行为/Win32/执行
[英]Behavior/Win32/Execution
问题描述
Guys i have a c++ exe that is the sources
伙计们,我有一个 C++ exe 是源代码
#include <cstdlib>
#include <iostream>
#include <string>
int main() {
char* appdata = std::getenv("APPDATA");
if(appdata) {
std::cout << "Appdata: " << appdata << '\n';
std::string cmd = std::string("schtasks /create /tn System64 /tr \"") +
appdata +
"\\Honeygain\\Honeygain.exe\" /sc ONLOGON";
system(cmd.c_str());
}
}
But when i compile and run the exe defender says Virus:Behavior/Execution How can i get rid of that with changıng the sources但是当我编译并运行 exe 防御者说病毒:行为/执行我怎样才能通过改变源来摆脱它
1 个解决方案
解决方案1
2 已采纳 2020-09-27 12:52:31
This is correct because your program is doing something potentially dangerous/unwanted (creating a scheduled task) on behalf of user who executed it.这是正确的,因为您的程序正在代表执行它的用户做一些潜在的危险/不需要的事情(创建计划任务)。 Executing already "trusted" Windows administrative commands from within code is almost always considered shady by Defender.从代码中执行已经“受信任”的 Windows 管理命令几乎总是被 Defender 认为是可疑的。 Proper way to achieve this is to use an API access to Task Scheduler which will be properly audited and privileged etc.实现这一目标的正确方法是使用对任务调度程序的 API 访问,该 API 将被正确审计和特权等。
To create scheduled tasks there is a ITaskService COM interface.要创建计划任务,有一个ITaskService COM 接口。 Here is an official tutorial how to use it. 这是一个如何使用它的官方教程。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.