hi @Jenifer 

I am using customactiondata property to pass the property values into the deferred CA. Inorder to hide sensitive information showing up in logs i added the property value to MsiHiddenProperty also updated the CA type to 8192 as mentioned in here

my CA is successful in hiding the property, but from the installshields some custom logging that gets into the log file which is exposing the passed in value as show below

MSI (s) (B0:64) [06:50:03:945]: Executing op: CustomActionSchedule(Action=testLogging,ActionType=11265,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) (B0:60) [06:50:03:945]: Invoking remote custom action. DLL: C:\windows\Installer\MSI912C.tmp, Entrypoint: m5
MSI (s) (B0:5C) [06:50:03:945]: Generating random cookie.
MSI (s) (B0:5C) [06:50:03:960]: Created Custom Action Server with PID 336 (0x150).
MSI (s) (B0:B8) [06:50:03:976]: Running as a service.
MSI (s) (B0:B8) [06:50:03:976]: Hello, I'm your 64bit Elevated Non-remapped custom action server.
InstallShield: Attempting to load through CLR 4 APIs...
InstallShield: Getting meta host...
InstallShield: Enumerating available runtimes...
InstallShield: Highest available runtime: v4.0.30319
InstallShield: Trying to use highest runtime...
InstallShield: Using highest version runtime...
InstallShield: Ignoring CustomActionData substring "1"
InstallShield: Deferred action requested property MsiHiddenProperties not provided by CustomActionData
InstallShield: Deferred property iiswebsitename="Default"
InstallShield: Loading assembly ClrPsHelper from resource 4097
InstallShield: Calling method with parameters [(System.UInt32)1604, (System.String)C:\Users\installshieldadmin\AppData\Local\Temp\3a142f39-62c8-41d2-b7e1-e5beb3d14a31\logger.ps1]
PowerShell wrapper: Ignoring CustomActionData substring "1"
PowerShell wrapper: Deferred action requested property MsiHiddenProperties not provided by CustomActionData
PowerShell wrapper: Deferred property iiswebsitename="Default"
PowerShell wrapper: this is a test CA

attached logs from my sample test where the CA is testLogging

hi @Jenifer 

Any update or workaround for this issue? Please let me know.

Thankyou.

Hi @manomatt  / @rufus_smith,

Thank you for your post.

Please accept our apologies for the delayed response.

The MsiHiddenProperties (see the documentation at this link: https://docs.microsoft.com/en-us/windows/win32/msi/msihiddenproperties) private MSI property is not available during deferred execution, so its value needs to be passed via CustomActionData to skip the logging for the entries defined in the MsiHiddenProperties property.

You could try the following steps:

1. Change the property value of the SetProp<PowerShellCustomActionName> set property custom action to the following:

MsiHiddenProperties="[MsiHiddenProperties]" <PowerShellCustomActionName>="[PROPERTY1];[PROPERTY2];[INSTALLDIR];[PROPERTY3];[UILevel]"

where <PowerShellCustomActionName> is the name of the deferred PowerShell custom action with data that you are trying to prevent from being captured in plain, clear text in the verbose MSI log.

2. Change the PowerShell script to the following to access the data required from the deferred property passed above:

$CustomActionData = get-property -name <PowerShellCustomActionName>
[System.Windows.Forms.MessageBox]::Show($CustomActionData)

where <PowerShellCustomActionName> is the name of the deferred PowerShell custom action with data that you are trying to prevent from being captured in plain, clear text in the verbose MSI log.

Please give these suggestions a try. Do they work for you?

Please let us know if you have any questions or concerns. Thanks!

Hi Ian,

It did not work for me. The log output still shows me the sensitive data in plain text.

Can you please share a sample ism with your settings defined. I am using InstallShield 2020 R2 version.

hi @Revenera_Ian ... i got it to work now.

One more action was needed, the Custom Action name needs to be added to the MsiHiddenProperties. 

ps: while doing it I noticed that if there are multiple customactions that needs to be added to the MsiHiddenProperties, in the installation log the masking of the sensitive information is happening for the first customaction alone. A little digging on the issue found that the customaction Type was not getting changed in the CustomAction Table. So I had to manually add 8192 on to the existing value for it to make it hidden (custom-action-hidden-target-option)

Hope this helps 

hi @manomatt ... thank you for your update and the additional information.