We are using Advanced Installer to create our software installers and we have an issue with signed installers.
Some of our clients have something called whitelisting in the Windows SO and it seems that is blocking everything whitch is not signed with the whitlisted signs.
Since the installer is signed with our company sign it seems that installer is creating temporary files whitch are not signed or whitch are signed with caphyon sign whitch is also expired.
This is a log of the files whitch are modified, created or deleted during installer process. And here are the files without repeating them whith its sign issuer.
Code: Select all
C:\Windows\Installer\MSI5CBF.tmp ---> CN=Caphyon SRL, OU=SECURE APPLICATION DEVELOPMENT, O=Caphyon SRL, L=Bucuresti, S=Dolj, C=RO
C:\Windows\Installer\MSI4269.tmp ---> CN=Caphyon SRL, OU=SECURE APPLICATION DEVELOPMENT, O=Caphyon SRL, L=Bucuresti, S=Dolj, C=RO
C:\Windows\Installer\MSI5F9F.tmp ---> CN=Caphyon SRL, OU=SECURE APPLICATION DEVELOPMENT, O=Caphyon SRL, L=Bucuresti, S=Dolj, C=RO
C:\Windows\Installer\MSI6771.tmp ---> CN=Caphyon SRL, OU=SECURE APPLICATION DEVELOPMENT, O=Caphyon SRL, L=Bucuresti, S=Dolj, C=RO
C:\Windows\Installer\MSI5C32.tmp ---> CN=Caphyon SRL, OU=SECURE APPLICATION DEVELOPMENT, O=Caphyon SRL, L=Bucuresti, S=Dolj, C=RO
C:\Windows\Installer\MSI42A9.tmp --->
C:\Windows\Installer\MSI5B55.tmp --->
C:\Windows\Installer\MSI5B15.tmp --->
C:\Windows\Installer\MSI5AC6.tmp ---> CN=Caphyon SRL, OU=SECURE APPLICATION DEVELOPMENT, O=Caphyon SRL, L=Bucuresti, S=Dolj, C=RO
C:\Windows\Installer\MSI4299.tmp --->
C:\Windows\Installer\inprogressinstallinfo.ipi --->
C:\Windows\Installer\MSI5BB4.tmp ---> CN=Caphyon SRL, OU=SECURE APPLICATION DEVELOPMENT, O=Caphyon SRL, L=Bucuresti, S=Dolj, C=RO
C:\Windows\Installer\MSI5FDE.tmp --->
This is one example of our clients log during install process whitch shows the installer error
Code: Select all
Code Integrity determined that a process (\Device\HarddiskVolume5\DSCCache\Company\Installer.exe) attempted to load (\Device\HarddiskVolume5\AppData\Roaming\Company\Product\install\decoder.dll that did not meet the Enterprise signing level requirements or violated code integrity policy.