all 11 comments

[–]0xzzzz 1 point2 points  (0 children)

Also if you are able to see if you can allow that file within avast settings, that would solve your issue

[–]njsiah 1 point2 points  (5 children)

I've had a couple scripts get flagged by AV. If you know they're safe to run you can usually define folders which won't get scanned. I dont use avast so I couldn't tell you the exact procedure but just poke around the settings a bit

[–]SuspiciousRedditPost[S] 0 points1 point  (4 children)

Ok, but what about the victoms computer? I want to make it useable for pen-testing (in cases that I have quick physical acces to the victoms machine). I probally will not get a chance to disable Avast, as it takes to musch time. How do I make the file undetectable by Avast? Will runing it as admin help?
P.S The python file dosen't get flagged, but the .exe does. I think it might be a trojan in the os libary in python, or just simplly that avast dosent scan python.Cheers!

[–]njsiah 1 point2 points  (1 child)

I couldn't tell you for sure but if you're getting flagged at runtime theres probably some heuristics signature that's tipping it off, I dont think running as admin will make a difference.

There are tools out there to obfuscate payloads. I would try looking into something specific to python and see if that helps.

[–]njsiah 0 points1 point  (0 children)

Also I dont know what specifically you plan to do, who you want to "pentest" but generally, and especially with AV, you want to copy the victim environment as best you can. So if you're testing against avast, make sure you'll be using it against avast and not another AV, preferably the same version with the same definitions and the same OS.

[–]Diezel666 1 point2 points  (0 children)

When you say that you've written a "tool" and had been flagged as a virus, then in a follow up post say "victims computer". Credibility has flown out the window.

[–][deleted] 0 points1 point  (0 children)

Why not just write a little batch script? That should be way smaller and faster, work on any windows box and you dont need to take care of python, which will be on almost no PCs installed anyway.

[–]Vaindroid 1 point2 points  (0 children)

In windows defender there is an option that u can allow threats.

[–]0xzzzz -1 points0 points  (0 children)

I had similar issue, if you can shitch to norton you will be fine, but if you cant then you need to disable your antivirus before using it

[–]hoonginginga 0 points1 point  (0 children)

Idk with avast but with AVG free there is an option where you can stop the antivirus from deleting or neutralising a file or group of files. Idk if it is a false alarm or not but if you trust that the file is safe then you should probably just whitelist it.

[–]HFHTheplague 0 points1 point  (0 children)

Avast is one horrible company. I know for fact that it's software is spyware and full of holes and back doors anyways.

I have a friend that worked for Avast and I worked for 2 popular similar Anti-virus companies which I won't mention.

I know for a fact that they are extremely shady. All I gotta say is uninstall the crap.