After visiting dslreports.com Security Forum and reading this thread; Break Xp Sp2 Popup Blocker: kick it in the ... ! 'msiexec.exe' should not be granted "Always perform this action" I don't give trusting permission to 'msiexec.exe' and was stopped dead in its tracks though a friend of mine does and was exposed to the test mentioned above. Am I correct here; that msiexec.exe should not be given full un-alerted access? It's this type of protection that makes PG gold!! -wayne
My recommendation is that you "Permit Once" MSIEXEC.exe on a case-by-case basis. One problem I have run into is that when I do a MS Office update on the MS update sight, msiexec.exe is started just to make the available update check. Then it does not automatically exit and has to be killed manually. So I deny it when it is requested during the scan and that keeps me from having to kill it later. If the scan reports an update available, I then rescan and permit it to install the update.
That is what I do on my machine but wasn't for sure if it is something I should recommend to others. Are you saying that it remains active after, office update scan even if PG is granted permission to allow it to run once during the scan? To test this; I gone to office update scan and allowed msiexec.exe to run, then gone to the site mentioned above, PG Alerted me to msiexec.exe allowing me to deny it. It would appear that it doesn't stay active. To validate this, I kept the Office update scan browser open and granted permission to msiexec.exe, keeping the browser open I gone to the test site above through another IE browser window, again PG alerted me. I would say that it is safe granting permission to msiexec.exe during office update scan. -wayne
On my XP-SP2 system, msiexec.exe stays in memory after the scan is complete on Office 2003. I have to use Task Manager and kill/close it manually. This only seems to occur when it is used on Windows Office update and when there is no update found to install. If an update is installed, then msiexec is shut down at the end of the installation.
Ok, I understand now, During the scan, again I opened another IE browser window and gone to the test site, with msiexec.exe in the 'Task Manager' PG still prompted for an action on the test site. From what I see, it is safe to say PG ONLY grants msiexec.exe permission of the selected action it was ment to perform. I still would not "Always perform this action" with msiexec.exe, I would like to know what it is up to -wayne
It sounds to me that microsoft didnt put the right reg. entry in the registry. RUNONCE and exit. You can allso program that to check install and exit. The reason that MS has it that way is to check and see if you have legal copies of Applications in your computer while you are updating. SP2 is a legal way of MS to keep track of all pirated programs and send a report to the vendors of those pirated applications. (In my opinion I think thats the way it works but I could be wrong) Has any one ever looked to see if other things were setup in the process of updating. You might want to look in your Temp. Internet Files folder to see how many setup logs there are. One in particular is ASP.NET Setup Log while you were Updating Framework 1.1. You may have an unknown account on your computer that can only be seen in safe mode when you check your security for the permissions allowed on your computer. Microsoft dosent call them pirated they are known as hostile applications in a legal machine and are reported as such (HOSTILE). This may be a little off of the discussion but if you think about it a process that stays on when it should be off needs looking in to (other things may be going on in the background that you dont know about). Installers are nice tools to hide little snipets of code in that call on other things that can work in the background. Updaters are another form of installers because they perform a dual purpose.
I don't understand where the msiexec.exe comes into the test. I use maxthon browser and set deny always for iexplore.exe (in PG). I tried the test and nothing happened, well I got am internet explorer script error. Then I set permit always for iexplore and tried the test again. I got the popups but there was no mention of msiexec.exe on my PG alerts tab.