Jump to content
gauss76

SAS 5 Real Time Protection blocking Autoit Scripts

Recommended Posts

Hi,

First of all I would just like to thank the people of SAS for an excellent product which I have been using now for over a year with no problems, until today!

I have a professional lifetime subscription for SAS and have recently upgraded to version 5, 0, 0, 1108 running on a fully patched Windows XP system.

I use quite a lot of Autoit scripts to manage certain aspects of my system. Previously these have all worked with no problem with SAS running in the background. However if version 5 is running (with or without real time protection enabled) I get a trojan horse warning and my chosen Autoit exe file is sent directly to the Quarantine area. I have tried adding the exe file(s) to the Manage Allowed Item... area and have also added the folder that contains the files to the Manage Excluded Folders... area. But this makes absolutely no difference, sending the file to the Quarantine area every time. The only way I can run the exe file is to exit SAS completely which I do not want to do.

Can anyone help sort this out?

If you require any further information please let me know.

Many thanks

Gauss76

Share this post


Link to post
Share on other sites

Can anyone help sort this out?

If you require any further information please let me know.

Many thanks

Gauss76

Please submit the file as a false positive report. To do this, (sorry for the extra steps) ... Disable Real-Time protection (you can use the checkbox on the main window). Restore the item that was quarantined. Hide the SUPERAntiSpyware main UI by closing the window (but make sure the bug is still in the system tray). Right-Click on the falsely-detected file in explorer and select "Scan with SUPERAntiSpyware". At this point SUPERAntiSpyware should detect the item. Select the item in the list and click the button to report a false positive. Type in something like "Dave from the forum told me to do this" in the description for why you're reporting the item; so I can find it in our false positive system. I'll make sure we exclude that item in our rules and the next release it won't detect for you.

Let me know if one of these steps didn't work for you.

Share this post


Link to post
Share on other sites

Please submit the file as a false positive report. To do this, (sorry for the extra steps) ... Disable Real-Time protection (you can use the checkbox on the main window). Restore the item that was quarantined. Hide the SUPERAntiSpyware main UI by closing the window (but make sure the bug is still in the system tray). Right-Click on the falsely-detected file in explorer and select "Scan with SUPERAntiSpyware". At this point SUPERAntiSpyware should detect the item. Select the item in the list and click the button to report a false positive. Type in something like "Dave from the forum told me to do this" in the description for why you're reporting the item; so I can find it in our false positive system. I'll make sure we exclude that item in our rules and the next release it won't detect for you.

Let me know if one of these steps didn't work for you.

Thanks for the response.

I can do that, no problem, but it seems to me that the "Allow/Trust Item" does not work for the Real-Time Scanner and hence I would have to do what you suggest for each Autoit script I have written and indeed any other program that I did not want the Real-Time Scanner to flag as spyware! Clearly the Real-Time Scanner is great but the flexibility of choosing which files it should ignore is also of great importance.

Gauss76

Share this post


Link to post
Share on other sites

Thanks for the response.

I can do that, no problem, but it seems to me that the "Allow/Trust Item" does not work for the Real-Time Scanner and hence I would have to do what you suggest for each Autoit script I have written and indeed any other program that I did not want the Real-Time Scanner to flag as spyware! Clearly the Real-Time Scanner is great but the flexibility of choosing which files it should ignore is also of great importance.

Gauss76

We are looking into this!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...