WiX v3.11 Burn bootstrapper install failing due to Anti-Virus scan?

5

I've recently included a bootstrapper into my solution, and I've noticed that after testing a variety of free Anti-Virus programs, both Avast and AVG seem to now cause my installation to fail, has anyone else experienced this?

My current thought is that the cause of the install failing is the CyberCapture feature in both of these products, which causes a delay in the install due to the Anti-Virus performing a 'quick'(15 or so seconds) scan of the files in the .exe multiple times - when first starting up, and then when clicking install. Could this possibly be something to do with the v3.10.2 security release to resolve the potential DLL hijacking issue?

My installer is signed properly (using insignia and signtool), but a few of the .exes and .dlls that are in the project aren't, could this also be causing it? It seems to be related to a routine scan rather than a potential threat being blocked.

Any insight into why this is happening and/or how this can be resolved would be much appreciated! I'm using WiX v3.11, and the burn chain is comprised of an exe package and an msi package. Thanks.

Attached is the install log for any additional info.

[1DF0:1DFC][2017-06-06T11:03:22]i001: Burn v3.11.0.1528, Windows v10.0 (Build 10240: Service Pack 0), path: C:\Users\NC01\AppData\Local\Temp\{53A054CB-02F6-47A4-85AF-50ABF1DDFDAF}\.cr\proj.exe
[1DF0:1DFC][2017-06-06T11:03:22]i000: Initializing numeric variable 'ACCEPTEULA' to value '0'
[1DF0:1DFC][2017-06-06T11:03:22]i009: Command Line: '-burn.clean.room=C:\Users\NC01\Desktop\proj.exe -burn.filehandle.attached=392 -burn.filehandle.self=404 -log C:\Users\NC01\Desktop\installLog.log'
[1DF0:1DFC][2017-06-06T11:03:22]i000: Setting string variable 'WixBundleOriginalSource' to value 'C:\Users\NC01\Desktop\proj.exe'
[1DF0:1DFC][2017-06-06T11:03:22]i000: Setting string variable 'WixBundleOriginalSourceFolder' to value 'C:\Users\NC01\Desktop\'
[1DF0:1DFC][2017-06-06T11:03:22]i000: Setting string variable 'WixBundleLog' to value 'C:\Users\NC01\Desktop\installLog.log'
[1DF0:1884][2017-06-06T11:03:22]e000: Error 0x80070057: Failed to load splash screen bitmap.
[1DF0:1884][2017-06-06T11:03:22]e000: Error 0x80070057: Failed to load splash screen.
[1DF0:1DFC][2017-06-06T11:03:22]i000: Setting string variable 'WixBundleName' to value 'ProjectName'
[1DF0:1DFC][2017-06-06T11:03:22]i000: Setting string variable 'WixBundleManufacturer' to value 'CompanyName'
[1DF0:0764][2017-06-06T11:03:22]i000: Setting numeric variable 'WixStdBALanguageId' to value 1033
[1DF0:0764][2017-06-06T11:03:22]i000: Setting version variable 'WixBundleFileVersion' to value '4.0.0.632'
[1DF0:1DFC][2017-06-06T11:03:22]i100: Detect begin, 2 packages
[1DF0:1DFC][2017-06-06T11:03:22]i101: Detected package: CleanupToolExe, state: Absent, cached: None
[1DF0:1DFC][2017-06-06T11:03:22]i101: Detected package: projMsi, state: Absent, cached: None
[1DF0:1DFC][2017-06-06T11:03:22]i199: Detect complete, result: 0x0
[1DF0:0764][2017-06-06T11:03:24]i000: Setting numeric variable 'EulaAcceptCheckbox' to value 0
[1DF0:1DFC][2017-06-06T11:03:24]i200: Plan begin, 2 packages, action: Install
[1DF0:1DFC][2017-06-06T11:03:24]w321: Skipping dependency registration on package with no dependency providers: CleanupToolExe
[1DF0:1DFC][2017-06-06T11:03:24]i000: Setting string variable 'WixBundleLog_CleanupToolExe' to value 'C:\Users\NC01\Desktop\installLog_000_CleanupToolExe.log'
[1DF0:1DFC][2017-06-06T11:03:24]i000: Setting string variable 'WixBundleRollbackLog_CleanupToolExe' to value 'C:\Users\NC01\Desktop\installLog_000_CleanupToolExe_rollback.log'
[1DF0:1DFC][2017-06-06T11:03:24]i000: Setting string variable 'WixBundleRollbackLog_projMsi' to value 'C:\Users\NC01\Desktop\installLog_001_projMsi_rollback.log'
[1DF0:1DFC][2017-06-06T11:03:24]i000: Setting string variable 'WixBundleLog_projMsi' to value 'C:\Users\NC01\Desktop\installLog_001_projMsi.log'
[1DF0:1DFC][2017-06-06T11:03:24]i201: Planned package: CleanupToolExe, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: None
[1DF0:1DFC][2017-06-06T11:03:24]i201: Planned package: projMsi, state: Absent, default requested: Present, ba requested: Present, execute: Install, rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
[1DF0:1DFC][2017-06-06T11:03:24]i299: Plan complete, result: 0x0
[1DF0:1DFC][2017-06-06T11:03:24]i300: Apply begin
[1DF0:1DFC][2017-06-06T11:03:24]i010: Launching elevated engine process.
[1DF0:1DFC][2017-06-06T11:03:53]i011: Launched elevated engine process.
[1DF0:1DFC][2017-06-06T11:03:53]e000: Error 0x800700e8: Failed to wait for child to connect to pipe.
[1DF0:1DFC][2017-06-06T11:03:53]e000: Error 0x800700e8: Failed to connect to elevated child process.
[1DF0:1DFC][2017-06-06T11:03:53]e000: Error 0x800700e8: Failed to actually elevate.
[1DF0:1DFC][2017-06-06T11:03:53]e000: Error 0x800700e8: Failed to elevate.
[1DF0:1DFC][2017-06-06T11:03:53]i399: Apply complete, result: 0x800700e8, restart: None, ba requested restart:  No
[1DF0:1DFC][2017-06-06T11:27:14]i500: Shutting down, exit code: 0xe8

Update: Unfortunately the only solution here seems to be submitting a fully signed (including insignia) build to be added to the Avast! and AVG whitelist, and then waiting until it has been added in an update.

wix
bootstrapper
burn
wix3.11
asked on Stack Overflow Jun 8, 2017 by kgyts • edited Jul 17, 2017 by kgyts

1 Answer

1

I have the same issue here, Avast CyberSecurity and Deepscan both block our burn executable. I signed the exe, the engine, used insignia with an official code signing cert. The MSI is signed and the application executable is signed.

Without burn the MSI runs fine tho. It is the most simple burn template, perhaps a custom BA will work different. Else I just might write an own executable around the MSI :)

answered on Stack Overflow Jul 13, 2017 by rfcdejong

User contributions licensed under CC BY-SA 3.0