MAKEMSI quickly and reliably creates MSI files in a non-programmatic way
Have your say! Join the MAKEMSI discussion list or view archive! Suggest improvements. No question too simple or too complex.
[Bottom][Contents][Prev]: Script Alerts[Next]: Microsoft's Anti-Spyware
Have your say! Join the MAKEMSI discussion list or view archive! Suggest improvements. No question too simple or too complex.
\->Troubleshooting->Bugs, Features and Issues (NON-MAKEMSI)->Script Alerts->Norton's Malicious Script Detection

BUG: Norton's Malicious Script Detection

Norton AntiVirus has a crippled implementation of script detection and will basically indicate (with default options) that almost any script at all is malicious. If they tried the same approach with other executable files they'd be out of business but as scripts are not as common they can get away with it. It makes no attempt to exempt installers or any other scripts which must be allowed to execute from those that may have been invoked via the browser or email.

The first time you run MAKEMSI you will probably see a message similar to:

Ive been told that other versions may install with the default of automatically terminating all scripts, in this case MAKEMSI and some other Installed features will not work. Try the Diagnostic Shortcuts if you are having problems.

The above screen dump shows the authorisation of the single script in question, this will never be seen again however MAKEMSI also creates a file called "Pass1+2.vbs" and this message would be seen at least once per-MSI script.

For more information (but not much more - unfortunately) visit the symantec site, for example see the "What to do when Script Blocking alerts on a script" page.

Display a file's MD5

The "Display a file's MD5" option installs a VBSCRIPT which executes at user logon. This script (like any) will also be describes as "malicious".

VBSCRIPT CUSTOM ACTIONS

VBSCRIPTS created by the "VbsCa" command have file logging on by default. This appears to be what triggers the message, to create VBSCRIPT based custom actions which will not trigger the program you can add the following line to the top of your script (or better yet your common header file):

#define? VBSCA_LOG_TO_FILE  N

Note that some other MAKEMSI commands will create VBSCRIPTS as some of their processing, examples are the "Dialog" (script can be disabled) and "Schedule" commands.

It may in other circumstances be specific functions that trigger the message, for example the execution of external commands (unavoidable with the "Schedule" command).

MSIEXEC.EXE

Even when Norton AntiVirus knows that an installer is executing the script it will produce the script warning!

The "JsCa" and "VbsCa" commands both produce such scripts.

Malicious Script Options

It is probably best to turn off script detection altogether (at least until Norton AntiVirus "fixes" their detection issues, you can do this via an option page which will probably look similar to:

DISABLING SCRIPT CUSTOM ACTIONS

If the generated MSIs are for a company platform which does not have this issue then you probably don't care about this issue but if you are writing an MSI for wider sale/distribution you would either need to test the MSI against known virus checkers (some simple scripts are "safe" - if logging turned off as described above) or decide that you are not going to use script at all and write custom action DLLs instead.

If you really want to play it safe and prevent all generation of script based custom actions then you could add the following to the start of a common header to generate an error message when your script tries to create one (either directly or via a MAKEMSI command):

#( ''
  #define  SCRIPT_MESSAGE
  Company policy does not allow use of {$Type} custom actions.
  {NL}                      ;;special code for a newline character
  Contact Fred (03)1234-5678 for more details.
#)
#define? VBSCA_DISABLED <$SCRIPT_MESSAGE TYPE="VBSCRIPT">
#define? JSCA_DISABLED  <$SCRIPT_MESSAGE TYPE="JSCRIPT">


Microsoft awarded me an MVP (Most Valuable Professional award) in 2004, 2005, 2006, 2007, 2008 & 2009 for the Windows SDK (Windows Installer) area.Please email me any feedback, additional information or corrections.
See this page online (look for updates)

[Top][Contents][Prev]: Script Alerts[Next]: Microsoft's Anti-Spyware


MAKEMSI© is (C)opyright Dennis Bareis 2003-2008 (All rights reserved).
Saturday May 28 2022 at 3:11pm
Visit MAKEMSI's Home Page
Microsoft awarded me an MVP (Most Valuable Professional award) in 2004, 2005, 2006, 2007, 2008 & 2009 for the Windows SDK (Windows Installer) area.