Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix incorrect load-time errors for non-hotkey lines containing '::'
- Loading branch information
Showing
2 changed files
with
7 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
b1ac375There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The windows setup executable from 2.0.13 gets flagged as a virus by Windows Security. The Windows setup executable from 2.0.12 does not.
b1ac375There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should use the forum for an issue. https://www.autohotkey.com/boards/viewtopic.php?f=82&t=129146
b1ac375There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rubahness That is an issue to take up with Microsoft. It is a false positive, but even if the file was infected, it would have nothing to do with this commit.
b1ac375There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@topia thank you for the link to the forums. I didn't see one in this project, which is why I created this issue.
@Lexikos this seemed to be the final commit before the PR was completed for .13. the issue didn't occur with the executable from .12, therefore it seemed reasonable to infer whatever change is triggering windows security occurred in-between those releases.
Maybe it's a Microsoft problem, but as a rando, I don't know that. The XZ exploit is still recent news. Sorry to have wasted the 30 seconds of your time
b1ac375There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rubahness There is no logic to signature or machine learning (AI) based detection. When the file was initially flagged, likely before any other human had seen it, the detection name indicated it was based on machine learning (AI). I reported the false positive to Microsoft. The response, which I was never actually notified of (but happened to see because I checked my submission), was that they (probably more AI) have updated their signatures to detect the file as malware (name in your screenshot). They gave no explanation and provide no means of disputing the determination, aside from submitting another report, which I did. Again I received no notification for a response, and now the links for my submissions do not work. If I seemed short with you in my previous comment, maybe now you see why. Nothing personal.
The setup exe is a compiled script based on AutoHotkey32.exe and AutoHotkey/AutoHotkeyUX@42fb651c. It includes a payload of files built from the AutoHotkey, AutoHotkeyUX and AutoHotkey-Docs repositories. This process was automated by Lexikos/AutoHotkey-Release@701af1f (mainly here). None of those files were flagged last I checked. Literally all of the code that makes up the setup.exe is in those files, except for whatever UPX does. (The file was compressed with UPX, which can also decompress it. I haven't bothered to test the decompressed file against any scanners.)
I had also built a setup exe based on the parent commit of this one and the parent commit of AutoHotkey/AutoHotkeyUX@42fb651c, and that exe was not flagged. There is no rational explanation for why these two commits would cause a detection, aside from random chance.
This is a comment on a commit, not an issue in an issue tracker. Personally I think the natural conclusion upon failing to find an issue tracker would be that issues should be raised elsewhere. The project URL is AutoHotkey's website, the front page of which has a very obvious link to the forums. But given that many others have posted misplaced issues (before I disabled the issue tracker) or comments on commits, if I don't put prominent directions for support in the readme, it's my own fault.
b1ac375There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Lexikos You could add/copy what I have below to the readme, whatever makes sense to you.
Support