Hi

I'm having problems at one site starting the server.  

I'm trying to start it as a program, not as a service, because I want desktop interaction.  There have been comments in these newsgroups about not using the interactive option on a service.

When starting as a program I get the Windows 10 warning screen "Do you want to allow this app...?"

This is not a serious problem as the user can just click through the message when running from the menu.  But it is a problem if it is started from the "Startup" menu.  The server never gets started.

This doesn't happen on my own machine Windows 10, nor on my colleague's, but it does for one user.  

The server is the binary that comes straight from Elevate v2.18.0.4.  - initially found the problem with a renamed copy but the original has the same problem.  This user is also on Windows 10 and has been running OK for some months.

Much Googling and I found the info below:-

======================
You are almost certainly hitting a Windows Installer Detection Technology compatibility heuristic. Windows will try to detect when an application is an installer, and probably needs to be elevated.

Installer Detection only applies to:

32 bit executables

Applications without a requestedExecutionLevel

Interactive processes running as a Standard User with LUA enabled

Before a 32 bit process is created, the following attributes are checked to determine whether it is an installer:

Filename includes keywords like "install," "setup," "update," etc.
Keywords in the following Versioning Resource fields: Vendor, Company Name, Product Name, File Description, Original Filename, Internal Name, and Export Name.
Keywords in the side-by-side manifest embedded in the executable.
Keywords in specific StringTable entries linked in the executable.
Key attributes in the RC data linked in the executable.
Targeted sequences of bytes within the executable.
======================

Has anyone else hit this problem?

Cheers

Jeff

Jeff,

<< This doesn't happen on my own machine Windows 10, nor on my colleague's, but it does for one user.  >>

It can't be the installer detection heuristics in Windows.  If that was the case, then *everyone* would be seeing the issue.

I would download the process monitor utility from SysInternals/Microsoft and see what's happening with that process launch:

https://technet.microsoft.com/en-us/sysinternals/processmonitor

Tim Young
Elevate Software
www.elevatesoft.com

On 20/08/2016 2:03 AM, Tim Young [Elevate Software] wrote:
>
> I would download the process monitor utility from SysInternals/Microsoft and see what's happening with that process launch:
>
> https://technet.microsoft.com/en-us/sysinternals/processmonitor

Thanks Tim.  We'll chase that along and report back here if we get
something of general interest.

Cheers

Jeff

Windows 10 - SIGN EXE's with sha256 - EWB is only signed sha1

You can sign with both - see:

https://www.finalbuilder.com/resources/blogs/postid/742/code-signing-changes-for-2016


I think you can disable in prompt - See "Windows 10 Smart Screen" to disable prompt if you want too.


Walter

Walter,

<< Windows 10 - SIGN EXE's with sha256 - EWB is only signed sha1 >>

We have an SHA256 code signing certificate, so I just need to check that we're actually signing the .exes with it.....nope, I need to modify this.

I'll fix this and start releasing builds with the new signatures.

Thanks,

Tim Young
Elevate Software
www.elevatesoft.com

On 26/08/2016 7:48 AM, Tim Young [Elevate Software] wrote:
>
> We have an SHA256 code signing certificate, so I just need to check that we're actually signing the .exes with it.....nope, I need to modify this.
>
> I'll fix this and start releasing builds with the new signatures.
>
Thanks Tim and Walter

I've just been reading up on code signing and now know enough to be
dangerous!

As I understand it, if we want the server to be OK on both Windows 7+
and on XP then we'll need dual signing for both SHA-1 and SHA-256.  We
have plenty of users running on old kit - including me - my test server
is on XP.

Cheers

Jeff

Jeff Cook wrote:

> I've just been reading up on code signing and now know enough to be
> dangerous!

Some good info on the Inno setup newsgroup - plenty to get dangerous
with anyway. 8-)

--

Matthew Jones

Jeff,

<< As I understand it, if we want the server to be OK on both Windows 7+ and on XP then we'll need dual signing for both SHA-1 and SHA-256.  We have plenty of users running on old kit - including me - my test server is on XP. >>

Yes, XP SP3 and higher can do SHA-256, but anything older will still need the SHA-1 signature.

We're signing/timestamping all modules with both.

Tim Young
Elevate Software
www.elevatesoft.com