Office customization creates/loads DLL from temporary folder

  • Article

Microsoft Customers have asked the following and other questions about the VSTO shadow copy feature. This blog will discusses VSTO and shadow copy. Here are frequent questions:

1) VSTO customization writes a DLL to a temporary location. Is that mandatory? Can it be disabled?

2) Can Shadow copy be disabled for VSTO customization?

3) The Antivirus does not allow the VSTO customization to run. Antivirus is reporting some permission denied message. How to go about this?

 

 

Background

VSTO customization DLLs are always loaded from a temporary folder location and not from original location irrespective of whether clickonce cache is used or not.  The location of temporary folder is the Shadow copy folder of .Net framework which is mentioned under the registry key HKCU\Software\Microsoft\Fusion\DownloadCacheLocation.

Shadow Copy is a feature where DLLs can be updated while they are being used. To implement this feature, DLLs are copied to  a temporary location when they are being used so that DLL at original location can be updated.

The Shadow copy feature has been used in VSTO from the initial version and there is no way to disable it. Shadow copy can be disabled for .Net Appdomain while creating a Appdomain but in the case of VSTO customization, the developer has no control over the way Appdomain is created and hence cannot configure the behavior.

You can determine the original location of the assembly and the location from where the customization is being loaded by using below VB/C# code:

System.Reflection.Assembly.GetExecutingAssembly().CodeBase // Gives original assembly location

System.Reflection.Assembly.GetExecutingAssembly().Location // Gives temporary assembly location

 

 

Recommendations

1) Before VSTO version 3.0, there is no way to disable Shadow copy feature in VSTO. It has been there since the initial version of VSTO. However customer’s feedback has been shared with product group and they may(or may not) consider this as a feature in next service pack or next version of VSTO.

2) Many Antivirus products (If they are blocking Office application to create DLL) can create a custom exception to allow specific Office application to create DLL at specific location.

3) Shared Add-Ins do not implement Shadow copy and hence they can be used if it absolutely necessary to block Office from creating DLL’s.

4) VSTO customization loads a DLL after a series of security checks so customer should not be worried about Office VSTO customization loading any malicious DLL. For more details on VSTO security, please refer to the articles below in the “Reference Links” section.

 

 

Reference Links

Shadow Copy - https://msdn.microsoft.com/en-us/library/ms404279.aspx
Configure Appdomain for manipulating Shadow Copy  - https://msdn.microsoft.com/en-us/library/c8hk0245(VS.80).aspx
Office 2007 security check before loading a DLL - https://msdn.microsoft.com/en-us/library/bb157863.aspx
Office 2003 security check before loading a DLL - https://msdn.microsoft.com/en-us/library/k64zb6we.aspx