-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trend Micro Antivirus blocks use of RunOnce #5482
Comments
Please post details of the Trend Micro error. |
Sorry used the wrong button. just wanted to comment. |
Is this a problem when building or running the bundle? The error is at runtime but most of the issue is about building. |
This is a problem when running the bundle on a different system which has the antivirus software installed. Currently it only happens with Trend Micro, every other encountered antivirus works without issues. |
Since today I am also getting this error if I am using a Standard UI. Same error that the run once registry key cannot be written. |
Actually the same issue is with Symantec Endpoint. When we try to sign the engine.exe the Symantec End Point thinks this as a Heuristic Virus and deletes the engine.exe file. |
Try to run the Bootstrapper setup exe in "Run as administrator" mode. If it will get work, then we may find different approach to resolve this issue. |
From the discussion in https://www.firegiant.com/blog/2020/12/22/wix-online-meeting-202-highlights/: We use the |
I'm struggling with this RunOnce issue with anti-virus. I think there should be a chance for the user to opt out this "feature" if we don't need it. |
This issue was tracking how to keep the current functionality without triggering anti-virus. If you want to opt out of this functionality, you should create a new feature request for that. |
Which version of WiX are you building with?
3.10.3.3007
Which version of .NET are you building with?
4.6.1
If the problem occurs when installing your packages built with WiX, what is the version of Windows the package is running on?
Windows 7
Describe the problem and the steps to reproduce it.
Creating a bundle installation of multiple msis using an .NET Applcation which calls the windows installer xml command line tools containing a custom bootstrapper application raises a "unauthorized changes" error in Trend Micro antivirus and the bootstrapper application is blocked.
This only happens if the you are signing the custom bootstrapper using insignia to detach, then sign with signtool and reattach the engine.
`////DETACH engine.exe
ProcessStartInfo startInfo = new ProcessStartInfo();
startInfo.FileName = Path.Combine(Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().Location), "Wix-Tools", "insignia.exe");
startInfo.Arguments = " -ib " + """ + bundlefile+ "" -o "" + bundleEngineFile + """;
Process p = Process.Start(startInfo);
p.WaitForExit();'
This does not happen if you are using a Standard BootstrapperApplication:
and using the code from above.
Also if you are signing the bundle engine and the bundle file using msbuild this error does not occur:
Trend Micro logs the error when the custom bootstrapper application tries to write the RunOnce entry into the HKCU.
The Setup should be installed without the antivirus saying it is a thread.
Currently I do not know why this error occurs and how to prevent it.
Could you please take a look.
Thanks.
Best regards
Christopher Black
The text was updated successfully, but these errors were encountered: