- Dec 23, 2014
Theoretically the "IDLE" exploit can be packaged as a ZIP file and that does not trigger smartscreen. Running IDLE.exe also does not trigger the default SmartScreen because IDLE is a digitally signed and safe reputation program.
I only packaged it as a 7z SFX EXE (which makes SmartScreen catch it) because it would be a 35MB zip file vs a 20MB 7z archive, and I didn't want to force all my testers here to get 7zip to unzip the exploit.
Python is actually often distributed as a self contained zip file, so unzipping and executing Python out of a downloaded archive is not necessarily far-fetched.
(but as Andy pointed out before, you can use the H_C config to force a SmartScreen popup to tell you about IDLE.exe regardless of it being signed. But that says nothing about the fact that I tainted a Python library buried deep within the archive....)
It seems that Python 3.8.2 (from python.org) uses idle.bat to open Python Shell on Windows:
@echo off rem Start IDLE using the appropriate Python interpreter set CURRDIR=%~dp0 start "IDLE" "%CURRDIR%..\..\pythonw.exe" "%CURRDIR%idle.pyw" %1 %2 %3 %4 %5 %6 %7 %8 %9