zjorz / Public-AD-Scripts

AD Scripts
GNU General Public License v3.0
273 stars 77 forks source link

Script listed as malicious #21

Closed M-Ciolfi closed 1 month ago

M-Ciolfi commented 4 months ago

Hi Zjorz,

firstly, I appreciate your efforts and support.

When I uploaded the script to any online malware scanning tool, it was flagged as malicious, unlike the previous versions.

Is there a specific reason for this? Have other users reported similar findings?

Thank you very much for your support. Muri

Kerberos_Script

zjorz commented 4 months ago

Which most recent version does not flag as malicious?

The only thing I can think of, is the script resetting the pwd of the KRBTGT account, but that IS the purpose of the script.

Flagging something as malicious does not say anything. I also find it interesting in understanding WHY that has been flagged as malicious. Are you able to understand why it is flagged as malicious?

Which tool did you use to scan the script? (url?)

nobody else has reported that to me

cadamwil commented 3 months ago

It's flagged by Kingsoft. I believe it's a false positive, not sure why they flag it. You may be able to contact VirusTotal and get them to kill it.

https://www.virustotal.com/gui/file/309ed04bb6cc6609d0a4584090168cb01f4f6ea98a44aee5be9d4030c906ef26

zjorz commented 1 month ago

it is probably flagged due to its security sensitive operation, being reset the krbtgt password. Will not do anything about this for now

mihailim commented 1 month ago

In my experience, Kingsoft isn't exactly... top tier for accuracy :) And, for what it's worth, the copy at that URL is no longer being flagged at all.