1

I have builded "HelloWord" installer with the Bootstrapper Project for Wix v3 project type.

My bundle.wxs is

    <?xml version="1.0" encoding="UTF-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"
     xmlns:util="http://schemas.microsoft.com/wix/UtilExtension"
     xmlns:bal="http://schemas.microsoft.com/wix/BalExtension">

  <Bundle Name="Bundle_name"
          Version="1.0.0.0"
          Manufacturer="Producter"
          UpgradeCode="C82A383C-751A-43B8-90BF-A250F7BC2863"
          IconSourceFile="..\WpfForms\Assets\my_lovely.ico"  >

    <BootstrapperApplicationRef Id="ManagedBootstrapperApplicationHost">
      <Payload SourceFile="..\WpfForms\BootstrapperCore.config"/>
      <Payload SourceFile="..\WpfForms\bin\Debug\WpfForms.dll"/>
      <Payload SourceFile="..\WpfForms\bin\Debug\GalaSoft.MvvmLight.dll"/>
      <!--<Payload SourceFile="..\WpfForms\bin\Debug\Microsoft.Practices.ServiceLocation.dll"/>
      <Payload SourceFile="..\WpfForms\bin\Debug\Microsoft.WindowsAPICodePack.dll"/>
      <Payload SourceFile="..\WpfForms\bin\Debug\Microsoft.WindowsAPICodePack.Shell.dll"/>-->

      <Payload SourceFile="C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.ServiceProcess.dll"/>
      <Payload SourceFile="C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\.NETFramework\v4.5\System.Configuration.Install.dll"/>
      <Payload SourceFile="C:\Program Files (x86)\WiX Toolset v3.11\SDK\Microsoft.Deployment.WindowsInstaller.dll"/>
    </BootstrapperApplicationRef>

    <Chain>
      <PackageGroupRef Id='Netfx4Full'/>
      <MsiPackage SourceFile="..\WixSetupProject\bin\Debug\WixSetupProject.msi" Id="InstallationPackageId" Cache="yes" Visible="no"/>
    </Chain>
  </Bundle>

  <Fragment>
    <WixVariable Id="WixMbaPrereqPackageId" Value="Netfx4Full" />
    <WixVariable Id="WixMbaPrereqLicenseUrl" Value="NetfxLicense.rtf" />

    <util:RegistrySearch Root="HKLM" Key="SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full" Value="Version" Variable="Netfx4FullVersion" />
    <util:RegistrySearch Root="HKLM" Key="SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full" Value="Version" Variable="Netfx4x64FullVersion" Win64="yes" />

    <PackageGroup Id="Netfx4Full">
      <ExePackage Id="Netfx4Full" Cache="no" Compressed="yes" PerMachine="yes" Permanent="yes" Vital="yes" Name="DotNet_4"
                  SourceFile="../WixBootstrapper/DotNet/NDP462-KB3151800-x86-x64-AllOS-ENU.exe"
                  DownloadUrl="http://go.microsoft.com/fwlink/?LinkId=164193"
                  DetectCondition="Netfx4FullVersion AND (NOT VersionNT64 OR Netfx4x64FullVersion)" />
    </PackageGroup>
  </Fragment>
</Wix>

My problem is that the work station's antivirus configured to block any activity from temp directories and the builded installer.exe make copy of itself as "C:\Windows\Temp{74EA5B2A-DA46-4B3F-A8E9-4FCEC4B4523C}.cr\WixBootstrapper.exe" and run it by default. So it get locked by antivirus so instalation is over on start.

Do somebody know how can i prevent WiX components from create a cache or something in temp directories and set to run any nested executable and themselfs from the curent folder, not from the temp?

Kamerton
  • 315
  • 3
  • 9
  • What anti-virus is this? The system couldn't really operate without being able to write to the temp folder. Are you sure you don't have a false positive for one of your files? Maybe you can try to test your binaries on [virustotal.com](http://virustotal.com). Just zip up the binaries and upload. – Stein Åsmul Oct 25 '18 at 02:29
  • Kaspersky. It allow to write but it block any executable that have been launched from temp. May be there are some white list but all application that i compile even if they have signed by the key that allow to launch them on other machines can't be launched from temp too. – Kamerton Oct 25 '18 at 06:53
  • So it works if you disable Kaspersky temporarily? (just have to verify). Have you tested on a virtual as well? – Stein Åsmul Oct 25 '18 at 10:18
  • I don't know. I can't try this case for now. Any machine which i can use for test have this anti-virus settings. And i think installer is fine because it have started and i see it in the ProcessExplorer and i see the action of creating temporary exe with the path that i have wrote in ProcessMonitor and the kasspersky message with the _BlockFromWinTemp_ rule name right after this. – Kamerton Oct 25 '18 at 12:10

1 Answers1

0

After checking Windows's group policy settings this turned out to be an anti-virus blocking problem.

Group Policy?: Does the log contain something like this:

Error 0x800704ec: Failed to launch clean room process: "C:\WINDOWS\Temp\{AB10C981-0D7D-4AA6-857F-CC37696DB4BE}\.cr\Bundle.exe" -burn.clean.room="C:\Test\Bundle.exe" -burn.filehandle.attached=652 -burn.filehandle.self=656 -log "C:\Test\bundle.log"
Error 0x800704ec: Failed to run untrusted mode.

Or does it say something else? There is a group policy that can cause similar issues. See WiX issue 5856.

Anti-Virus Grace Period?: If you are administrator, there should be a possiblity to get a temporary grace period from your anti virus I would think. So you can perform your testing. I would give your own support desk a call first and then hit the Kaspersky user forums if unsuccessful. Perhaps you have a Kaspersky support agreement with priority support available?

False Positives: I also insist that you upload your binaries to virustotal.com to test for false positives. That you should do no matter what. Antivirus Whitelisting Pains by Bogdan Mitrache.

False positives can actually be worse than actual malware at times (so far as the malware isn't devastating) because you cannot just tell the user to rebuild their machine(s). Instead you actually have to fix the problem for them in a general sense. Not only does the user have a problem to fix, you have one as the vendor as well. How do you whitelist your product with 60+ anti-malware suites? You try virustotal.com first I think (not affiliated) - to check if you actually have such a problem.

Stein Åsmul
  • 39,960
  • 25
  • 91
  • 164
  • Thanks it is seems like the issue. I have checked the bundle with virustotal and there was no problems. I have no message in Application log by the way, but it is in the Kaspersky Event Log that tell that it had locked the temp bandle.exe. I have also tried this WixVariable's: `WixBundleExecutePackageCacheFolder`, `TempFolder`, `WixBundleOriginalSourceFolder`, `SendToFolder`; and changed the System TEMP variable without success. – Kamerton Oct 25 '18 at 13:22
  • Did you check the policy by launching `GPedit.msc` and checking the location specified in [5856](https://github.com/wixtoolset/issues/issues/5856)? `GPedit.msc` might not be available if you are on a tight SOE or a Windows Home edition. – Stein Åsmul Oct 25 '18 at 13:58
  • I did and the Software Restriction Policies location is empty on my machine. So it is anti-virus collision only. – Kamerton Oct 26 '18 at 08:43