Hi there!
You are definitely not alone in this struggle; this is essentially the "final boss" of using AutoIt in a modern environment. Since Windows 10, and even more so with Windows 11, Microsoft has become incredibly aggressive with their heuristics.
Regarding the Windows Defender false positives, one specific point you mentioned was dealing with compiled .exe files. Often, the issue isn't your code itself, but the UPX compression that AutoIt uses by default when compiling. Defender sees a compressed executable and immediately gets suspicious because malware authors use similar packing techniques to hide their code.
Here is a workflow that has worked for me:
- Disable UPX: When you compile (using the full Compile with Options tool), uncheck the box for UPX compression. The file size will be slightly larger, but it often stops Defender from flagging it immediately.
- Self-Signing: If you are using these tools internally, you can create a self-signed certificate and sign your .exe. It’s a bit of a process to set up initially, but once you trust that certificate on your local machine, the warnings usually disappear.
- The "Task Scheduler" Trick for UAC: You mentioned you don't want to disable UAC (which is good, don't do that!). The best way to bypass the prompt for a specific script you run often is to set it up in Windows Task Scheduler. Create a task that runs your .exe, check the box "Run with highest privileges," and then create a shortcut on your desktop that triggers the task (schtasks /run /tn "MyTaskName"). This allows you to launch it as Admin without the screen dimming and asking for permission every time.
I actually ran into this exact scenario last week during a home lab upgrade. I was writing a quick automation script to monitor the link status and toggle settings on a new hardware addition. I had installed a Network Devices Expansion Module 1 Port card into my server to create a dedicated direct-link for backups.
I wanted my AutoIt script to automatically reset the adapter on that specific 1-port module if the throughput dropped below a certain threshold. Because the script was interacting with the network stack and hardware drivers, Windows 11 treated it like a major security threat. The UAC was relentless because of the admin requirement to reset the adapter, and Defender hated it because it was an unsigned .exe poking around hardware drivers.
Switching to the Task Scheduler method for the UAC bypass and unchecking UPX solved about 90% of the headaches for me.
Have you tried compiling the script as x64 specifically? sometimes I find that switching the architecture from x86 to x64 (or vice versa) changes the hash enough to bypass a specific Defender definition update.
Good luck!