PDA

View Full Version : Loop the Installed File List to see if AVAST deleted them



NewsArchive
06-06-2014, 01:18 AM
At script end I would like to check if all the DLLs and EXEs that the script
tried to install do still exist.
Is there a variable that contains a QUEUE of the files installed.

I want to do something like this mix of Clarion and SB Script:

LOOP X=1 TO RECORDS(InstalledQ)
GET(InstalledQ,X)
IF INSTRING('.DLL',InstalledQ:FileName) OR INSTRING('.EXE',InstalledQ:FileName) THEN
If %_SB_INSTALLDIR%\%OneFile% File or Folder doesn't exist Then
Set Variable %FILEGONE% to " " & %OneFile% [Append Value]
End
END
END
IF %FILEGONE% > " " THEN
Message('Installed files have disappeared. Most likely your AntiVirus deleted them.' & |
"<13,10,13,10>Disable your AntiVirus (for AVAST uninstall) then
reinstall this program.' & |
"<13,10,13,10>Missing Files: ' & %FILEGONE%)
END

Maybe I could read and parse the Install.Log but that looks a little ugly. I'm
not the script writer, I'm just helping out. There are 90 files, and the list
changes so just having 90 IF statements is not an option.

Or using #preprocessor commands could I build a list of DLLs and store them in
the Setup.EXE a variable's initial value, then parse at install time?


#2 - Fred is there a way to Paste or Import SB Script that I generate to a text file?
I ENum'd the clipboard and do not see you placing anything on it when a COPY is done.

Carl

NewsArchive
06-06-2014, 01:19 AM
I'll second the motion. Tired of AV's deleting my dlls and/or exe's...
then what's worse is people download the demo, it doesn't run or gets an
error message, and I just lost a sale. I like this idea. The Installer
integrity check has been great. People with wireless have been getting
cut off, so the install doesn't verify.. so they usually call us... I
would like to put in a message if the installer doesn't verify so they
can call us. This would be like an after install verifier.

Hope to see it.

Thanks,

Ray
VMT

--
Ray Rippey
VMT Software

NewsArchive
06-06-2014, 07:37 AM
Sure, it can be done. I can develop an example, no problem. But note that
in most cases, the AV deletes the file(s) some seconds (or even minutes)
AFTER the installer terminated. The AV thinks that your files are devil and
BANG. Sometimes the AV even deletes the file(s) at first start of your app.
So IMO, this installer site check can't help (because it will tell you that
all files are there). The best way to try to avoid it is to build a
"reputation" for your code-signing certificate and then code-sign all the
application files.

Friedrich

NewsArchive
06-06-2014, 07:37 AM
BTW, I already posted this last year and again a few days ago.

We experienced a similar avast! issue last year. Our internal automated
license registration systems worked fine and without any source code
modification for more than six (6) years. This system handles the serial
number and subscription key stuff for all SetupBuilder users worldwide and
is located in a protected folder.

One morning, we started the computer and as usual the avast! Internet
Security protection system downloaded a new virus definition update. Then
we started the license registration system (written in Clarion) and suddenly
it crashed with "This application has failed to start because yadayada.dll
was not found. Re-installing the application may fix this problem."

When we started the application !avast simply REMOVED ("false-positive") one
component from the protected folder. And of course, it did not help to
restore the file from a backup -- avast! "re-removed" the file immediately.
Adding the file to the scan exclusion list did NOT help either.

It turned out that this component (a Visual Studio written DLL) was not
code-signed. But we had a code-signed equivalent available (very same
version, code-signed a few seconds after the compile date). BINGO. That
worked fine and we were back in business. We reported the false-positive to
avast! A few days later they "fixed" it in their virus definition update.

Friedrich

NewsArchive
06-06-2014, 07:37 AM
> Sure, it can be done. I can develop an example, no problem.

^^ Is it possible ?!

We have two hedges!

Script to check if all files installed and all files have code-sign
certificate ;)

I hope this is enough!

Dirk

NewsArchive
06-06-2014, 07:38 AM
Dirk,

>> Sure, it can be done. I can develop an example, no problem.
>
> ^^ Is it possible ?!
>
> We have two hedges!
>
> Script to check if all files installed and all files have code-sign
> certificate ;)
>
> I hope this is enough!

You don't need a script to check if the files "installed". This is handled
automatically. If a file install action failed then the setup terminates
immediately because install file errors are treated as "fatal" errors.

In MOST (95%) cases the files are deleted by the AV real-time monitoring and
heuristic detection when your app is launch or when something "touches" your
files (e.g. to check a file date stamp or write permission status check).

Friedrich

NewsArchive
06-06-2014, 07:38 AM
> #2 - Fred is there a way to Paste or Import SB Script that I generate
> to a text file? I ENum'd the clipboard and do not see you placing
> anything on it when a COPY is done.

Sorry, forgot to answer this one. Select the lines in the Script Editor,
right-click and then select "Copy Text to Clipboard".

Friedrich

NewsArchive
06-09-2014, 03:36 AM
I want to take that script as text and edit it, then paste or import that back
_into_ the SB script. The way I can take a TXA edit it as text then import it
back into Clarion.

I'll get you more Avast info. What I can recall was the DLL was deleted when SB
wrote it to a temp folder. After install it was not in the install folder so SB
deleted the old one, and failed on copy from temp to live, or Avast did it all.
It can't be reproduced now as avast as fixed it. I have info at work.

In short after install the DLL was gone. I agree it more likely to be deleted
when the EXE is run.

Carl Barnes

NewsArchive
06-09-2014, 03:36 AM
Hi Carl,

> I want to take that script as text and edit it, then paste or import
> that back _into_ the SB script. The way I can take a TXA edit it as
> text then import it back into Clarion.

Aha, okay. No, this is not possible. The "script" is a complex binary
structure with more than 500 different functions and more than 3,000
properties -- it can't be edited as text.

> I'll get you more Avast info. What I can recall was the DLL was
> deleted when SB wrote it to a temp folder. After install it was
> not in the install folder so SB deleted the old one, and failed
> on copy from temp to live, or Avast did it all.

The SB install would trigger a fatal install error (with immediate
termination) in this case. By default, the file is not written to a
temporary location.

Friedrich

NewsArchive
06-09-2014, 10:30 AM
>The SB install would trigger a fatal install error (with immediate
>termination) in this case. By default, the file is not written to a
>temporary location.

I attached 2 screen caps of the recent Avast problem. The first is a window
that appears for a short time during install above the tooltray, the second is
file info from the quarantine. They are from 2 different test runs so the temp
file name is different.

The end result is the BCFUN.DLL is missing in the install folder. I'm not sure
if it was missing before, I think it was there. I think the install completed
without a fatal error.

The temp files are named "~SBhhhh" so I guessed they are written by Setup
Builder. Is there a better way that does not write to the temp folder? Avast
has fixed this, I thought it might be a simple thing to double check all the
DLL/EXE files are still there post install.

Carl

NewsArchive
06-09-2014, 10:31 AM
Hi Carl,

> The temp files are named "~SBhhhh" so I guessed they are written by
> Setup Builder. Is there a better way that does not write to the temp
> folder? Avast has fixed this, I thought it might be a simple thing
> to double check all the DLL/EXE files are still there post install.

Such a "post" check can't help to avoid AV false-positive bugs. You would
have seen a fatal install error if the file install had failed. So
"something" happened after it.

By default, SB never writes install files to a temporary folder. It
decompresses directly to the final location. An installer only writes a
file to the temporary folder if the original file is locked (in-use) during
the installation process. It copies the file into the temporary folder and
asks for a reboot at the end of the installation. Windows replaces the
file(s) at next reboot.

There is a new interesting (not SB related) thread in comp.lang.clarion.
This is a typical false-positive behavior. The app starts (all DLLs are
still there), the AV real-time "protection" does its work and removes the
libraries.

Friedrich