Hi folks,

is it possible to create a bundle where Windows Defender is not kicking in? I tried not to use UPX but the same error happened.

Michael

Actually bundle always fails when i try.


Mal deutsch ( i dont know the english captions)

gehe bei den neuen windows-einstellungen und tipp ins suchfeld "Windows-Sicherheit" minus/bindestrich sonst wird es nich gefunden

Gehe zu "Viren- uund Bedohungsschutz" wennn du Schalter für "Echtzeitschutz" und "cloudbasierter Schutz" siehst bist Du auf der richtigen seite. <die rechte hälfte gannz bis unten scrollen
Da steht Ausschlüsse. und untendrunter ein link
Ausschlusse hinzufügen oder entfernen.
Klick da
Dann musst du noch mal bestätigen das du tust was du willst,(als admin mindestens) dann gibts einen Button "+ Ausschluss hinzufügen"
klick da und wähle ordner: suche thinbasic installationsordner und setzt den in die liste. Dann mach das gleiche mit einem ordner in dem du deine scripts speeicherst. - also wo deine datenquellen für bundle stehen mindestens.
dann klick nochmal und wähle statt ordner dateityp und setze ".tbasic*" ein - das sollte alles abdecken. mit oder ohne punkt, beides geht ".inc" oder sonstige files die du verwendest vorsichtshalber - kanns ja später wieder löschen.




'' # tb_Admin_always.tBasic" -save using this name for example




string lc(), sFile = replace$(app_inifile,"Ini","Reg")
parse app_path, lc,"\"
save_file(sFile ,UTF8ToWideChar$( strformat$("{1} Registry Editor {2} 5.00{3}{3}[HKEY_{4}_USER\Software\Microsoft\{1} NT\{4}{2}" & _
"\AppCompatFlags\Layers]{3}{5}{6}{7}{6}{8}{6}{7}_Bundle_UI{9}{3}{5}{6}{7}{6}{8}{6}{8}{9}{3}{5}{6}{7}{6}{7}{9}{3}",
"Windows","Version", $CRLF,"CURRENT", $DQ & lc(1), "\\",lc(2),"thinAir",".exe""=""~ RUNASADMIN" & $DQ)) )


Select case msgbox "Written a reg-import-file to " & app_scriptpath & crlf & _
"Do you want to merge it into your registry now? (Admin privileges required)" & crlf & _
"You can however import it by right-click in explorer and choose to merge," & crlf & _
"reg import " & $DQ & sFile & $DQ & crlf & _
"from an elevated command prompt or or in a batch file." & crlf & _
"Or directly through filemenu, import within regedit, however the filename" & crlf & _
"is stored to the clipboard now.", %MB_YesNoCancel | %MB_IconQuestion,
"Do you have administrative rights?"

case %IDYes
lc(1)= shell_captureoutput (sFile,"", %SW_Hide, 300)
if lenf(lc(1)) > 5 then
msgbox lc(1), %MB_IconInformation, "reply of os"
elseif leftf$(lc(1),2) = "-1" then
msgbox "Returned value -1 (True)" , %MB_IconInformation, "reply of os"
else
msgbox "no returned value implies it was not merged ", %MB_IconExclamation, "no reply of os"
endif
case %IDNO
' delete the file to prevent from accidental merging it
shell( "Explorer.exe -o ", App_Scriptpath )

end select


clipboard_settext(sFile)
shell("regedt32","")

' - - -



execute as Admin to run thinbasic thinair & bundle as Admin always.
or just execute. open the folder of the script and right-click the written .reg-File , choose Merge (as admin) to import into the registry.

And that only help myself. As soon as you want to distribute your script, you would run into trouble.
Its the O2 part of thinBasic that is most likely responsible for the false flags of virus checkers.

but i did not use O2 - oxygen- not i the script above nor when bundling. Even as System (default in WinPE) which has higher rank and more rights than admins- it says "bundle not ok". Not even when i log is as trustedInstaller - the most powerful rank- it will not bundlee. Not when i use 1,2,3 or none different modules. i dont hink its the av alone since the path is excluded for defender. I have no system path nor subfolderof asystem path in use. And it will not bundle. I have it in win 10 and win 11 , on to hd installed windows or in from virtual booted windows . i have the issue in 3 different thinBasicinstallations where none shares a path with the current os.Also intentionally use of such path does not change a thing.
= does not make it worse than not functioning

Do not know if it can help but I did many changes in latest Beta I'm working on and not yet published.
Link is: https://www.thinbasic.biz/projects/thinbasic/thinBasic_1.11.7.0.zip

I'm using at work in dozen of bundled script without problems.
I've tested under Trend Micro, Cynet, MS Defender ... all enterprise editions and no problems so far.
Petr is using under its own company AV and didn't reported problems so far.

This version has many new features still to be finished and documented but should not create problems.
Let me know if it helps

Thanks
Eros

Thanks Eros, I will give this a try on the weekend and report back. Would be awesome if bundles wouldn't be a problem to distribute anymore. I could get our IT provider to get a bundle to install but if the virus checker kicks in, that would be a nogo.

Hi Mike,

we will try to submit the thinBundle to all vendors with each new build.

Regarding your distribution of your apps created with bundle:

We cannot offer an systematic solution for generated EXEs, because if we buy certificate and sign bundled exe/thinBasic.exe with trusted certificates, it will become trusted even if it executes "evil" script by 3rd party.

The affordable solution for you as an indie developer could be:
- you can generate certificate for free, and you can ask your users to trust your certificate (how described under "Generate a certificate using Makecert" here: https://stackoverflow.com/questions/252226/signing-a-windows-exe-file)
- use that certificate to sign your tools/games

(this does not guarantee anything yet, but it will remove "unknown publisher" alert on Windows and prepares you for the next step)

- additionally, I would still recommend to submit the signed EXE to major AV vendors for check and whitelisting - you can "automate" the check by submitting file via https://www.virustotal.com/gui/home/upload and the contacting only those vendors, which triggered false positive.

Each company behind Antivirus software uses a bit different approach, so there is sadly no magic to guarantee no issues under all AV vendors.


Petr

I tried to make a Bundle and it fails on the last step!! I have McAfee AV, but it does not report anything blocked!

Ciao Gary,

last step thinBundle waits for 3 seconds in order to give AV software enough time to scan final executable and release it or not.
I think in your case your AV intercepts something it doesn't like or has not enough time to finish the job.

As a first try ... try to disable UPX compression and see if it makes any difference.
If it works ... your final .EXE will be a bigger but we can work on this and find a solution in next thinBasic release.

Let me know.
Eros

I tried turning off the compression, but it still fails. I too would be willing to bet it has something to do with the Anti-Virus! If I can figure out how to turn off the AV I will do that, otherwise, it is not a big deal!

Ciao,

yes should be AV.
Of course I can assure that thinBasic and thinBundle in particular has not any threats inside but it uses some techniques that can be considered a threat from an AV point of view.

If you can switch off your AV for a while and test again and tell me.

Also I've created a little modification in thinBundle and released a new thinBasic version for you to test and see if it makes any difference:
https://www.thinbasic.com/public/__ForGary__/thinBasic_1.11.7.0.zip

Last: if you have some log from your AV and can attach here, I will directly contact McAfee.
It happened many times in the past that AV detected something strange in some thinBasic modules, I contacted AV producer and most of them reacted very nicely after some days.

Ciao
Eros