[wix-users] Code Integrity validation triggered at firewall.dll and winca.dll

Bob Arnson bob at firegiant.com
Wed May 27 06:22:12 PDT 2020


If you got them from https://github.com/wixtoolset, they're signed.

-----Original Message-----
From: wix-users <wix-users-bounces at lists.wixtoolset.org> On Behalf Of Edwin Castro via wix-users
Sent: Wednesday, 27 May, 2020 00:33
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Cc: Edwin Castro <egcastr at gmail.com>
Subject: Re: [wix-users] Code Integrity validation triggered at firewall.dll and winca.dll

There is no NugGet for WiX v3 but I'm fairly certain the native ca dlls are not signed.

I've decomposed the cab and wixlib for the extension dlls and was able to confirm the ca dlls were not signed. Going off memory but I think I found their version numbers to be older than I expected.

I had not gotten around to filing a bug yet. I'll see about doing that tonight or tomorrow.

--
Edwin G. Castro

On Tue, May 26, 2020, 21:21 Rob Mensching via wix-users < wix-users at lists.wixtoolset.org> wrote:

> There is no NuGet for WiX v3.
>
> ---
> Short replies here. Complete answers here:
> https://www.firegiant.com/services/
>
> -----Original Message-----
> From: Masato Maeda <Masato.Maeda at microsoft.com>
> Sent: Tuesday, May 26, 2020 8:58 PM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Cc: Rob Mensching <rob at firegiant.com>
> Subject: RE: Code Integrity validation triggered at firewall.dll and 
> winca.dll
>
> Nuget package is code signed but individual content of nuget such as 
> EXEs and DLLs look like not code signed.
> If a file is code signed, it should show "Digital Signatures" tab at 
> properties view of the file. For example, firewall.dll and winca.dll 
> are not code signed.
>
> Thanks,
> Masato
>
> -----Original Message-----
> From: wix-users <wix-users-bounces at lists.wixtoolset.org> On Behalf Of 
> Rob Mensching via wix-users
> Sent: Tuesday, May 26, 2020 8:17 PM
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Cc: Rob Mensching <rob at firegiant.com>
> Subject: [EXTERNAL] Re: [wix-users] Code Integrity validation 
> triggered at firewall.dll and winca.dll
>
> Those files are signed in WiX v3.11.2
>
> ---
> Short replies here. Complete answers here:
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> firegiant.com%2Fservices%2F&data=02%7C01%7CMasato.Maeda%40microsof
> t.com%7C45b4e6df42f44ff5033508d801ec6c8b%7C72f988bf86f141af91ab2d7cd01
> 1db47%7C1%7C0%7C637261462231359029&sdata=8St%2FaHYta9%2BjV7uQ8vnPm
> zWhcYgYRTAq2OIuKWndfaA%3D&reserved=0
>
> -----Original Message-----
> From: wix-users <wix-users-bounces at lists.wixtoolset.org> On Behalf Of 
> Masato Maeda via wix-users
> Sent: Tuesday, May 26, 2020 8:14 PM
> To: wix-users at lists.wixtoolset.org
> Cc: Masato Maeda <Masato.Maeda at microsoft.com>
> Subject: [wix-users] Code Integrity validation triggered at 
> firewall.dll and winca.dll
>
> Hi,
>
> Our team is using Wix Toolset to build MSI. There is high security 
> Microsoft Windows environment with enhanced Code Integrity policy. All 
> deploying binaries must be code signed. This includes temporary DLL 
> that runs during custom action execution. I have signed 
> CustomActionLibrary before and after run MakeSfxCA.exe. But native 
> extension libraries caused integrity error such as firewall.dll and 
> winca.dll. Is there a way to repack them after digitally signed?
>
> Thanks,
> Masato
>
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.f
> iregiant.com%2F&data=02%7C01%7CMasato.Maeda%40microsoft.com%7C45b4
> e6df42f44ff5033508d801ec6c8b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C
> 0%7C637261462231359029&sdata=QtczUva0IxNBpnhyglNAasY5dRI4fEAkC8HWP
> %2BfWdHg%3D&reserved=0
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> https://nam06.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.f
> iregiant.com%2F&data=02%7C01%7CMasato.Maeda%40microsoft.com%7C45b4
> e6df42f44ff5033508d801ec6c8b%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C
> 0%7C637261462231369025&sdata=mX2fxT%2F11vsHHT1P0A0PcI9Bk27P6tHgJKQ
> jFzTgUME%3D&reserved=0
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/



More information about the wix-users mailing list