Reboot blocked by Vista and Windows 7

Oct 26, 2010 at 7:43 PM

I've written a modest DNI bootstrap that installs .NET4, SQL CE, and my application MSI. It works as expected on Windows XP SP3, installing .NET4 if and only if needed. It also works on Vista and Windows 7 when .NET4 is already installed. So far so good.

However, installing .NET4 on Vista and Windows 7 apparently requires a reboot (which it doesn't on XP). After the reboot, Vista (and Windows 7) detects that my bootstrapper is in the startup list, but blocks it from executing.

I have not digitally signed my bootstrapper, so Windows reports that it is from an "Unknown Publisher". Is this the problem? Do I have to purchase a certificate to get arround the issue?


Oct 26, 2010 at 10:45 PM

What are the exact error messages in the windows event viewer?

Oct 27, 2010 at 12:35 AM

Thanks for prompt response.

I think the relevant event from the system log is this EventID 3004:

"Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer.  Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
 For more information please see the following:
Not Applicable
  Scan ID: {64BFBC31-D6B2-4CE6-BD05-63D04EEAAD1B}
  User: Test-Vista\rwilder
  Name: Unknown
  Severity ID:
  Category ID:
  Path Found: regkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ManagingExpectationsInstaller.exe;runkey:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ManagingExpectationsInstaller.exe;file:C:\Users\rwilder\Desktop\ManagingExpectationsInstaller.exe
  Alert Type: Unclassified software"

What is observed on the desktop immediately following the restart is a message balloon from the Windows Defender tray icon that says

   "Windows has blocked some startup programs. Windows blocks programs that require permission to run when Windows starts. Click to view blocked programs."

Clicking the icon brings up Windows Defender, which shows my bootstrap (ManagingExpectationsInstaller.exe) as the program it is barking about.

If I click to allow windows to proceed, the remainder of the installation completes correctly.

BTW: I'm using DNI version 1.10.1525.0 which I think is current release.

Oct 27, 2010 at 3:31 AM
Edited Oct 27, 2010 at 3:31 AM

From what I understand any application that requests admin privileges at startup time will be blocked. Signing the program is not going to do anything to it. I am not sure what to do here, except maybe if the installer runs without elevation and kicks off another installer. That looks hacky to me though. I'll create an issue, but I see no solution, any suggestion is certainly appreciated.

Oct 27, 2010 at 3:32 AM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
Oct 27, 2010 at 3:58 PM

I'm not doing anything (that I'm aware of) to make my bootstrapper request admin priviledge. Does DNI do this as part of its magic?

Nov 7, 2010 at 8:38 PM

Yes, DNI is marked to be elevated in a manifest. You can certainly embed another manifest, but you can't generally install software without having elevated privileges. The linked workitem talks about changing how DNI launches on reboot and scheduling a task instead.