Jump to content
Sikem

Autoit False Positives

Recommended Posts

I was testing upgrading our AV from ClamAV 1.0.26 to Immunet 3.0 for my organization (approx. 150 users). However, it now detects all our scripts created with AutoIT as malware. Is there a workaround other than creating an exception for each and every script?

Share this post


Link to post
Share on other sites

Hi Sikem, I'm looking into this to see if we can find a way to mark your autoIT scripts as clean in the cloud. Just so I'm clear though - your seeing Immunet detect your *scripts* as malicious, not the autoit application itself? Can you tell me what version of autoit your using, and would you mind sending me an example of one of your scripts to support@immunet.com with the subject "For RobT - forum thread 1171"?

 

In the mean time, the quickest remediation I can think of would be to add a filetype exclusion to exclude *.au3 (i.e. all autoit scripts).

Share this post


Link to post
Share on other sites

Thanks for the help, Rob.

 

Just to clarify, we compile our autoit scripts. And it is the .exe files that are quarantined. We are using Autoit v3. I will send you a script now to your e-mail.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...