Hello -
We recently received a security complaint from a valued client regarding a Chained MSI package we meticulously assembled using Advanced Installer Enterprise.
The concern raised by our client pertains to a security notification that flagged the MSI as a potential malware risk. After conducting thorough security scans and analysis, it was identified that the MSI, constructed with the assistance of Advanced Installer (AI), was making use of the Volume Shadow Copy Service (VSS).
Allow me to provide a brief overview of the Chained MSI in question:
Chained MSI Description:
Our Chained MSI, crafted using Advanced Installer, encompasses multiple MSI components. Its primary purpose revolves around a single custom action that meticulously examines the Windows Registry, specifically "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall." This custom action identifies any existing instances of the previous version of the MSI. Once located, it proceeds to gracefully uninstall the outdated version before seamlessly installing the most current iteration.
Now, you might be wondering, as we are, where exactly the Volume Shadow Copy Service comes into play within this context and why it was detected during the assessment of the MSI produced by AI.
We are committed to ensuring the security and integrity of our software solutions. To address this matter effectively, we kindly request your expertise and insights into the detection of the Volume Shadow Copy Service in relation to our MSI package. Your guidance will aid us in resolving this issue and providing our clients with a secure and reliable software experience.
Thank you for your attention to this matter, and we look forward to your valuable feedback.