Reply to thread

Message

<blockquote data-quote="MacDefender" data-source="post: 880923" data-attributes="member: 83059">BTW regarding:Theoretically the &quot;IDLE&quot; exploit can be packaged as a ZIP file and that does not trigger smartscreen. Running IDLE.exe also does not trigger the default SmartScreen because IDLE is a digitally signed and safe reputation program.I only packaged it as a 7z SFX EXE (which makes SmartScreen catch it) because it would be a 35MB zip file vs a 20MB 7z archive, and I didn&#039;t want to force all my testers here to get 7zip to unzip the exploit.Python is actually often distributed as a self contained zip file, so unzipping and executing Python out of a downloaded archive is not necessarily far-fetched.(but as Andy pointed out before, you can use the H_C config to force a SmartScreen popup to tell you about IDLE.exe regardless of it being signed. But that says nothing about the fact that I tainted a Python library buried deep within the archive....)</blockquote>

[QUOTE="MacDefender, post: 880923, member: 83059"] BTW regarding: Theoretically the "IDLE" exploit can be packaged as a ZIP file and that does not trigger smartscreen. Running IDLE.exe also does not trigger the default SmartScreen because IDLE is a digitally signed and safe reputation program. I only packaged it as a 7z SFX EXE (which makes SmartScreen catch it) because it would be a 35MB zip file vs a 20MB 7z archive, and I didn't want to force all my testers here to get 7zip to unzip the exploit. Python is actually often distributed as a self contained zip file, so unzipping and executing Python out of a downloaded archive is not necessarily far-fetched. (but as Andy pointed out before, you can use the H_C config to force a SmartScreen popup to tell you about IDLE.exe regardless of it being signed. But that says nothing about the fact that I tainted a Python library buried deep within the archive....) [/QUOTE]

Verification