When I run Thunderbird portable the McAffee systray icon turns red and says a message has been added to the protection log. Every time I open it about five lines like the following one appear in the protection log:
1/30/2008 9:31:54 AM Would be blocked by Access Protection rule (rule is currently not enforced) DOMAIN\username Y:\PortableApps\ThunderbirdPortable\ThunderbirdPortable.exe C:\Documents and Settings\username\Local Settings\Temp\nsn31DF.tmp\newadvsplash.dll Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute
I know this is a false alarm, and I also know that the antivirus isn't really blocking the action but saying that it could block it if it was configured to do so. However I would like to avoid the messages, as I can't delete them and they leave unnecessary traces on the machine. Is it possible to set it to use a temp folder on the drive itself rather than on the local host? (it's not a thumb drive so repeated writes are not a concern) Should this be a default? Or at least easily configurable?
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
it's NSIS's splash screen plugin that causes the messages.
What happens if you disable the splash screen?
"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate
Those DLLs are plugins for NSIS (the language the portable launchers are coded in). They do things like handle registry entries, show the splash screen, find running apps to prevent multiple launches, etc. They're a part of many installers like the installers for standard Firefox, Thunderbird, OpenOffice.org, Winamp, etc. so McAfee shouldn't really be concerned with them.
For now, I'd suggest just ignoring them. In an upcoming release, the platform will have a way of solving this.
And welcome to PortableApps.com
Sometimes, the impossible can become possible, if you're awesome!
When I said there are several lines that appear I meant that they list different files, all in the temp folder:
FindProcDLL.dll
newadvsplash.dll
FindProcDLL.dll
newadvsplash.dll
System.dll
UserInfo.dll
registry.dll
They all are apparently launched from the same temp directory. While I'm not terribly worried about the files themselves it does leave a trace on the local computer, which was my concern. Thank you for the friendly welcome; I'll keep an eye out for updates.
All those files are removed when the application shuts down, same as they are when you use an NSIS-based installer and the installer finishes. Unless McAfee is somehow interfering with that.
Sometimes, the impossible can become possible, if you're awesome!
I don't think he was suggesting that the files themselves were being left behind, just the logged record of the potential security problem which he can't suppress or clear.
I can sympathize with administrators who are concerned about the temp directory being home to random executables or DLLs.
I don't suppose those DLLs could be copied (once) to CommonFiles and run from there? I realize they are designed for installers, not launchers, but maybe they have that extra bit of flexibility.
MC