Win 11 Smart App Control (SAC) issues with InstallShield InstallScript projects and PS Custom actions

prateek_v asked a question.

August 2, 2023 at 9:36 AM

Windows 11 has a new security functionality known as SAC - https://support.microsoft.com/en-gb/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003

InstallShield does not complies with Win11 SAC.

InstallScript projects or Projects with PowerShell Custom Actions create an intermediate unsigned .tmp file during installation/uninstallation action, and tries to execute the same.

These .tmp files have random names on each execution. They cannot be whitelisted with Microsoft SAC.

Since these InstallShield created temporary files don't have a digital signature, these cannot be trusted by Microsoft SAC as the publisher of the file cannot be verified/trusted.

We are expecting an esteemed organization like InstallShield to prioritize looking into this issue and provide a resolution to its users in a fast paced manner.

Attached images for reference.

InstallShield

rogersmot likes this.

DataAnalyzer
2 months ago
Has any progress been made with this? We recently had a report that one of our InstallShield setup programs won't work with Smart App Control because the MSI isn't digitally signed. I presume that MSI is the TMP file mentioned here because we don't bundle an MSI file in it.

Is the solution to create an MSI file that is digitally signed and skip the more advanced InstallShield interface?
Expand Post
rogersmot
11 hours ago
I'm hitting the same issue as Prateek, which is not the signed MSI issue that DataAnalyzer mentioned. Preface: My installer (Basic MSI) is pretty straightforward but makes heavy use of InstallScript. All of my install files, including the msi, mst, and exe files are all digitally signed.

Here is what I've observed:
Launch my setup.exe which explodes my .msi and other files into a temporary directory
During runtime of my installer, InstallShield will create temporary files, e.g. MSIE9FC.tmp, when it needs to execute InstallScript
I analyzed these .tmp files (I quickly copied them out before the automatically disappeared) and they're just DLLs, but they are NOT renamed DLLs. It's like InstallShield creates them on the fly by stitching together other files.
These .tmp files (e.g. MSIE9FC.tmp) are unsigned which makes sense since they are created on-the-fly.
Windows SAC will **sometimes** block loading these .tmp files causing this popup:
I do not know why SAC sometimes blocks this, but sometimes allows it.

I'm not too sure how to proceed. Are Prateek and I the only ones hitting this problem?

Expand Post

Related Questions

Nothing found

Are you sure you want to cancel the case creation?

Case closed successfully

Action performed successfully

Upload Attachment

Maximum file size allowed is 3 MB.

File type not supported.

Supported file types:

Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to close this case

Get Hotline support

Products	Region	Phone Numbers
FlexNet Operations FlexNet Embedded FlexNet Publisher FlexNet Connect FlexNet Code Insight InstallAnywhere InstallShield	North America *	+1 630-332-2513 (toll) +1 877-279-2853 (toll-free in North America)
	Europe *	+44 1925 944367 (toll) +44 800 047 8642 (toll-free in Europe)
	Japan *	+81 3-4540-5335 (select option 2)
	Australia *	+61 3 9895 2177 +61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics) Compliance Intelligence	Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.

Related Questions

Trending Articles

Please wait...

Case id: 00001065