Installation and keepass

I just installed Jami on Windows 10 Pro.
During the first attempt, I had KeePass opened and the installation asked me to close it as it needed access to my database file currently used by KeePass. This is rather creepy and hard to understand.
I could not find a related issue in the forum - any ideas where that could come from?

Pretty sure it’s due to the WiX toolset (for the installer) and managed by this process, not by jami itself.

yep, this comes for sure from the installer (it takes place during installation) but not sure why

This is a valid security issue, but not malicious behavior. KeePass is likely using a shared system resource(e.g. msvcr120.dll), that is present in the MS Visual C++ Runtime Redist shipped with the MSI. The specifics of the collision can be found by analyzing MSI installation logs(msiexec /i "C:\MyPackage\Example.msi" /L*V "C:\log\example.log").

The “Files-in-use” often shows document interface applications prefixed with the open file(e.g. “MySpreadsheet.xlsx - Excel”) given the impression that the user document is the file in question when it’s actually some shared system DLL used by the opening application.

This was logged a while back in this Gitlab issue. A few attempts to suppress the warning dialog were made(e.g. in this SO answer), but I’m fairly certain the core issue is the use of VC Redist merge modules. The merge module packaging was introduced in response to a complaint about Jami installing non-free software on the user’s system. Unfortunately, this workaround only bypasses the user’s consent for the installation of Microsoft VC runtime files.

According to this Microsoft documentation, merge modules are deprecated and represent a possible security risk. Installing Jami may downgrade shared resources, introducing vulnerabilities and bugs. I will flag the issue as critical and hopefully can rework the installer package ASAP.

thanks for the tip on msi installation logs