On fresh Install of signed installer, .msi in %TEMP%\mia# has invalid certificate

Got a problem you cannot solve? Try here.
BartWilson
Posts: 30
Joined: Mon Mar 01, 2021 9:01 am

On fresh Install of signed installer, .msi in %TEMP%\mia# has invalid certificate

Postby BartWilson » Wed Aug 17, 2022 9:52 am

So I've had a report of a customer not being able to install our product given their cyber security app is not letting any .msi that doesn't have a valid certificate go through. Through some investigation, we've found that after launching the signed .exe of the Installer, it extracts content to the C:\ProgramData directory that contains a .exe, .msi, and mia.lib files that all have valid certificates. However in either the %TEMP%\mia1 or %TEMP%\mia2 directories there a .msi with the same file name as the .msi in the ProgramData directory that has an invalid certificate.
When doing a fresh install, is the extraction of things into %TEMP% modifying the contents of the file such that the certificate no longer lines up?

I say fresh install as if I run the repair/modify/uninstall for the product, the newly extracted .msi file in %TEMP% has a valid certificate. I'm trying to understand what the fresh install is doing here to trash the certificate on the .msi in the temp directory.

FrancescoT
Site Admin
Posts: 5360
Joined: Sun Aug 22, 2010 4:28 am

Re: On fresh Install of signed installer, .msi in %TEMP%\mia# has invalid certificate

Postby FrancescoT » Wed Aug 31, 2022 3:12 am

The setup extraction process just copies the setup files into the LOCAL TEMP directory. This process doesn't modify or alter the copied files. There is no reason to alter such files

It might be more than likely that their cybersecurity app is responsible for such file alteration.
Typically Third-party antivirus can alter files while they are being downloaded or extracted.

Hope this helps you.
Francesco Toscano
InstallAware Software

White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE

BartWilson
Posts: 30
Joined: Mon Mar 01, 2021 9:01 am

Re: On fresh Install of signed installer, .msi in %TEMP%\mia# has invalid certificate

Postby BartWilson » Thu Sep 01, 2022 4:58 pm

So I've seen this file not have a valid certificate on a system without any cybersecurity installation.

Is this .msi part of the overall build such that it could exist to sign at the Post-Build step of the overall Build run? We already sign the .msi at the Pre-Compress step but this file seems to have different contents then that .msi.

I feel like there are 3+ msi files that can come from doing an InstallAware project build to create an .exe.

BartWilson
Posts: 30
Joined: Mon Mar 01, 2021 9:01 am

Re: On fresh Install of signed installer, .msi in %TEMP%\mia# has invalid certificate

Postby BartWilson » Thu Oct 06, 2022 12:13 pm

FrancescoT wrote:The setup extraction process just copies the setup files into the LOCAL TEMP directory. This process doesn't modify or alter the copied files. There is no reason to alter such files

It might be more than likely that their cybersecurity app is responsible for such file alteration.
Typically Third-party antivirus can alter files while they are being downloaded or extracted.

Hope this helps you.


So this doesn't seem to make sense here as I run our Installer to where it is asking for the acceptance of the end user license agreement in which checking the file things seem fine:
license_agreement.jpg
license_agreement.jpg (82.09 KiB) Viewed 3757 times

Then once I start the installation the file actually gets a new timestamp and the certificate goes from OK to invalid:
during_install.jpg
during_install.jpg (82.47 KiB) Viewed 3757 times


Something is modifying this .msi file during the installation and corrupting the certificate which then keeps this from being installed on a system with tighter security.

FrancescoT
Site Admin
Posts: 5360
Joined: Sun Aug 22, 2010 4:28 am

Re: On fresh Install of signed installer, .msi in %TEMP%\mia# has invalid certificate

Postby FrancescoT » Wed Oct 12, 2022 9:52 am

Let me check if I can replicate the same.
Francesco Toscano
InstallAware Software

White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE

FrancescoT
Site Admin
Posts: 5360
Joined: Sun Aug 22, 2010 4:28 am

Re: On fresh Install of signed installer, .msi in %TEMP%\mia# has invalid certificate

Postby FrancescoT » Mon Oct 17, 2022 5:41 am

I cannot replicate any problem.
The digital signature of the msi package stored in local TEMP directory is ok ... as espected.

I run my test using a CLEAN MACHINE and where EXCLUSIVELY the OS is installed (no additional software or AV).
sign_test2.png
sign_test2.png (246.59 KiB) Viewed 3695 times

As I prevoisly said;
The setup extraction process just copies the setup files into the LOCAL TEMP directory. This process doesn't modify or alter the copied files. There is no reason to alter such files.

It might be more than likely that their cybersecurity app is responsible for such file alteration.
Typically Third-party antivirus can alter files while they are being downloaded or extracted.
Francesco Toscano
InstallAware Software

White Papers (HowTos) - http://www.installaware.com/publication ... papers.htm
Publications - http://www.installaware.com/publications-review.htm
InstallAware Help -F1 anywhere in the InstallAware IDE

BartWilson
Posts: 30
Joined: Mon Mar 01, 2021 9:01 am

Re: On fresh Install of signed installer, .msi in %TEMP%\mia# has invalid certificate

Postby BartWilson » Tue Oct 18, 2022 12:59 pm

Fransesco, this doesn't make sense again as I can run our installers on a machine without any antivirus software and can watch the timestamp switch immediately after I click on the button that actually starts the file installation.

In your reproduction did you create an installer that possibly has a checkbox to accept a readme/license and/or a directory installation? I find that if I haven't clicked continue from the readme/license terms or the directory location the signature is fine. But then after the installation starts on the files and even through when the "Finish" dialog is on the screen I can look at that .msi file in which it is now corrupt.

FYI, I've even created a very simple project that generates an exe installer with one file. I added our signing certificate to it and set the authenticode to do the build. This simple project does the same behavior during the installation.

There is nothing in our msicode that I can see that would touch that file during an installation and without any antivirus installed I'm a bit confused here.
Note the data modified on the .msi in temp and the fact I'm at the select folder:
Before_Install.jpg
Before_Install.jpg (79.12 KiB) Viewed 3681 times

Then after clicking "Next>" the date modified changes:
During_Install_files.jpg
During_Install_files.jpg (80.53 KiB) Viewed 3681 times


Return to “Technical Support”

Who is online

Users browsing this forum: Google [Bot], Majestic-12 [Bot] and 32 guests