Inno Setup temp folder access triggers the Norton

Hello everyone,
Whenever I try to install my package, Norton stops the installation. It says a suspicious action is blocked and it shows that the inno seteup tries to change a file in C:\Windows\is-XXXXX.tmp.
As far as I know, this is a temporary file that inno setup creates but why not in C:\Windows\TEMP\is-XXXXX.tmp?

I have a code signing certificate. It all works, I can see the smart screen of the windows and it is letting my installer run. But many anti-virus software do the same and block the installation. I found a few posts but no answers.

Do you have any suggestions?
Thanks in advance :pray:

Norton is garbage that should be deleted asap but dont take my word for it

Which other anti virus software blocks installation?

2 Likes

Thank you for your answer. I haven’t tried many of them but “Malwarebytes Anti-Malware” is also blocking it but this may not be related to the inno setup. Because it keeps blocking the plugin itself.

And lastly, which is the worst one I guess, the Win 11 defender is displaying a blue smart screen and warning users not to install it but still offers an “Install anyway” option. I don’t have an EV certificate, mine is just a code signing certificate. Is this related to EV or still inno ? I have no idea :slight_smile:

I can’t speak to Norton being a (typical) pain though the issue quoted wouldn’t happen with an EV cert.

OV certs require building a Windows SmartScreen reputation. OTOH, EV certs give immediate reputation. It’s quite the gimmick.

And when you renew your certificate (sometimes?) all your reputation vanishes again.

When I think about dealing with all this I have a special tool i use to stab my self multiple times at once in the face until i feel better.

4 Likes

I have a similar issue with norton rejecting the .tmp file. Have you found any workaround since then?

Well, looks like there is no easy way to solve it. Norton has its own security network. Other users should report your executable file as trustable software. Before running the executable, you need to right-click on it and go to Norton>File Record option. After Norton pops up the “File Record” window, you will need to wait for a few seconds, then you will see that a “Trust Now” option will appear. Once you click on it, Norton will allow you to run the executable and install everything. After releasing your product, your customers also should do the same. After a while, it will be recognized by Norton as trustable software.

1 Like

The solution (unfortunately) is to purchase an EV code signing certificate which is both expensive, annoying (requires some additional documents) and interrupts with your dev environment since it requires a physical dongle when you sign.

However, once we’ve gone through that pain and made peace with the fact that the OV certificate was a waste of money, anti virus and smart screen warnings now let our installers and standalone programs run safely.

2 Likes

There is a way around this, as explained in [Article] How to code sign Windows installers with an EV cert in the cloud :slight_smile:

1 Like

Yeah, I’m aware of @sudara’s excellent cloud solution and very keen on testing myself once our current license expires (as you can’t move the license from the dongle into it once you bought it).

Has anyone tried it in a commercial product?

2 Likes

cries tears of vaporware

Seems ok with my alpha testers but I won’t be selling until mid-2023 earliest…

1 Like