Custom installer without warning dialog… (TrustedInstaller.exe)

If you start an custom install program which is not digital signed, then Vista and later (at least Win7RC1) warns you, that your installer is not digital signed and “do you really wnt to do that”…

This feature is implemented with an shim (in a separate article I will explain shims later).
In short it works like: if an application is started, it checks the shim-database (in general %SYSTEMROOT%\AppPath\sysmain.sdb) if this application matches specific conditions.

For “Installer detection”, there are several conditons. Here is a list, what is checked (Vista and Win7RC1):

  • Productname contains “*instal*” or “*setup*” or “*update*”
  • Companyname contains “*instal*” or “*setup*” or “*update*”
  • Internalname contains “*instal*” and app is not named “TrustedInstaller.exe”
  • Originalfilename contains “*instal*” and app is not named “TrustedInstaller.exe”
  • Filedescription contains “*instal*” and app is not named “TrustedInstaller.exe”
  • Filename contains “*instal*” and is not named “TrustedInstaller.exe”
  • Exportname contains “setup.exe” or “install.exe” or “stub32” or “stub32.exe” or “signstub.exe”
  • Filename contains “*patch*” or “*setup*” or “*uninst*” or “*update*” or “lhaca*.exe”
  • Filedescription contains “*instal*” or “*setup*” or “*update*” or “*uninst*”
  • Originalfilename contains “*setup*” or “*update*”
  • Originalfilename contains “*setup*” or “*update*”

What is the conclusion: If you want to prevent the message box, just name your installer “TrustedInstaller.exe” 😉

You can simple test this by renaming any EXE to “abcinstaldef.exe” and try to execute it 😉 and the rename it to “TrustedInstaller.exe” 😉

On the other hand: Never name your app anything of the above!

3 thoughts on “Custom installer without warning dialog… (TrustedInstaller.exe)

  1. Koro

    What about “setup.exe”?

    I always thought Vista dug into installer EXE files to detect NSIS or something – it never failed to detect it no matter the name of the installer.

  2. jkalmbach Post author

    Yes; there are other build-in diagnostics of setup-tools… but I do not know the details…
    Also be aware, that there is a shim called “SpecificNonInstaller” which looks like it might overcome this “detection”… But I am not sure…

    But this blog entry was also to prevent users to name their products anything with *instal*… this will force an dialog…

    For “setup/install/update” there are also several entries in the shim database:
    [I changed my blog entry, to reflect this info…]

  3. Pingback: Windows 7: EXE Dateien erstellen ohne das UAC Meldung ausgelöst wird: » Persönliche Aufzeichnungen

Comments are closed.