cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
manomatt
Level 8

powershell custom action is logging sensitive information MSI

Hi All,

From an MSI project , I am using a powershell custom action, stored in binaryTable in a deferred execution. I was able to hide the sensitive information being passed to the customaction successfully. But the issue is with the installshield, having its clr log at the same time.. which ends up exposing the sensitive information like in this sample

 

 

InstallShield: Attempting to load through CLR 4 APIs...
InstallShield: Getting meta host...
InstallShield: Enumerating available runtimes...
InstallShield: Highest available runtime: v4.0.30319
InstallShield: Trying to use highest runtime...
InstallShield: Using highest version runtime...
InstallShield: Ignoring CustomActionData substring "<sensitive info>"
InstallShield: Deferred action requested property MsiHiddenProperties not provided by CustomActionData
InstallShield: Deferred property "<sensitive info>"
InstallShield: Loading assembly ClrPsHelper from resource 4097
InstallShield: Calling method with parameters [(System.UInt32)149....

 

 

how to stop the IS from exposing this?

 

thanks in advance

Labels (1)
0 Kudos
(10) Replies
Jenifer
Flexera Alumni

Hi @manomatt ,

How are you passing information custom action? May be you can write in steps to get more clarity!!Attach complete log file as well.

Thanks,

Jenifer

0 Kudos

hi @Jenifer 

I am using customactiondata property to pass the property values into the deferred CA. Inorder to hide sensitive information showing up in logs i added the property value to MsiHiddenProperty also updated the CA type to 8192 as mentioned in here

my CA is successful in hiding the property, but from the installshields some custom logging that gets into the log file which is exposing the passed in value as show below

MSI (s) (B0:64) [06:50:03:945]: Executing op: CustomActionSchedule(Action=testLogging,ActionType=11265,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) (B0:60) [06:50:03:945]: Invoking remote custom action. DLL: C:\windows\Installer\MSI912C.tmp, Entrypoint: m5
MSI (s) (B0:5C) [06:50:03:945]: Generating random cookie.
MSI (s) (B0:5C) [06:50:03:960]: Created Custom Action Server with PID 336 (0x150).
MSI (s) (B0:B8) [06:50:03:976]: Running as a service.
MSI (s) (B0:B8) [06:50:03:976]: Hello, I'm your 64bit Elevated Non-remapped custom action server.
InstallShield: Attempting to load through CLR 4 APIs...
InstallShield: Getting meta host...
InstallShield: Enumerating available runtimes...
InstallShield: Highest available runtime: v4.0.30319
InstallShield: Trying to use highest runtime...
InstallShield: Using highest version runtime...
InstallShield: Ignoring CustomActionData substring "1"
InstallShield: Deferred action requested property MsiHiddenProperties not provided by CustomActionData
InstallShield: Deferred property iiswebsitename="Default"
InstallShield: Loading assembly ClrPsHelper from resource 4097
InstallShield: Calling method with parameters [(System.UInt32)1604, (System.String)C:\Users\installshieldadmin\AppData\Local\Temp\3a142f39-62c8-41d2-b7e1-e5beb3d14a31\logger.ps1]
PowerShell wrapper: Ignoring CustomActionData substring "1"
PowerShell wrapper: Deferred action requested property MsiHiddenProperties not provided by CustomActionData
PowerShell wrapper: Deferred property iiswebsitename="Default"
PowerShell wrapper: this is a test CA

 

attached logs from my sample test where the CA is testLogging

 

 

0 Kudos

Hi @Jenifer,
Any update on this bug?? Please let us know.
Thanks in advance.
0 Kudos

hi @Jenifer 

Any update or workaround for this issue? Please let me know.

Thankyou.

0 Kudos
rufus_smith
Level 2

Hello,

We have found the same problem. We have a Powershell Custom Action, stored in BinaryTable modifying system information and therefore running in Deferred Mode in System Context. The Custom Action Hidden Target option is set and the property is included in the msiHiddenProperties table. This log snippet shows that the data is hidden by MSI (line 1) but InstallShield outputs the sensistive data twice, once with its own logging and once with the Powershell wrapper:
.
.
.
(Action=CAInstallEdefice_BOLCOMPlusPS,ActionType=11265,Source=BinaryData,Target=**********,CustomActionData=**********)
MSI (s) (10:C4) [15:53:38:787]: Invoking remote custom action. DLL: C:\Windows\Installer\MSIC8C7.tmp, Entrypoint: m5
InstallShield: Attempting to load through CLR 4 APIs...
InstallShield: Getting meta host...
InstallShield: Enumerating available runtimes...
InstallShield: Highest available runtime: v4.0.30319
InstallShield: Trying to use highest runtime...
InstallShield: Using highest version runtime...
InstallShield: Ignoring CustomActionData substring "<SENSITIVE DATA HERE>"
InstallShield: Deferred action requested property MsiHiddenProperties not provided by CustomActionData
InstallShield: Loading assembly ClrPsHelper from resource 4097
InstallShield: Calling method with parameters [(System.UInt32)2067, (System.String)C:\Users\Administrator\AppData\Local\Temp\eb3eab50-f218-4536-a8e2-36f124d4a5fc\CATEST.ps1]
PowerShell wrapper: Ignoring CustomActionData substring "<SENSITIVE DATA HERE>"
PowerShell wrapper: Deferred action requested property MsiHiddenProperties not provided by CustomActionData
PowerShell wrapper: CATEST - checkpoint
InstallShield: Loading Assembly Microsoft.PowerShell.Commands.Management.resources
.
.
.

Is there any movement on this? Is there a setting to disable the InstallShiels logging?

Thanks.

0 Kudos

Hi @manomatt  / @rufus_smith,

Thank you for your post.

Please accept our apologies for the delayed response.

The MsiHiddenProperties (see the documentation at this link: https://docs.microsoft.com/en-us/windows/win32/msi/msihiddenproperties) private MSI property is not available during deferred execution, so its value needs to be passed via CustomActionData to skip the logging for the entries defined in the MsiHiddenProperties property.

You could try the following steps:

1. Change the property value of the SetProp<PowerShellCustomActionName> set property custom action to the following:

MsiHiddenProperties="[MsiHiddenProperties]" <PowerShellCustomActionName>="[PROPERTY1];[PROPERTY2];[INSTALLDIR];[PROPERTY3];[UILevel]"

where <PowerShellCustomActionName> is the name of the deferred PowerShell custom action with data that you are trying to prevent from being captured in plain, clear text in the verbose MSI log.

2. Change the PowerShell script to the following to access the data required from the deferred property passed above:

$CustomActionData = get-property -name <PowerShellCustomActionName>
[System.Windows.Forms.MessageBox]::Show($CustomActionData)

where <PowerShellCustomActionName> is the name of the deferred PowerShell custom action with data that you are trying to prevent from being captured in plain, clear text in the verbose MSI log.

Please give these suggestions a try. Do they work for you?

Please let us know if you have any questions or concerns. Thanks!

0 Kudos

Hi Ian,

It did not work for me. The log output still shows me the sensitive data in plain text.

Can you please share a sample ism with your settings defined. I am using InstallShield 2020 R2 version.

0 Kudos

hi @Revenera_Ian ... i got it to work now.

One more action was needed, the Custom Action name needs to be added to the MsiHiddenProperties. 

ps: while doing it I noticed that if there are multiple customactions that needs to be added to the MsiHiddenProperties, in the installation log the masking of the sensitive information is happening for the first customaction alone. A little digging on the issue found that the customaction Type was not getting changed in the CustomAction Table. So I had to manually add 8192 on to the existing value for it to make it hidden (custom-action-hidden-target-option)

Hope this helps 

 

 

0 Kudos

hi @manomatt ... thank you for your update and the additional information.

0 Kudos
carolon
Level 3

Hi All, From an MSI project , I am using a powershell custom action, stored in binaryTable in a deferred execution.

0 Kudos