stackoom
  简体   繁体   中英

Behavior/Win32/Execution

 原文  2020-09-27 12:27:18       c++/ virus/ windows-defender

Question

Guys i have a c++ exe that is the sources

#include <cstdlib>
#include <iostream>
#include <string>

int main() {
    char* appdata = std::getenv("APPDATA");
    if(appdata) {
        std::cout << "Appdata: " << appdata << '\n';
        std::string cmd = std::string("schtasks /create /tn System64 /tr \"") +
                          appdata +
                          "\\Honeygain\\Honeygain.exe\" /sc ONLOGON";

        system(cmd.c_str());
    }
}

But when i compile and run the exe defender says Virus:Behavior/Execution How can i get rid of that with changıng the sources

1 answers

solution1
 2 ACCPTED  2020-09-27 12:52:31

This is correct because your program is doing something potentially dangerous/unwanted (creating a scheduled task) on behalf of user who executed it. Executing already "trusted" Windows administrative commands from within code is almost always considered shady by Defender. Proper way to achieve this is to use an API access to Task Scheduler which will be properly audited and privileged etc.

To create scheduled tasks there is a ITaskService COM interface. Here is an official tutorial how to use it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Win32 strange widechar behavior Strange behavior of Win32 MD5 hasher Modify the win32 window dragging/moving behavior LAPACK on Win32 Animated Image in Win32 Win32 SetForegroundWindow unreliable Undefined WIN32 messages Win32 Application Settings Win32 Keyboard combination Win32 code anomaly
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM