I have three Advanced Installer projects that have successfully built and deployed several versions of our software. All three installers use Custom Actions and access C# methods stored in external dll files. All three installers are built properly and run successfully on our testing and development environments. The custom actions have been called and executed successfully.
We have recent built new testing environments containing McAfee Host Intrusion Prevention for Server (HIPS). We developers have no control over configuring HIPS, and several of our clients have started using it since we deployed our last version of our software.
On the newly-created VM with HIPS, we are seeing that one of our three installers is now failing when it tries to run a custom action. The other two installers contain similar custom actions which confirm database connectivity, and the other two installers can successfully install. To clarify the situation, each installer has its own CustomAction dll containing specific logic for the installer, and each of those may reference InstallerCommon dll which contains shared methods. All three installers work on our old VMs without HIPS installed. Two of our installers work on the new VMs with HIPS.
The installer that is failing is our Database Server installer. When it calls a "TestDbConnection" custom action, we get the following lines in the log:
Code: Select all
Action start 16:23:49: TestDbConnection
MSI (c) (D4:08) [16:23:49:835]: Invoking remote custom action. DLL: C:\Users\(username)\AppData\Local\Temp\MSI570C.tmp, Entrypoint: TestDbConnection MSI (c) (D4:08) [16:23:49:835]: Cloaking enabled.
MSI (c) (D4:08) [16:23:49:835]: Attempting to enable all disabled privileges before calling Install on Server MSI (c) (D4:08) [16:23:49:835]: Connected to service for CA interface Action ended 16:23:51: TestDbConnection. Return value 3.Code: Select all
Action start 16:23:49: TestDbConnection
MSI (c) (D4:08) [15:28:14:322]: Invoking remote custom action. DLL: C:\Users\(username)\AppData\Local\Temp\MSI71CB.tmp, Entrypoint: TestDbConnection MSI (c) (D4:08) [15:28:14:322]: PROPERTY CHANGE: Modifying OverrideValidDatabaseServerCheck property. Its current value is 'false'. Its new value: 'true'
Action ended 15:42:51: TestDbConnection. Return value 1.The problem is that these custom actions all run on an environment without HIPS. On an environment with HIPS, only two of the three succeed.
The HIPS client log provides a message:
Code: Select all
Attack type: DISA McAfee - Prevent DLL files from Running in User Profile (Sig Id = 7020)Code: Select all
Event Description
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE running with the privileges of user (COMPUTERNAME)\admin on the system with Agent (COMPUTERNAME) attempted to open file/directory C:\Users\(username)\AppData\Local\Temp\2\MSI4CD6.tmp-\Microsoft.Deployment.WindowsInstaller.dll in order to:
read
executeAny insight or advice would be welcome! Thanks.