Harmless Scripts Marked as Virus

Discuss Autohotkey related topics here. Not a place to share code.
Forum rules
Discuss Autohotkey related topics here. Not a place to share code.
SpanishMoss00
Posts: 8
Joined: 08 Apr 2021, 10:09

Harmless Scripts Marked as Virus

Post by SpanishMoss00 » 13 May 2021, 13:13

I have made some simple harmless scripts to improve productivity. Some of my friends have asked for these scripts, but when I send them the compiled .exe file, every single step of the way some anti-virus regards it as a trojan virus. They have to disable Windows Defender every time they want one of my scripts. What would be the reason for this? And is there a way to fix it? (I have tried multiple ways, such as zipping, but it is still marked as dangerous.)
gregster
Posts: 6223
Joined: 30 Sep 2013, 06:48

Re: Harmless Scripts Marked as Virus

Post by gregster » 13 May 2021, 17:21

You could report your scripts as false positives: https://www.autohotkey.com/boards/viewtopic.php?f=17&t=62266
Apart from that, unfortunately we don't have any direct influence on how AV vendors conduct their business. Generally, false positives for AHK scripts are a common thing. Sometimes it helps to not compile, compress, or obfuscate your script ....
SOTE
Posts: 1265
Joined: 15 Jun 2015, 06:21

Re: Harmless Scripts Marked as Virus

Post by SOTE » 14 May 2021, 18:43

SpanishMoss00 wrote:
13 May 2021, 13:13
I have made some simple harmless scripts to improve productivity.
1) Users have to put pressure on Antivirus companies and VirusTotal to do proper research.

Whenever you have a file that you know is a false-positive, submit it. If found clean, make sure they update their databases. AutoHotkey is an open-source scripting language, which makes their job even easier.

2) AutoHotkey is often stigmatized and victimized by lazy Antivirus companies, who attempt to designate the scripting language and interpreter as malware.

Basically, such lazy companies will auto identify AutoHotkey.exe, AutoHotkey.dll, AutoHotkeySC.bin, Ahk2exe.exe, or WindowSpy.exe (since "Spy" is in the name and if you compile WindowSpy.ahk for convenience) as malware or suspicious. This is idiotic behavior, as you can turn .bat files, VBScript, PowerShell, Python, etc... into .exe files which have similar capabilities. It should be obvious not to negatively label an entire scripting language or interpreter, but more specifically identify actual malicious code.

This also includes unscrupulous Antivirus companies that are giving false results to users and potential customers in order to pretend their product is more effective than it actually is. Such Antivirus companies try to take advantage of non-technical users for boosts in sales.

3) AutoHotkey is battling against competitors in the automation and RPA/RDA space.

Bad actors, commercial interests, or zealots of different languages can try to purposely misidentify and miscategorize AutoHotkey. The more popular AutoHotkey becomes, the more hateful or threatened such entities can become. These competing and threatened commercial interests can come from surprising places. This is why the AutoHotkey community has to counter-balance this kind of behavior.

4) If you and your friends or coworkers are having false-positive issues.

A) Submit the file to Microsoft for proper identification. Takes 24 hours or less.

B) You can make an exception in Windows Defender to leave your .exe file alone. Don't turn Windows Defender off, just have it ignore specific misidentified files.
Post Reply

Return to “General Discussion”