Firstly, I have to comment that I just resently tried MenuHack for the first time. I've delayed doing so because I've already got so many processes running in the background.... To my surprize (and delaight), MenuHack doesn't run in the background... It doesn't even appear to have any associated Windows Process when it activates. (Which I didn't even thing was possible). Kudos to Snakebyte!
Anyway, I'd like to try Menu++ now, but lousy Sophos keeps removing the exe file. I've tried to add it to the "authorized" lists, but that doesn't seem to be an option for this particular exe. (I don't know why it's any different to Sophos than MenuHack.exe is). I'm sure there are reasons that you both want to keep xplorer2 and Menu++ as separate entities, but if they were compiled together, then maybe Menu++ would be able to "piggyback" on Niko's digital signature??? Any other ideas how to workaround this? (It's my work laptop... I'm an administrator, but I'm not supposed to mess with the antivirus too much.) -steve
Niko compile Menu++ in xplorer2.exe??
Moderators: fgagnon, nikos, Site Mods
As Menu++ is written under AutoHotKey you'd have to take the rather ludicrous step of compiling that itself into x2, which would be illegal anyway, as the GNU license demands full code disclosure to users (at least the integrated parts) - not something most (for profit) software developers are happy doing for obvious reasons.
Your anti-virus gets upset (as many do with autohotkey elements) as (in part) it hooks into keyboard and mouse system-level events - which is exactly what keyloggers do. It can also execute DLL functions and Windows API calls, which make active (software) firewalls nervous.
In particular the compiled scripts (to create .EXE's which do not require AutoHotKey to be installed) are obvious targets. I would surmise that Sophos gets annoyed by one and not the other because each .EXE would only include the function libraries necessary to execute it's purpose - MenuHack is more limited in its scope than Menu++ would be.
As far as I know, aside from the usual Whitelisting of such applications, there's not much you can do. If you're not really allowed to mess with the PC itself much, you can probably rule out installing AutoHotKey proper and running the scripts yourself - not that that's any guarantee of success, anyway.
Considering what Nikos (the sucker) paid to be able to digitally sign stuff, he'd probably get a good chuckle from the suggestion of sharing that with anything under the GNU GPL. Which would be an oxymoronic concept anyway.
Your anti-virus gets upset (as many do with autohotkey elements) as (in part) it hooks into keyboard and mouse system-level events - which is exactly what keyloggers do. It can also execute DLL functions and Windows API calls, which make active (software) firewalls nervous.
In particular the compiled scripts (to create .EXE's which do not require AutoHotKey to be installed) are obvious targets. I would surmise that Sophos gets annoyed by one and not the other because each .EXE would only include the function libraries necessary to execute it's purpose - MenuHack is more limited in its scope than Menu++ would be.
As far as I know, aside from the usual Whitelisting of such applications, there's not much you can do. If you're not really allowed to mess with the PC itself much, you can probably rule out installing AutoHotKey proper and running the scripts yourself - not that that's any guarantee of success, anyway.
Considering what Nikos (the sucker) paid to be able to digitally sign stuff, he'd probably get a good chuckle from the suggestion of sharing that with anything under the GNU GPL. Which would be an oxymoronic concept anyway.
Yea, after posting, it occurred to me that they’d be written in different languages. I wasn’t even really thinking about Menu++ needing the AHK “runtime” though...Kilmatead wrote:As Menu++ is written under AutoHotKey you'd have to take the rather ludicrous step of compiling that itself into x2, which would be illegal anyway, as the GNU license demands full code disclosure to users (at least the integrated parts) - not something most (for profit) software developers are happy doing for obvious reasons.
Actually, I guess that is kindof silly. I’m glad I posted it though—because now I’m getting a bit of a chuckle myselfKilmatead wrote:Considering what Nikos (the sucker) paid to be able to digitally sign stuff, he'd probably get a good chuckle from the suggestion of sharing that with anything under the GNU GPL. Which would be an oxymoronic concept anyway.
Hi Kev, Thanks for the reply. I'm at work and tried it again, but am having difficulty figuring out which it is... As soon as I unzip the archive, Sophos "sees" the .exe and quarantines, then removes it. I'm not even clicking on the .exe. This makes me think it's not a 'runtime' issue, since I never even launch the .exe... If I look in the Quarantine Manager, the "name" of the file is "mal/Generic," whereas there are a couple of others named "HIPS/ProcMod."kev wrote:sophos might detect menu++ in two distinct ways; either as malware/pua by file scanning or by its runtime behaviour under hips. do you know which it is?
ah if it is detected as soon as you unzip it then it must be detected by static file scanning as malware... as you rightly suggest it can't be hips unless it is executed...
i am skeptical about the notion that the autohotkey executable will "only include the function libraries necessary to execute it's (sic) purpose" as it would be far more complicated for autohotkey to compile its own exe in this manner rather than just including everything, as for example autoit does, but i must admit i don't know this for a fact.
anyway i worked for many years for sophos as a virus researcher, so i know that you can likely get them to remove detection for this particular binary by submitting it to them and requesting it, mal/generic is a fairly loose identity. have a go at this and if you don't get anywhere pm me and i'll have a word with a couple of my ex-colleagues who still work in the lab. anything for xplorer2 and associated products
i am skeptical about the notion that the autohotkey executable will "only include the function libraries necessary to execute it's (sic) purpose" as it would be far more complicated for autohotkey to compile its own exe in this manner rather than just including everything, as for example autoit does, but i must admit i don't know this for a fact.
anyway i worked for many years for sophos as a virus researcher, so i know that you can likely get them to remove detection for this particular binary by submitting it to them and requesting it, mal/generic is a fairly loose identity. have a go at this and if you don't get anywhere pm me and i'll have a word with a couple of my ex-colleagues who still work in the lab. anything for xplorer2 and associated products
Well this could be because MenuHack is an AutoIt3 executable and Menu++ is compiled as Autohotkey exe. Anyways I have recompiled Menu++ with latest version of AutoHotkey. Could you download it from hereand let me know if Sophos still marks it as a virus?kunkel321 wrote:Cool thanks! I'll contact them and report back.
Extra note: Menu++ causes problems, but MenuHack runs with no problem at all, so I imagine it's SnakeByte's actual code that is seen as a "virus" by Sophos....
BTW whats up with your new avatar?
Help! I'm an AI running around in someone's universe simulator.