Running compiled script on another computer without warnings

[sebastian]

So I had compiled a simple non-harmful script that I wanted to also use on my other computer that hasn't got AHK installed. When I ran the exe on that computer I got a Windows pop-up warning me about it and my Anti-Virus automatically deleted it. It contained nothing harmful. Is there some way to get around this?

[boiler]

Not much you can do about it. Most anti-virus software packages will flag an .exe that it doesn't recognize from its database as having been installed and virus free by a large number of users. One suggestion is to not use MPRESS when compiling your exectuable because the resulting file gets flagged much more often as potentially malicious.

Just pause your AV software when installing and whitelist the file and/or directory so it's not caught in future scans.

[gregster]

Unfortunatelty, false positives are not uncommon with AHK. If you are sure that the exe is harmless, you could try to whitelist it in your specific anti-virus (how that works depends on the speciifc program).

In general - but not helping immediately in your current case - you should also report it as a false positive to the company that created the anti-virus program to reduce the likelihood that AHK-exes get flagged again in the future: please see https://www.autohotkey.com/boards/viewtopic.php?f=17&t=62266
If you are lucky, it will be fixed with one of next updates of your anti-virus...

Btw, it is not necessarily the content of your script that gets flagged by the anti-virus, but it could be as well the AHK interpreter that gets bundled together with your script (text) file in an AHK-exe (that means, in a narrow sense, it is not really a compilation) - so depending on the AHK version you used, results may vary...

[sebastian]

Thanks for the advice! It could be the compiler because I tried with something as simple as a script that sends a letter y when you press x and it got flagged as harmful.

[poa]

Sorry for necro-posting here, but I am doing a bit of research preemptively so I can, at least, reduce the likelihood that I flag Defender or whatever.

From what I've seen from other threads, and please keep me honest, one viable solution is to avoid compiling altogether, bundle the uncompiled script (let's call it "SharedScript.ahk") with a copy of AutoHotkey.exe which has been renamed to share the base name of the script I want to run, so "SharedScript.exe." This would theoretically lessen the chances that I trigger a false positive?

[gregster]

Not necessarily. I guess if a certain version of the interpreter gets flagged erroneously for its abilities or heuristic similarity to a malware, it's probably not so important if you include it as a separate file or as part of an compiled exe (you might know that AHK exe-files are more or less just a simple recombination of the text file and the AHK interpreter (and optional additional files) into one single file without real code optimizations or speed improvement; it's only a compilation in a broad sense of the word.).

On the other hand, compressed or obfuscated compilations might get even more false-positives. But it's hard to predict what even one specific Antivirus program will actually flag.

Providing an uncompiled ahk-file in text format is usually better because any suspicious user can inspect it without safety concerns and they can download the AHK interpreter themself from our website or github - which is also not helping against false-positives, but it might be more trusty than executing an exe-file from a more or less unknown third-party source (of course, there are also trusty ones).

[poa]

Thanks @gregster. That makes perfect sense. Luckily, I am sharing scripts with colleagues who trust me not infect their machines. My main concern is avoiding Windows Defender flagging their machines (in a corporate networked environment).