EXE Custom Actions are Bad

1.0Visual Studio Setuphttps://devblogs.microsoft.com/setupHeath Stewarthttps://devblogs.microsoft.com/setup/author/heaths/EXE Custom Actions are Badrich600338<blockquote class="wp-embedded-content" data-secret="BfCGMp5PqV"><a href="https://devblogs.microsoft.com/setup/exe-custom-actions-are-bad/">EXE Custom Actions are Bad</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://devblogs.microsoft.com/setup/exe-custom-actions-are-bad/embed/#?secret=BfCGMp5PqV" width="600" height="338" title="“EXE Custom Actions are Bad” — Visual Studio Setup" data-secret="BfCGMp5PqV" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://devblogs.microsoft.com/setup/wp-includes/js/wp-embed.min.js /* ]]> */ </script> https://devblogs.microsoft.com/setup/wp-content/uploads/sites/13/2018/08/vsfeaturemed.png559350Windows Installer custom actions that launch executables (base custom action type msidbCustomActionTypeExe, 0x2) are typically bad and should be avoided. How are they bad? Let the Windows Installer team count the ways. During internal audits we question any EXE custom actions (CAs) but inevitably some make it into the product. Typically these EXE CAs are […]