
Re: Virus false-positives
ur script is probably hitting some interesting APIs/tripping heuristic checks, prompting Windows Defender "to want to look at what its doing".
add an exclusion
add an exclusion
Re: Virus false-positives
You have to really do your homework on high cpu usage, as there can be numerous causes. I'm almost of the mind that Microsoft is trying to "burn out" older CPUs in order to encourage buying new ones, in addition to getting more people using Windows 11. Sounds like one of those tinfoil conspiracy theories, but you never know. Sometimes truth is stranger than fiction.
On one of my Windows computers, I noticed it running relatively hot (from high cpu usage). Turns out it was related to WMI Provider Host and Microsoft tracking. Example of such an issue- https://answers.microsoft.com/en-us/windows/forum/all/incredibly-high-cpu-usage-by-wmi-provider-host/14048114-8c34-417b-9d0d-5870004dc66c
Return to “General Discussion”
Who is online
Users browsing this forum: No registered users and 13 guests