Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Signed inno exe extremely slow on windows 7+

I find that under certain conditions my signed, inno created installer.exe takes about 10 minutes to open or view properties. When I run as administrator it is immediate, so it seems obvious that the UAC is somehow related. The size of the exe is around 13 MB.

If I copy the file via thumb drive to the target machine, there is no wait. If the same file is downloaded through a browser, there is the 10 minute wait, with explorer going into la la land doing who knows what. After the 10 minute or so wait, the file opens normally with no wait on all subsequent openings.

I am using ksign + commodo to sign the inno exe, and an internal dotnet exe within the inno setup, although I don't think that is a factor.

Windows 10 has the 10 minute wait even running as administrator.

This action is happening for most versions from win 7 on up. There seems to be some change in the exe contents that triggered it, but I haven't found the reason.

Edit 1: I previously contacted ksign, they don't seem to have any issues with my exe, it opens without lag in their environment. This isn't typical however, as many installations face this lag issue. I also tried making some sense out of process monitor monitoring explorer, but there is too much information going on with explorer to pick out the hanging process, unless I a looking in the wrong place.

Edit 2: MsMpEng.exe, which is microsoft security essentials, seems to running amok. This goes on almost endlessly.sysinternals

like image 671
Erik Friesen Avatar asked Jun 20 '15 17:06

Erik Friesen


1 Answers

Try steps described here: Offline Environment and Authenticode:

To work with UAC-enabled Windows, winsw ships with a digital signature. This causes Windows to automatically verify this digital signature when the application is launched (see more discussions). This adds some delay to the launch of the service, and more importantly, it prevents winsw from running in a server that has no internet connection. This is because a part of the signature verification involves checking certificate revocation list.

To prevent this problem, create myapp.exe.config in the same directory as myapp.exe (renamed winsw.exe) and put the following in it:

<configuration>
  <runtime>
    <generatePublisherEvidence enabled="false"/> 
  </runtime>
</configuration>

See KB 936707 for more details.

Note, this may not work, if your installer already has embedded manifest (more details). In this case you should try to modify your embedded manifest instead.

like image 55
beatcracker Avatar answered Oct 01 '22 11:10

beatcracker