No announcement yet.

Installer created with SF9.5 shows a warning during Windows 10 Certification

  • Filter
  • Time
  • Show
Clear All
new posts

  • Installer created with SF9.5 shows a warning during Windows 10 Certification

    When running the latest version of the Windows 10 App Certification Kit, it reports that the lua5.1.dll has not passed the checks.

    Here is a copy of that section of the report:

    Windows security features test

    Binary analyzer

    • Warning: The binary analyzer test detected the following errors:
    ◦File C:\Program Files (x86)\****\lua5.1.dll has failed the DBCheck check.
    ◦File C:\Program Files (x86)\****\lua5.1.dll has failed the NXCheck check.

    • Impact if not fixed: If the app doesn’t use the available Windows protections, it can increase the vulnerability of the customer's computer to malware.

    • How to fix: Apply the SAFESEH, DYNAMICBASE, and NXCOMPAT options when you link the app. See link below for more information:
    Is there a way to replace the lua dll with the correctly built version?, or can I please request that IndigoRose update their lua dll to resolve this issue?

  • #2
    Today we released an update to Setup Factory (v9.5.1.0) where we've recompiled the lua5.1.dll in order to eliminate the warnings you described. You can get the new version from your customer portal.


    • #3
      Great to see we can now dual-sign our setups.

      I have successfully done a dual-signing with SUF but I'd like to use the Windows Certificate Store. I have loaded my code signing certificate into the Windows certificate store and successful dual-signed .exes via the command line .

      How can I can get the SUF to do the same using the Certificate Store? This is what I tried.

      On the Build Settings -> Code Signing tabpage
      • remove the SHA-256 cert. file
      • remove the password
      • in the additional arguments add "/a"

      The rest the information such as the timestamp URL and sign with SHA-1 have remained the same.

      What happens is it signs the *.tmp twice but forgets to use the /as for the second signing. Is there some option I can force this to happen?