我的 vbscript 被杀毒软件标记了? [英] My vbscript gets flagged by antivirus?
问题描述
我工作的 IT 公司要求我制作一个脚本,该脚本能够下载所需的文件并将它们存储在一个文件夹中以供以后安装.
The IT company I work for has requested me to make a script that would be able to download the needed files and store them, in a folder for a later install.
这是我使用的代码
Set BS = CreateObject("ADODB.Stream")
BS.type = 1
BS.open
BS.Write xHttp.ResponseBody
BS.savetofile "putty.exe", 2 '//overwrite
If objFileSys.FileExists("putty.exe") Then
objFileSys.DeleteFile "putty.exe"
BS.SaveToFile "putty.exe", 2
Set objFile = objFso.GetFile("putty.exe")
'* If the file doesn't exist, it will be downloaded here.
Else
BS.SaveToFile "putty.exe", 2
Set objFile = objFso.GetFile("putty.exe")
End If
这段代码 ^ 没有问题,但是,这段代码有问题:
This code ^ has no issues, however, this code does:
Set BS = CreateObject("ADODB.Stream")
BS.type = 1
BS.open
BS.Write xHttp.ResponseBody
' If the file does exist, it will be deleted and re-downloaded.
If objFileSys.FileExists("" + strDirectory + "\putty.exe") Then
objFileSys.DeleteFile "" + strDirectory + "\putty.exe"
BS.SaveToFile "" + strDirectory + "\putty.exe", 2
Set objFile = objFso.GetFile("" + strDirectory + "\putty.exe")
' If the file doesn't exist, it will be downloaded here.
Else
BS.SaveToFile "" + strDirectory + "\putty.exe", 2
Set objFile = objFso.GetFile("" + strDirectory + "\putty.exe")
End If
出于某种原因,防病毒软件 (sophos) 标记了第二个代码,但我不确定为什么?
For some reason the antivirus (sophos) flags the second code, but I'm unsure why?
如您所见,第一个代码只会下载文件并将其保存到 .vbs 中,公司不喜欢这个问题.我试图将文件放在 C: 中,但您需要管理员权限,这意味着您需要以管理员身份登录(呃).
The first code as you can see will just download the file and save it to were the .vbs is, the issue with this the company did not like that. I tried to put the files in C: but you need admin rights, which means you need to login as admin (ugh).
所以我制作的脚本只是将所有需要的文件放入一个临时文件夹中,strDirectory"转到C:\Users\NAME\AppData\Roaming\Work"我这样做的原因是因为脚本会收集PC 的用户名,即 Bob,因此它将转到C:\Users\Bob\AppData\Roaming\Work"示例:"C:\Users\"+ PC NAME+ "\AppData\Roaming\Work"
So I made the script just put all the needed files into a temp folder, "strDirectory" goes to "C:\Users\NAME\AppData\Roaming\Work" the reason I did this was because then the script would collect the PC's username i.e. Bob and so it would go to "C:\Users\Bob\AppData\Roaming\Work" example: "C:\Users\"+ PC NAME+ "\AppData\Roaming\Work"
但是防病毒标志再次出现,我不知道为什么?
But again the antivirus flags and I'm not sure why?
谢谢!
PS 这不是我在 stackoverflow 上找到的脚本,我只是对其进行了编辑以满足我的需要.
PS This is not my script I found it here on stackoverflow, I have just edited it to fit my needs.
PSS 我无法上传公司问题的完整代码,但错误在下载部分.
PSS I cannot upload the full code for company issues, but the error is in the download part.
推荐答案
这两个脚本很相似,但一个小小的改动就能带来很大的不同.
The two scripts are similar but just a small change can make a big difference.
第一个限制是将可执行文件保存在执行脚本的位置.
The first is constricted to saving the executable file in the location where the script has been executed from.
第二个没有限制,理论上可以将可执行文件保存在目标机器上的任何位置(取决于本地安全性、脚本的执行权限等).
The second isn't constricted and can theoretically save the executable anywhere on the target machine (dependent on local security, execution rights of the script etc.).
这是防病毒软件包的潜在危险信号,也是标记第二个脚本的可能原因.不删除 AntiVirus (我不推荐) 的唯一建议是将脚本列入白名单(如果包中支持).
This is a potential red flag for AntiVirus Software packages and the likely cause of the second script being flagged. The only suggestion without removing the AntiVirus (which I wouldn't recommend) would be to whitelist the script if supported in the package.
通常,在企业网络中,AntiVirus 是集中处理的,因此可能有一种方法可以将脚本从中央管理门户列入白名单,但您需要与您的 IT 基础架构团队联系以促进它.
Usually, in corporate networks, AntiVirus is handled centrally, so there is potentially a way of whitelisting the script from a central admin portal but you would need to speak to your IT Infrastructure Team to facilitate it.
这篇关于我的 vbscript 被杀毒软件标记了?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
