[wix-users] Virus Popup "SONAR.SuspPgDataRun" when install Burn from shared directory

John Cooper JoCooper at jackhenry.com
Thu Sep 24 07:54:37 PDT 2015


The latest versions of signtool.exe have a flag, primarily used for building APPX packages, that allows changing the default SHA1 for signatures.  See the /fd switch on supported versions.

--
John Merryweather Cooper
Senior Software Engineer | Integration Development Group | Enterprise Notification Service
Jack Henry & Associates, Inc.® | Lenexa, KS  66214 | Ext:  431050 |JoCooper at jackhenry.com



-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Phill Hogland
Sent: Thursday, September 24, 2015 7:31 AM
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Virus Popup "SONAR.SuspPgDataRun" when install Burn from shared directory

The e-mail below is from an external source.  Please do not open attachments or click links from an unknown or suspicious origin.

The basics are here:
http://wixtoolset.org/documentation/manual/v3/overview/insignia.html

The flags for signtool.exe depend on the type of certificate, where the certificate is stored, and whether it is being timestamped (recommended), so each implementation may be a little different.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Mrugesh Patel
Sent: Thursday, September 24, 2015 6:42 AM
To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Virus Popup "SONAR.SuspPgDataRun" when install Burn from shared directory

Thanks for your reply.

The bootstrapper doesn't signed with certificate. How can I signed bootstrapper? Is there any good article for that?

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Tobias S
Sent: Thursday, September 24, 2015 4:42 PM
To: WiX Toolset Users Mailing List
Subject: Re: [wix-users] Virus Popup "SONAR.SuspPgDataRun" when install Burn from shared directory

Several ideas around that:
- In such cases I always recommend our customers:
  a) Never run installer from network. Copy them locally
  b) Switch off all Firewalls + AntiVirs during install and reactivate them again afterwards
- A correctly configured AntiVir should btw be able to detect the WiX Bootstrapper engine in that case. Otherwise consider to send that stripped WiX Bootstrapper package test.exe to the antivir resp. firewall vendor.
Burn Packages become more and more popular and so AntiVir and Firewall Vendors should definitely be able to handle such pacages correctly.
- Is the bootstrapper signed with a certificate? This also should help to reduce the risk of a false positive for other Burn packages

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/


____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

NOTICE: This electronic mail message and any files transmitted with it are intended
exclusively for the individual or entity to which it is addressed. The message, 
together with any attachment, may contain confidential and/or privileged information.
Any unauthorized review, use, printing, saving, copying, disclosure or distribution 
is strictly prohibited. If you have received this message in error, please 
immediately advise the sender by reply email and delete all copies.



More information about the wix-users mailing list