MAKEMSI quickly and reliably creates MSI files in a non-programmatic way
Have your say! Join the MAKEMSI discussion list or view archive! Suggest improvements. No question too simple or too complex.
[Bottom][Contents][Prev]: Pending Restart Bugs[Next]: Norton's Malicious Script Detection
Have your say! Join the MAKEMSI discussion list or view archive! Suggest improvements. No question too simple or too complex.
\->Troubleshooting->Bugs, Features and Issues (NON-MAKEMSI)->Script Alerts

Script Alerts

MAKEMSI uses VBSCRIPT to create or change MSIs and for many of its installed shortcuts and options.

Scripts are a reasonably common method allowing relative "morons" to easily cause problems. Most of these would be via Internet Explorer or Outlook. If the spyware tools limited testing to these execution environments then I think that would be an excellent idea.

Its execution of scripts outside of browser, mail and similar high risk environments that I have issue with. I am not convinced that this is a major problem but it probably does merit caution. Microsoft's Anti-Spyware seems like a reasonable approach while Norton's Malicious Script Detection is so over the top that I consider it a "bug".

Some tools even prompt for script execution by MSIs (custom actions), this is stupidity as it would be an extremely unlikely source of problems.

These tools have been identified:

Its been mentioned that signing script with "signtool" can prevent this issue but I couldn't get this to work for me.

SCRIPT TERMINATION

Some anti-spyware or antivirus programs including "Norton AntiVirus" have an option (sometimes turned on by default) to automatically terminate VBSCRIPT!

If turned on this will prevent MAKEMSI and some other Installed features from working correctly. They may partially work or terminate part way through. You can use the "Version Information Box" shortcut for a quick test, if it doesn't display a message box then you probably have some sort of anti-virus or antispyware (piece of cr.p) killing VBSCRIPT.

OPTIONS IF CA's Affected: Use Other Script Engines

You can use the "SUNDRY_DISALLOW_USE_OF_SCRIPT_CUSTOM_ACTIONS" macro to ensure that you don't accidently produce script action.

  1. You could use VB to produce DLL/EXE based custom actions as its very similar to script to write.

  2. The "DllCa-C" command could be used to to create C/C++ based custom actions instead.

  3. If you like the convenience of script you could use another script engines for other languages, "regina" (rexx) and "kixtart" are some examples.

    The script engine would generally have to be added as part of your package but most are not too big.

The biggest disadvantage of any approach which users EXE based custom actions is that they won't integrate well with Windows Installer (so no access to the session object and its properties etc). This may or may not be an issue. Some possible ways of passing information in or out (doing both in one script may be tricky) is via registry or INI files as these are natively suppported by Windows Installer (obviously subject to where you need to sequence the custom action).


Microsoft awarded me an MVP (Most Valuable Professional award) in 2004, 2005, 2006, 2007, 2008 & 2009 for the Windows SDK (Windows Installer) area.Please email me any feedback, additional information or corrections.
See this page online (look for updates)

[Top][Contents][Prev]: Pending Restart Bugs[Next]: Norton's Malicious Script Detection


MAKEMSI© is (C)opyright Dennis Bareis 2003-2008 (All rights reserved).
Sunday August 13 2017 at 2:39pm
Visit MAKEMSI's Home Page
Microsoft awarded me an MVP (Most Valuable Professional award) in 2004, 2005, 2006, 2007, 2008 & 2009 for the Windows SDK (Windows Installer) area.