This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Superfreak3
Level 11
‎Aug 25, 2023 11:51 AM

Custom Action Utilities Flagged By Windows Defender...

Jump to solution

Hi all,

This is really a two-part question.  First, why are some custom actions reported by the actual .exe or .dll name for some actions and MIS*.tmp for others?  Is that governed by the actual Custom Action type or something to that effect?  Or if some are support files and some are pulled from the Binary table, would that do it?

Secondly, and the main question...  What do you do for actions being flagged by Windows Defender?  Besides whitelisting, will signing those executables help?

With the MSI*.tmp actions/executables, will signing the actual .exe/.dll being called and referenced as .tmp in the log help?

We're starting to see more and more issues with Defender lately.

Thanks for any info you can provide.

 

Labels (1)
Labels
0 Kudos
(1) Solution
Locil95
Level 3
In response to Superfreak3
‎Oct 19, 2023 06:13 AM

Jump to solution

Basically yeah. I just to the default build in visual studio, then I handle everything in the post-build event.

My post build looks like this:
del /f "$(TargetDir)$(TargetName).CA.dll"
signtool HowEverYouDoYourSigningHere "$(TargetPath)"
nuget install WixToolset.Dtf.CustomAction -OutputDirectory $(ProjectDir)obj\.nuget\
$(ProjectDir)obj\.nuget\WixToolset.Dtf.CustomAction.4.0.2\tools\WixToolset.Dtf.MakeSfxCA.exe "$(TargetDir)$(TargetName).CA.dll" "$(ProjectDir)obj\.nuget\WixToolset.Dtf.CustomAction.4.0.2\tools\x86\SfxCA.dll" "$(TargetPath)" "$(TargetDir)CustomAction.config" "$(TargetDir)WixToolset.Dtf.WindowsInstaller.dll"
signtool HowEverYouDoYourSigningHere "$(TargetDir)$(TargetName).CA.dll"

1. delete the bad CA with the unsigned .dll
2. sign the CustomAction.dll
3. install WixCustomAction from nuget (to make the project more dynamic)
4. Build the CA.dll with the signed CustomAction.dll (this line will break incase WixToolset.CustomAction updates to a newer version, as the path is hardcoded. I honestly didn't care if that's the only thing I have to change in the future)
5. lastly I sign the rebuilt CA.dll file. To answer your question, yes I think you have to sign this aswell. I think I saw defender fail at it a few times when I tested before I signed it.

View solution in original post

(22) Replies
Superfreak3
Level 11
In response to Superfreak3
‎Dec 14, 2023 10:03 AM

Jump to solution

SCRATCH THAT!  In my haste to test, I didn't change the function name when I rebuilt the project for v4!!  Whew!  at any rate!  All seems to be working.  I checked the .dll in the temp area during install ant it is signed!!

Thanks so much @Locil95 for the info!!

0 Kudos
Locil95
Level 3
In response to Superfreak3
‎Dec 15, 2023 01:46 AM

Jump to solution

Perfect, I'm glad it worked out 👍
It's a total shame WiX doesn't support this with CustomActions. It's a total flaw if you ask me.