Cannot sign C++/CLI assembly in Visual Studio 2015

Question

Using Visual Studio 2015, with the 2015 toolset: when I try to directly sign the assembly as follows:

The signing always fails with the following error: LNK1346 ALINK operation failed (80040436) : Error signing assembly -- The process cannot access the file because it is being used by another process.

This same assembly could be signed in Visual Studio 2013 (I've just upgraded it today).

Is this a known issue in 2015 (couldn't find any bugs when I searched that error)? Or am I doing something wrong?

EDIT: Workaround

It seems that this is yet another McAfee AV bug. However, there is another way to sign the file that might give McVirus enough time to release the lock it has taken out.

The assembly can be delay signed and sn -R $(TargetPath) $(LinkKeyFile) can be run as as a post build event to complete the signing. This worked for me and @Moop.

Answer 1

The process cannot access the file because it is being used by another process.

Works just fine on my machine, this is not a VS2015 problem. A common environmental issue, this error message is a standard tragedy on Windows machines that are infected with shrink-wrapped malware.

Signing is a two-step process. First link.exe has to generate the executable file, necessary so the SHA256 hash can be computed for the file. Then the file gets re-opened by ALINK (the managed linker) to add the signature. It has to do battle with other processes that run on your machine that are interested in the file as well. The kind that invariably gets its underwear in bundle when an executable file appears from seemingly nowhere and insists on checking the file content and exclude access to the file until it is done.

It seems to work just fine when you use delay-signing, the delay is usually sufficient to get the process to complete its job and release the exclusive lock on the file. Also some odds that sn.exe is a bit more sophisticated about it, retrying to open the file periodically before giving up, ALINK certainly is not.

You must make an exclusion in your anti-malware product for your build directory. If it is some kind of aggressive freeware like Avast, AVG or ESET then plan to get rid of it asap so it can never bother you again. Defender never gives me any trouble.