Access is Denied Error when installing Guidance Automation Packages / Guidance Automation Toolkit

Question

Hi

We have created a Guidance Automation Package using GAT / GAX Feb 2008 release for VS 2005

Most users can install the created package with no problems. However some users are getting an "Access is Denied" error when trying to install the MSI. These same users cannot install the Guidance Automation Toolkit either. It gives the same error "Access is denied". The users are all administrators on their local machines.

I used msiexec to generate verbose logging for the custom MSI. This section shows where the MSI is failing:
MSI (s) (D4:98) [09:59:42:967]: Executing op: CustomActionSchedule(Action=_2407F5CC_34C1_4985_B2BF_FDC3F7325504.install,ActionType=3073,Source=BinaryData,Target=ManagedInstall,CustomActionData=/installtype=notransaction /action=install /LogFile= /Hive=8.0 /Configuration="C:\Program Files\MyCompany\MyCompany Test Guidance Package\TestGuidancePackage.xml" "D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PublicAssemblies\TestGuidancePackageInstaller.dll" "D:\DOCUME~1\njo4d\LOCALS~1\Temp\CFG1D.tmp")
MSI (s) (D4:80) [09:59:42:983]: Invoking remote custom action. DLL: C:\WINNT\Installer\MSI21.tmp, Entrypoint: ManagedInstall
MSI (s) (D4:10) [09:59:42:983]: Generating random cookie.
MSI (s) (D4:10) [09:59:42:998]: Created Custom Action Server with PID 3716 (0xE84).
MSI (s) (D4:80) [09:59:43:061]: Running as a service.
MSI (s) (D4:80) [09:59:43:061]: Hello, I'm your 32bit Elevated custom action server.
MSI (s) (D4!68) [10:06:22:227]: Note: 1: 2262 2: Error 3: -2147287038
MSI (c) (D0:F4) [10:06:22:243]: Note: 1: 2262 2: Error 3: -2147287038
DEBUG: Error 2835:  The control ErrorIcon was not found on dialog ErrorDialog
The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2835. The arguments are: ErrorIcon, ErrorDialog,
Error 1001. Access is denied

I also have a log file from a working installation if that helps. I tried running the GAX Troubleshooter on a user's machine but it did not show anything out of the ordinary. Let me know if you want me to post this.

Any help or advice on this error would be appreciated

Thanks!

Answer 1

Just to follow up on this, I think I've find the problem, but not the solution yet! The affected users were running McAfee Host Intrusion and it is blocking Windows Installer with the following message (from McAfee logs):

Time:   3/30/2009 1:02:35 PM
Event:   McAfee Host Intrusion Prevention
IP Address/User: NT AUTHORITY\SYSTEM
Description:  Windows® installer (msiexec.exe)
Path:   C:\WINNT\system32\MsiExec.exe
Message:  Attack type: Double File Extension Execution

The double file extension obviously refers to the T4 templates which have a .cs.t4 extension.

Any ideas how I can get round this problem?

Thanks!
 

Answer 2

This is most probably because as part of a package registration GAX needs to copy an embedded .exe to a temp folder and execute the .exe. This is a core part of GAX package registration and cannot be skipped.

Sorry I'm not familiar with McAfee HI tool as to know if there may be a way to configure it to avoid detecting this as an intrusion. Microsoft .MSI are signed so that may be something you could start with.

HTH,
-Victor.

---

http://t4editor.net -> RTM version coming soon!!

Answer 3

Hi Victor

Thanks for the reply. I've been looking into this further and you are correct. From the McAfee logs, I have been able to tell that the MSI is indeed attempting to execute an exe in the user's temp folder. Here is the McAfee log of the incident:

 04-28 15:15:30 [00208] VIOLATION: [1] ------- Violation  Logged ---- Size 617 ----
<Event> <!-- Level=High, Reaction=Prevent -->
  <EventData
  SignatureID="412"
  SignatureName="Double File Extension Execution"
  SeverityLevel="4"
  Reaction="3"
  ProcessUserName="NT Authority\Local System"
  Process="C:\WINNT\system32\MsiExec.exe"
  IncidentTime="2009-04-28 15:15:28"
  AllowEx="False"
  SigRuleClass="Program"
  ProcessId="4628"
  Session="0"
  SigRuleDirective="run"/>
  <Params>
    <Param name="file">tmp4F.tmp.exe</Param>
    <Param name="path">\documents and settings\auser\Local Settings\Temp\tmp4F.tmp.exe</Param>
    <Param name="Workstation Name">myWorkstation</Param>
  </Params>
</Event>

As you can see GAX is trying to execute "tmp4F.tmp.exe" and it is the double-file extension that McAfee is not allowing. I am operating in a corporate environment so I doubt whether I would be able to get an exception in McAfee policies for a file with a double-file extension.

This issue is also preventing GAT from being installed on user machines. Could this issue be fixed in a future version of GAX i.e. so that the file which is executing only has a single-file extension. This would get round the problem.

Is there any other way round this issue? Can I deploy the files to the user machine and run the executable you are talking about from a batch file (or similar) to manually register the guidance package with VS?

Thanks!

Answer 4

Anyone have got the solution?

Answer 5

Yes, the solution (in my case) was to disable HIPS (Mc Afee Host Intrusion) during installation of my GAT package. McAfee was blocking the double-file extension that GAX was trying to execute