Files with double extensions are blocked by some antiviruses

Having trouble running Advanced Installer? Got a bug to report? Post it all here.
Post Reply
sdst
Posts: 1
Joined: Mon May 20, 2019 4:12 pm

Files with double extensions are blocked by some antiviruses

Post by sdst » Mon May 20, 2019 5:41 pm

Good morning,

in our IT environment we are actually having the problem that our antivirus is blocking file accesses for files with double extensions like "EXEF0CD.tmp.bat".
As far as I could deduce AdvancedInstaller is using this batch file (actually always two equal batches are created) as a "clean-up" after the installation is terminated in order to delete the extracted MSI package.
The installation process is actually working and terminating fine without errors, however the extracted MSI is not deleted (since the antivirus blocks the script) and the report of our antivirus is leading to confusion and many open tickets in our IT department.
The usage of double extensions is known as a phishing technique and therefore seen as a bad practice.

Would it be possible for you to avoid using them? Or is there a way to configure the naming used by AdvancedInstaller to avoid those double extensions?

This would be significantly helpful for us and I suppose pretty easy to implement.

Best regards,
Luca

P.s.: please forgive me if I'm in the wrong forum section, actually I was unsure if this is a feature request or a common problem

Catalin
Posts: 1214
Joined: Wed Jun 13, 2018 7:49 am

Re: Files with double extensions are blocked by some antiviruses

Post by Catalin » Tue May 21, 2019 2:22 pm

Hello Luca and welcome to Advanced Installer forums,

This may be caused by a small modification that we have made in what regards the way we create temporary cleanup files. I have forwarded this to the development team and we will try investigating this soon. Thank you for bringing this to our attention.

I will update this thread as soon as we will find a conclusive answer.
P.s.: please forgive me if I'm in the wrong forum section, actually I was unsure if this is a feature request or a common problem
Do not worry about this. It can be labelled as both.
:)

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

mbhmirc
Posts: 1
Joined: Thu May 23, 2019 9:16 am

Re: Files with double extensions are blocked by some antiviruses

Post by mbhmirc » Thu May 23, 2019 9:21 am

Hello,

Would it be possible to get an update on this as it's affecting my own development team also? Our antivirus vendor has told us we can't make exceptions in this rule so we would have to turn it off. Our security team said they won't do this as these people have email in addition to development on their machines. It's not stopping anything working but it's confusing our team also with all the virus alerts. Appreciate anything you can do!

Thank you kindly,

Mark

Catalin
Posts: 1214
Joined: Wed Jun 13, 2018 7:49 am

Re: Files with double extensions are blocked by some antiviruses

Post by Catalin » Thu May 23, 2019 9:35 am

Hello Mark and welcome to Advanced Installer forums,

Sure, I will update this thread as soon as this will be fixed. Please let me know if you also want me to notify you by e-mail as well.

P.S.: We are already working on this.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Post Reply