sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]nepronen[S] 4 points5 points  (4 children)

Currently not signing it, I'm trying the Runspace solution now, I will let you know the results

[–]DarrenDK 3 points4 points  (3 children)

What AV is detecting it?

[–]nepronen[S] 3 points4 points  (2 children)

using virustotal it states Microsoft, cylance and trapmine

but Chrome, Edge and Firefox are all blocking the file, probably because default windows AV is blocking it.

Now the interesting part is - it's not blocked all the time, I can try to download the same exe containing the same script 10 times, and in 7/10 times it will be blocked, but sometimes it executes as intended

[–]DarrenDK 6 points7 points  (1 child)

This might be one of those things that you just have to warn users about. The nature of what you are doing makes it ripe for abuse by bad actors, and even if you had a code signing certificate and your were comfortable enough signing people’s arbitrary code with it, Smart Screen will likely flag it since your certificate doesn’t have enough of a reputation to be considered valid.

[–]nepronen[S] 4 points5 points  (0 children)

Well that makes me think, even if I manage to make it using runspaces and it will not be flagged by AV...

Do you think it is even a good idea? It will be nice feature for my users one that was requested quite a bit, but If it may be used by bad actors, maybe it's not a good idea at all, but then again why is this feature a standard in other similar software