You are here

Running DLLs from temp folder

6 posts / 0 new
Last post
TexasDex
Offline
Last seen: 16 years 5 months ago
Joined: 2008-01-30 09:54
Running DLLs from temp folder

When I run Thunderbird portable the McAffee systray icon turns red and says a message has been added to the protection log. Every time I open it about five lines like the following one appear in the protection log:
1/30/2008 9:31:54 AM Would be blocked by Access Protection rule (rule is currently not enforced) DOMAIN\username Y:\PortableApps\ThunderbirdPortable\ThunderbirdPortable.exe C:\Documents and Settings\username\Local Settings\Temp\nsn31DF.tmp\newadvsplash.dll Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

I know this is a false alarm, and I also know that the antivirus isn't really blocking the action but saying that it could block it if it was configured to do so. However I would like to avoid the messages, as I can't delete them and they leave unnecessary traces on the machine. Is it possible to set it to use a temp folder on the drive itself rather than on the local host? (it's not a thumb drive so repeated writes are not a concern) Should this be a default? Or at least easily configurable?

Simeon
Simeon's picture
Offline
Last seen: 9 years 9 months ago
DeveloperTranslator
Joined: 2006-09-25 15:15
if i read your errors correctly

it's NSIS's splash screen plugin that causes the messages.
What happens if you disable the splash screen?

"What about Love?" - "Overrated. Biochemically no different than eating large quantities of chocolate." - Al Pacino in The Devils Advocate

John T. Haller
John T. Haller's picture
Online
Last seen: 53 min 41 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Plugins

Those DLLs are plugins for NSIS (the language the portable launchers are coded in). They do things like handle registry entries, show the splash screen, find running apps to prevent multiple launches, etc. They're a part of many installers like the installers for standard Firefox, Thunderbird, OpenOffice.org, Winamp, etc. so McAfee shouldn't really be concerned with them.

For now, I'd suggest just ignoring them. In an upcoming release, the platform will have a way of solving this.

And welcome to PortableApps.com Smile

Sometimes, the impossible can become possible, if you're awesome!

TexasDex
Offline
Last seen: 16 years 5 months ago
Joined: 2008-01-30 09:54
Thank you

When I said there are several lines that appear I meant that they list different files, all in the temp folder:
FindProcDLL.dll
newadvsplash.dll
FindProcDLL.dll
newadvsplash.dll
System.dll
UserInfo.dll
registry.dll

They all are apparently launched from the same temp directory. While I'm not terribly worried about the files themselves it does leave a trace on the local computer, which was my concern. Thank you for the friendly welcome; I'll keep an eye out for updates.

John T. Haller
John T. Haller's picture
Online
Last seen: 53 min 41 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Nope

All those files are removed when the application shuts down, same as they are when you use an NSIS-based installer and the installer finishes. Unless McAfee is somehow interfering with that.

Sometimes, the impossible can become possible, if you're awesome!

rab040ma
Offline
Last seen: 3 weeks 3 days ago
Joined: 2007-08-27 13:35
I don't think he was

I don't think he was suggesting that the files themselves were being left behind, just the logged record of the potential security problem which he can't suppress or clear.

I can sympathize with administrators who are concerned about the temp directory being home to random executables or DLLs.

I don't suppose those DLLs could be copied (once) to CommonFiles and run from there? I realize they are designed for installers, not launchers, but maybe they have that extra bit of flexibility.

MC

Log in or register to post comments