[Bug]: Unwanted software bundled with Estmob.SendAnywhere

[u254254]

Brief description of your issue

When installing Estmob.SendAnywhere, unwanted software called 'Gicon' is bundled that is for showing an ad. It is optional and unchecked in install screen. but in quiet install by winget, it is installed without any prompt.

Steps to reproduce

1. Install Estmob.SendAnywhere by winget.
2. Press Yes in UAC. (I don't know what happen in press No in UAC)

Expected behavior

No unwanted software.

Actual behavior

Installs unwanted software called 'Gicon'

Environment

Windows Package Manager v1.1.13405
Windows: Windows.Desktop v10.0.19044.1526
Package: Microsoft.DesktopAppInstaller v1.16.13405.0

[OfficialEsco]

These are the only options i can see when running it manually?

And no Gicon software installed

Reset VM

PS M:\> winget install Estmob.SendAnywhere
Found Send Anywhere [Estmob.SendAnywhere] Version 21.4.211415
This application is licensed to you by its owner.
Microsoft is not responsible for, nor does it grant any licenses to, third-party packages.
Downloading https://update.send-anywhere.com/downloads/x64/SendAnywhereSetup.exe
  ██████████████████████████████  94.9 MB / 94.9 MB
Successfully verified installer hash
Starting package install...
Successfully installed

Still no Gicon software

[denelon]

I have also not been able to reproduce this.

@u254254 can you replicate this and share logs? The log location is visible via winget --info.

[u254254]

I tested manual install in fresh VM (English and Korean). in English Windows, no 'Smart Search' component showing and no Gicon installed. in Korean Windows, Smart Search component shows and installs Gicon.

---

Test Images

English	Korean
No Gicon installed
	Installed with WinGet:

WinGet logs (Korean Windows): WinGet logs.zip

Plus: It registers itself into Task Scheduler:

[OfficialEsco]

And both times you used https://update.send-anywhere.com/downloads/x64/SendAnywhereSetup.exe ?
So the bad thing about Closed source Nullsoft and Inno installers is that we cannot know their custom switches, aka we cannot disable it when the evil Developer enabled it by default..

[denelon]

I think we need to remove this package since it includes unwanted software. I'll start looking at possible solutions for this.
@OfficialEsco do you have any suggestions?

• Package Tombstones winget-cli#1900

[OfficialEsco]

I do not, i've never seen a package act differently under a different locale, i believe this is a Korean/Chinese issue...
We can force it to be Interactive only? Or add a warning to the Korean InstallerLocale/Locale?

[denelon]

We need to test to see if Gicon flags as PUA. I've asked the team to confirm and run scans. If it is detected as PUA, we will remove it from the repository.

[denelon]

#23473

[SpecterShell]

There is no switch to uncheck NSIS section and I didn't see any custom switches available.
Anyway, there are two ways to bypass it manually:

1. Block www.wizchat.co.kr in Firewall
2. Put something to %APPDATA%\msafespt\msafespt.exe

Function .onInit
  ; ...
  StrCmp $LANGUAGE 1042 label_1084 ; If is Korean, jump to label_1084
  Push $R0
  Push $R1
  StrCpy $R1 5
  SectionGetFlags $R1 $R0
  IntOp $R0 $R0 & 0xFFFFFFFE ; https://nsis-dev.github.io/NSIS-Forums/html/t-143655.html
  SectionSetFlags $R1 $R0 ; Force uncheck "Smart Search"
  SectionSetText $R1 "" ; Hide "Smart Search"
  Pop $R1
  Pop $R0
label_1084:
  IfFileExists $APPDATA\msafespt\msafespt.exe 0 label_1086 ; If file exists, hide "Smart Search"
  SectionSetText 5 ""
label_1086:
  ; ...
FunctionEnd

I do not, i've never seen a package act differently under a different locale, i believe this is a Korean/Chinese issue... We can force it to be Interactive only? Or add a warning to the Korean InstallerLocale/Locale?

It only appears in Korean.
You can duplicate installer item and add

  InstallerLocale: ko-KR
  InstallerSwitches:
    Silent: # Anything other than /S
    SilentWithProgress: # Anything other than /S

In this way it will not be silent for Korean users.

[denelon]

We have added a task with @msftbot to add "Blocking-Issue" to PRs for this package.