Replies: 19 comments 19 replies
-
|
Repeated twice, same result
|
Beta Was this translation helpful? Give feedback.
-
|
test6 and test7 changed to no dictation
|
Beta Was this translation helpful? Give feedback.
-
|
test 6 detected in version1.421.1222.0
|
Beta Was this translation helpful? Give feedback.
-
|
For unknown reasons, SeleniumVBA.xlsm v6.4 is no detection in Defender.
|
Beta Was this translation helpful? Give feedback.
-
|
So weird and random! Thanks @hanamichi77777! I'll add your excellent addition to the table above... |
Beta Was this translation helpful? Give feedback.
-
|
BTW @GHRyunosuke, apparently, according to @hanamichi77777's latest report, if it were not for your SendKeysToOS "attack vector", version 6.4 would be flagged as a false positive! 🤣🤣 |
Beta Was this translation helpful? Give feedback.
-
|
VBScript became on-demand from Windows11 version 24H2. |
Beta Was this translation helpful? Give feedback.
-
|
Interesting. I think it should, but I have not tested it that way. Not sure exactly what is removed if VBSCRIPT is disabled. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you. It has been confirmed that VBScript.Regex is invalid. |
Beta Was this translation helpful? Give feedback.
-
|
It should be enabled by default in this phase, according to the official MS timeline: and I can confirm that it's enabled, even without a checkbox to disable it, on my Windows 24H2:
|
Beta Was this translation helpful? Give feedback.
-
|
Thank you. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for testing it @hanamichi77777! |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for reporting this @hanamichi77777. I transferred it as an issue to @Sihlfall's vba-regex repo. If you find any more issues with vba-regex, it may be more expedient to post them there if you want to. One thing to keep in mind is that I made that class wrapper as a quick solution for testing, since I could just drop it in all of my codes without making any changes, thus minimizing commitment until well-enough tested. So far it worked in all of my use cases. But the wrapper is REALLY MUCH SLOWER than @sihlfall's "static" module version. So you may want to consider using the syntax for the faster original version once you are satisfied with testing. I may do that eventually. |
Beta Was this translation helpful? Give feedback.
-
|
I guess the wrapper is slower since you initialize the regex on each function call. That's not necessary unless the pattern or case-sensitivity changes. See this class wrapper, which can be built with Or do you mean the StaticRegex is faster even if you need the regex only once? |
Beta Was this translation helpful? Give feedback.
-
|
Changed the writing location Thank you for @GCuser99 @sihlfall |
Beta Was this translation helpful? Give feedback.
-
@sihlfall, I was referring to iterating through a large number of matches and sub-matches using the class wrapper that I made versus your static module. I'll look at stdRegex3 to see if there is anything in there that would help with efficiency. Thanks! |
Beta Was this translation helpful? Give feedback.
-
|
@GCuser99 All you have to do is to define as a member variable of your class module and make sure it is initialized with when an object is created. See here. Yet there I use Sancarn's Of course, this only helps if you are indeed initializing the Regex more than once. It depends on what you are doing. In the Regex engine, I avoid creating strings and rather work with (start, length) pairs whenever possible, since I noticed that strings are comparatively expensive in VBA. |
Beta Was this translation helpful? Give feedback.
-
|
I updated the false positives table and sorted from latest to oldest. Thanks again to @hanamichi77777 for the help. What is really interesting in the latest (June 6th, 2025) is that the only false-positive detection is the test where we replaced VBS's RegExp with StaticRegex! I guess it might be because there is more VBA code for the heuristics to be confused by... Anyway, it appears as though we are in a false-positive quiet period for the .xlsm version. We still have not experienced a false-positive detection yet for the .accdb and DLL versions (knock on wood!). |
Beta Was this translation helpful? Give feedback.
-
|
The results are as follows.
|
Beta Was this translation helpful? Give feedback.
-
|
That is strange @hanamichi77777... Look at top of this discussion - I updated the table with results from 1.431.139.0 before your last post and only test 2 had a false positive. I just tried again with 1.431.150.0 and got the same results as I did for 1.431.139.0! |
Beta Was this translation helpful? Give feedback.
-
|
I'll try it again. |
Beta Was this translation helpful? Give feedback.
-
|
I repeated this three times with 1.431.151.0, but the results are disappointing in my environment.
|
Beta Was this translation helpful? Give feedback.
-
|
Thanks for tripple checking! Weird that you nearly got the opposite results as I did! Back to drawing board... |
Beta Was this translation helpful? Give feedback.
-
|
I repeated this three times and got good results with 1.431.183.0.
|
Beta Was this translation helpful? Give feedback.
-
|
I repeated this three times and got good results with 1.431.188.0.
|
Beta Was this translation helpful? Give feedback.
-
|
I repeated this three times and got good results with 1.431.199.0.
|
Beta Was this translation helpful? Give feedback.
-
|
I repeated this three times and got good results with 1.431.216.0.
|
Beta Was this translation helpful? Give feedback.
-
|
I repeated this three times and got good results with 1.431.243.0.
|
Beta Was this translation helpful? Give feedback.
-
|
I repeated this three times and got good results with 1.431.266.0.
|
Beta Was this translation helpful? Give feedback.
-
|
I experimented with regular expression alternatives (VBA-dotNET-regex(@6DiegoDiego9) and vba-regex).
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
More and more lately, SeleniumVBA has been flagged with antivirus false positives. This is not surprising given the complexity and functional breadth of our code. Multiple times in the past I've experimented by randomly removing/changing various code blocks, but it has been difficult to isolate the problem(s) on a one-off basis. Additionally, it seems that satisfying Window's Defender heuristics is a moving target, as there are times when the EXACT same code is fine one day, and then flagged on another, and then back to being ok later. Additionally, the MS Excel version of SeleniumVBA can be flagged, but the EXACT same code in MS Access is ok.
I think it's time to try a more structured longer-term approach. From v6.2 onward, we will test av false positives in this GitHub folder. There I have created several functionally "reduced" test versions of SeleniumVBA.xlsm. To start with, I've removed/replaced some functionality that I know MalwareBytes real-time protection does not like but will test other code changes in the future as well.
The table below summarizes the functionality removed from each test:
Below is a table for tracking false-positives over time - I will update this table with hopefully help from some of you going forward:
If you have issues downloading and/or using the latest release version, then please try one of the test versions, and then report your experience in this discussion thread so that we can track and hopefully determine a strategy that reduces the number of false positives in the future.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions