AHK executables and AV protection

Get help with using AutoHotkey (v1.1 and older) and its commands and hotkeys
newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

AHK executables and AV protection

Post by newbieforever » 24 Mar 2023, 02:39

There is probably still no practical usable solution to this problem, is there?
I just saw that I can't even send a zipped file by eMail because the mailserver prevents that. Is there possibly a trick for this particular problem?

User avatar
mikeyww
Posts: 26596
Joined: 09 Sep 2014, 18:38

Re: AHK executables and AV protection

Post by mikeyww » 24 Mar 2023, 06:18

Yes. You can change the settings on the server. In some situations, changing the file extension (e.g., to .txt) works. The extension would then need to be changed again before using the file as originally intended.

FileMove

newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

Re: AHK executables and AV protection

Post by newbieforever » 24 Mar 2023, 06:40

Thank you, mikeyww!

I suppose, even if I change the setting on my email server, the server of the receiver would treat the content as malware.

In my case txt (or other extensions) doesn't help.

As I see now, the same is with an email containing the original AutoHotkey.exe (or bin, or mpress). So I wonder how you all do it, for example, if you want to send a friend the AutoHotkey.exe and a script?

swagfag
Posts: 6222
Joined: 11 Jan 2017, 17:59

Re: AHK executables and AV protection

Post by swagfag » 24 Mar 2023, 07:04

i send them the script and tell them to download ahk themselves

newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

Re: AHK executables and AV protection

Post by newbieforever » 24 Mar 2023, 08:51

... And not a single inhabitant of the AHK world is able to eMail an AHK executable to another? ... :mrgreen:

swagfag
Posts: 6222
Joined: 11 Jan 2017, 17:59

Re: AHK executables and AV protection

Post by swagfag » 24 Mar 2023, 09:08

at least not the ones that want to send via that particular mailserver thats checking for it

anyway, sending EXEs via mail is a bit outdated, no? why dont u send them instead a link to whatever place the EXE is hosted on(google drive, dropbox, github releases, ur own website)?

the also always the possibility of ur buying an ev codesigning cert, but theres no guarantees it would get rid of the warnings. also, this goes a bit way beyond the realms of "practicality" (though, i guess this depends on ur role as an actor - are u trying to just send ur grandma HotkeyFixesByGrannysBoy.exe or sell a product?)

cat dog fox war
Posts: 38
Joined: 15 Mar 2023, 10:18

Re: AHK executables and AV protection

Post by cat dog fox war » 24 Mar 2023, 10:12

Many companies/email policies prohibit attaching executable files to emails.
However, if the recipient explicitly requests an executable file and it's simply a matter of email rules mistakenly flagging it,
you can put the .exe file in a 7z/zip/rar archive and encrypt the file.
If possible, select the option to hide the file names within the compressed archive and provide the recipient with a more secure method to access the decryption password.

Alternatively, as mentioned earlier, you could host the file on a cloud storage or website and provide the recipient with a download link.

newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

Re: AHK executables and AV protection

Post by newbieforever » 24 Mar 2023, 10:35

@swagfag:

I'll give your arguments full credit, but isn't that a bit of a strange line of thinking?

Of course there are more or less complicated ways out for everything, but that one is forced to look for them is supposed to be pushed aside in this insistence?

>> want to send via that particular mailserver thats checking for it
Not everyone has several servers at their disposal, one of which does not do any checking. So just to send an attachment once in a while, you are forced to look for one.

>> why dont u send them instead a link to whatever place the EXE is hosted on
How about this: Because I don't have any of those options available right now, or because it's pretty annoying to me?

Wouldn't it be easier to confess freely: Yes, that is sometimes or for some people certainly an annoying and a bit strange (not to say outdated) peculiarity of AHK?

User avatar
mikeyww
Posts: 26596
Joined: 09 Sep 2014, 18:38

Re: AHK executables and AV protection

Post by mikeyww » 24 Mar 2023, 19:15

Sending EXE through e-mail is, plain and simple, a security risk. It is not done by reputable companies, especially because such files are likely to be blocked at any of multiple points along the way, including the e-mail client at the end, or its antivirus software. As noted, there is really never a need for it. As soon as I see any such message, I delete it immediately, regardless of the sender. I suggest that you do the same! Potentially dangerous files should never be pushed to your computer through mechanisms such as e-mail. They should only be pulled into it by you or by trusted software. Although a script file can be malicious, inspecting it is much easier and more straightforward.

newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

Re: AHK executables and AV protection

Post by newbieforever » 25 Mar 2023, 01:35

Yes, you're right, swagfag, but there are actually still people who don't understand why the peculiarity of AHK, which they are always annoyed about, is a very special benefit and actually a service to humanity. There are hardly any other programs except AHK and AHK executables that bring this great effect. An acquaintance of mine, who is not very familiar with PCs (such oddballs still exist, unfortunately) recently switched to Windows 11 (and he was actually annoyed by all the improvements, go figure!) and wanted to copy from a stick the various tools I had once given him to the fresh new notebook. The result: The files were copied, but their content was immediately deleted (0 kB). Not only on the new notebook, but also on the USB stick. This layman actually had no idea that this was going to happen, and actually got terribly annoyed about it. What is this, I have used these programs for years and I know that they are not malware. I then explained to him that he was looking at it all wrong, he needed to get a broader perspective on it. Of course, I then explained to him how to exclude individual folders from AV protection under Windows, and after he had fetched the tools from me again (such nonsense is not possible by e-mail, thank God), he is now happy again, especially because he has now learned something new. In a few months he will again have no idea how to exclude the folders from the AV, but that's how they are, all these ignorant laymen. They are not able to understand why such difficulties happen to them only with AHK, and do not understand that AHK is advancing there in a great educational work.

swagfag
Posts: 6222
Joined: 11 Jan 2017, 17:59

Re: AHK executables and AV protection

Post by swagfag » 25 Mar 2023, 07:10

i dont know what u want me to say

i dont make the rules, my guy. the AV vendor does!
ur options are either to comply with them(ie convince them ur file isnt actually malicious) or to stop using their services(ie not send mails through mailservers that block u; add a folder exclusion; uninstall AV, etc)

and no, this line of reasoning doesnt seem strange to me in the slightest. in fact, i deem it perfectly valid. when faced with a problem, u can:
  • give up on it (if its beyond ur capabilities, which is an OK thing to do)
  • look for alternative solutions (which uve had plenty enough suggested to u already, by me and other posters)
  • stop dead in ur tracks, completely break down and start lamenting ur current circumstances "oh WOE is ME! why GOD, WHY...why ME!!! of all people!1 why can i not send this AHK EXE via email?!!? why must I endure, GOD...this.. ANNOYANCE!?!"
it would appear u decided to go for the 3rd option...
newbieforever wrote:>> want to send via that particular mailserver thats checking for it
Not everyone has several servers at their disposal, one of which does not do any checking. So just to send an attachment once in a while, you are forced to look for one.
nope, noone's forcing u to do anything, really
newbieforever wrote:>> why dont u send them instead a link to whatever place the EXE is hosted on
How about this: Because I don't have any of those options available right now, or because it's pretty annoying to me?
k. then u wont be sending that AHK EXE any time soon in that case, which (i imagine) would be equally as annoying to ur recepient
newbieforever wrote:Wouldn't it be easier to confess freely: Yes, that is sometimes or for some people certainly an annoying and a bit strange (not to say outdated) peculiarity of AHK?
u seem to be under the impression that this AVs-flagging-files-as-malicious issue is something unique to AHK(a "peculiarity" of it, as u put it). its not.
go ahead and compile urself helloworld.c, helloworld.ps1, helloworld.py, helloworld.rs, helloworld.go, send them via email and let us know how that goes (no need really, since we already know the outcome. its a rhetorical)
newbieforever wrote:... some rambly Once Upon A Time wall of text ...
yeah, idk what ure saying man. dont have the energy to try and decipher it anymore, so whatever point ure tryna make, i concede

newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

Re: AHK executables and AV protection

Post by newbieforever » 25 Mar 2023, 08:49

@swagfag: i dont know what u want me to say

What I want to say is extremely simple and just a reaction to the tone with which my dissatisfaction is answered here. But otherwise I agree with everything you say.

So: All of you try to associate the problem with AV exclusively with the AV companies. I know that of course, but the original source of the problem is just a code in AHK that brings that out. In my personal experience, this problem is otherwise rare, as I have not had this problem with any tool I have obtained or sent on to a friend in recent years, either with Windows AV or with email servers. Of course, I also know that the code that irritates AV programs is not included in AHK for fun. And I extremely appreciate the many options AHK gives me.

But, to pretend that those users who find the whole AV issue related to AHK annoying is just a misconception or quirk of theirs and they get upset over trifles for no reason at all, instead of using the oh-so-convenient workarounds and detours, I find unfair.

PS: At least as a layman, I would also consider that perhaps the AHK developers could consider whether the irritating code could be redesigned so that the problem would be out of the world. Presumably, however, this is not so easily possible.

User avatar
mikeyww
Posts: 26596
Joined: 09 Sep 2014, 18:38

Re: AHK executables and AV protection

Post by mikeyww » 25 Mar 2023, 08:55

I can appreciate that view, and perhaps we have all had some benign programs unexpectedly blocked at some point. It is known to happen in some situations with AHK, but also as noted, this is not unique to AHK. It is a function of how the AV software works, and there are dozens of such programs and companies. Some other posts have suggested not only creating AV exclusions but also reporting the issue, process, etc. to the AV vendors, so that they can whitelist the processes or their functionality, or otherwise improve their products.

As such, I view this issue-- yes, an inconvenience-- as not actually a flaw in how AHK is designed, but as an issue about how AV products respond to various kinds of programs and other files. Thus, workarounds that may be noted are not workarounds to AutoHotkey, but workarounds to the functionality of antivirus software.

Such AV software cannot be perfect. It has a sensitivity and a specificity, nearly always less than 1.00. Yes, some AV tests lead to perfect results, but new programs will always emerge, and some will lead to false positives or false negatives. Therefore, I see the activities of exclusion and communication with vendors as not a short-term temporary solution but as an ongoing need. We might as well embrace it, and I do not see any sort of redesign of AutoHotkey as a plausible, desirable, or effective solution.

Lots of free file-sharing sites are available and have been for years: Google Docs, Dropbox, Box, and now many more. Their usability has been enhanced so that you need only send a link to your buddy, grandma, or co-worker, to enable them to download the file just as if they saved an e-mail attachment.

newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

Re: AHK executables and AV protection

Post by newbieforever » 25 Mar 2023, 09:39

Thanks, swagfag, for your effort on this off-topics topic. I still feel essentially misunderstood by you, but everything has probably been said.

Back to the topic itself: Are there perhaps file compression programs that would offer better chances to outsmart AV protection?

swagfag
Posts: 6222
Joined: 11 Jan 2017, 17:59

Re: AHK executables and AV protection

Post by swagfag » 25 Mar 2023, 12:47

yeah, im sure when the AV comes across ur megacompressed, mpress'd, upx packed, themida'd, enigma'd, vmprotect'd, encrypted, password protected binary with entropy high enough to reach into outer space...
im sure no red flags will be raised. not suspicious at all :lol:

it seems the solution ure seeking is not a file compression program, but a time machine, so u can travel back in time 20 years, into an era where u used to be able to send EXEs via email unimpeded

newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

Re: AHK executables and AV protection

Post by newbieforever » 25 Mar 2023, 17:09

@swagfag:

I am sure you are quite sure about all this. And I'm glad to have made you laugh.

20 years into the past I cannot travel, you're right, but I just went 2 hours into the future. And this future, which is now already present, says to me: Well look, there is a light on the horizon.

There is a compression program, PeaZip (even portable on portableapps.com), which will obviously replace my favorite program (and which I may soon recommend to all my friends). PeaZip also handles the pea format.

And lo and behold: I just compressed a folder with 10 of my AHK executables in pea and was able to send them by mail without any problems (tested over three servers).

PS: If this continues to prove itself, I'll report about it in the forum. But why should I do that, obviously nobody here needs such a primitive and outdated solution. On the other hand, who knows, maybe there is still one or the other weird guy like me, who would need something like this.

User avatar
mikeyww
Posts: 26596
Joined: 09 Sep 2014, 18:38

Re: AHK executables and AV protection

Post by mikeyww » 25 Mar 2023, 17:36

You showed that it is technically possible to send such files, for those who were unaware of it.

The decision should simply be informed. You understand the risks, but does Grandma? My only advice is to tell Grandma that other people could impersonate you and send her their own EXE files that also look completely normal. They can do it with your name, your logo, your signature, and your e-mail address, too. It's simply good to know, so that the recipient can take a desired course of action. Does that really ever happen? Every day.

newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

Re: AHK executables and AV protection

Post by newbieforever » 26 Mar 2023, 01:09

@mikeyww: >> You understand the risks, but does Grandma?

One last question about your whole argument:
If you were the bad guy yourself and wanted to send my grandma a devilish malware to her computer by an email using my name, and you would consider doing it by method 1 or by method 2:
1. I send her the malware.pea by eMail and hope she has installed PeaZip to decompress it and so on.
2. I send her a mail with a link to Malware.whatever, stored on a cloud storage.
Which bad guy method would you choose?

User avatar
mikeyww
Posts: 26596
Joined: 09 Sep 2014, 18:38

Re: AHK executables and AV protection

Post by mikeyww » 26 Mar 2023, 05:01

The bad guys don't use cloud storage. They send attachments. I receive a couple of those messages every week-- some of them apparently from me or people I know. They are typically disguised PDF files, Excel files, and so on-- things that can run macros when they are opened. Grandma might not know the difference, and may just open any attachment that arrives from her sweet boy, sweet girl, other sweet person, or Microsoft (indicating "Essential computer fix is attached", or "Grandma, your computer has been hacked; solution enclosed"). People do that. Grandma doesn't know anything about PeaZip and doesn't care. She also can't tell the difference between an EXE file, a PDF file, a ZIP file, and an Excel file by looking at the file name. She just wants to find out what's in the document.

Your point is noted-- that clicking on a file that lacks an associated program, interpreter, etc. might not do anything. Furthermore, someone who is expecting a file and has instructions for how to open it is in much better shape in this scenario. It is, however, a slippery slope. For people who don't understand details and cannot always analyze a situation themselves, developing good habits can go a long way.

The choice is obviously yours, and it's good that you found a way to get the job done! I'm just sharing what I've learned-- and the experiences of others!

newbieforever
Posts: 493
Joined: 24 Aug 2016, 03:34

Re: AHK executables and AV protection

Post by newbieforever » 26 Mar 2023, 06:50

@mikeyww:

A last-ditch effort:

>> The bad guys ... ... They send attachments.
Really always? I get emails almost every day asking me to click on a link (e.g. to do something urgent at my bank).
So, according to your logic, you never send an email with a link to someone you know, do you? Because if the mail were from someone else, it could potentially harm him, right?)

And therefore, according to your logic, it is also not justifiable if I send a friend of mine an email with an attached zip file. Because, if the mail was not from me ...

I leave the last word in this senseless off-topic discussion to you.

Post Reply

Return to “Ask for Help (v1)”