Sign the .tmp file that gets dropped when installing or updating Sandboxie Plus #2643
Comments
|
Well... this behavior is how innosetup does it, I can look if there is a newer innosetup version which may behave better. |
DavidXanatos
added
Help Wanted
|
Well, if that is somewhat complicated, I don't think it should be something to waste resources to. If someone knows how to improve that easily, then it would be nice to see that changed. Until then, there is no problem with that issues staying open as a reminder that this could be improved. |
|
I have just found an article that should help with this issue: https://blog.osarmor.com/340/innosetup-sign-installer-uninstaller/
This is related to the topic Avast alert, suspicious TMP file in Release v1.13.4, so it is in your interest to sign the .tmp file. |
isaak654
changed the title
|
Are there any issues with the way the signing process would be altered or is there another reason why this is not done? |
This comment was marked as off-topic.
This comment was marked as off-topic.
isaak654
added
Status: Added in Next Build
Is your feature request related to a problem or use case?
The installer itself is signed, but when the installer is executed it drops a .tmp file that gets executed to install Sandboxie Plus.
The installer drops a file
C:\Users\[username\AppData\Local\Temp\[string].tmp\Sandboxie-Plus-[architecture]-[version].tmpthat gets run to install the program, but that binary is not signed by any signature.Describe the solution you'd like
That the .tmp is signed with some valid certificate.
Since the file gets executed as a binary file, and the installer is signed, the chain should be complete and some security software could "respect" the installation process as being more legitimate (even though that is not entirely justified).
Describe alternatives you've considered
No response
The text was updated successfully, but these errors were encountered: