CA001 - Identical Component Identifiers

Description: The Windows Installer databases are scanned for the presence of identical Component IDs. A collision occurs when two or more packages contain the same Component ID with different content or different installation path.

Background: A component is a piece of the application to be installed. The Windows Installer service installs or removes a component as a single coherent piece. It tracks every component by its respective Component ID GUID specified in the Component column of the Component table.

Two components that share the same component ID are treated as multiple instances of the same component regardless of their actual content. Only a single instance of any component is installed on a user's computer. Therefore the install location and the content of components with the same Component ID should be identical.

More Information: https://msdn.microsoft.com/en-us/library/aa368007%28v=vs.85%29.aspx

Manual Remediation: A new Component ID should be generated for the Component(s) that unintentionally share the same GUID.

CA002 - Identical Product Codes

Description: The Windows Installer databases are scanned for the presence of identical Product Codes. A collision may occur when two or more packages have the same Product Code.

Background: The product code is a GUID that is the principal identification of an application or product.Two products with the same Product Code can not be installed on the same computer. If significant changes are made to a product then the product code should also be changed to reflect this. However, when only minor changes are made, it is not required to change the Product Code.

More Information: https://msdn.microsoft.com/en-us/library/aa370854%28v=vs.85%29.aspx

Manual Remediation: A new Product Code should be generated for the package(s) that unintentionally shares the same Product Code GUID.

CA003 - Identical Package Codes

Description: The Windows Installer databases are scanned for the presence of identical Package Codes. A collision occurs when two or more packages have the same Package Code.

Background: The Package Code is a GUID that identifies a specific MSI file. No two MSIs should ever have the same Package Code unless they are identical copies of each other.

More Information: https://msdn.microsoft.com/pl-pl/library/aa370568%28v=vs.85%29.aspx

Manual Remediation: A new Package Code should be generated for the package(s) that share the same Package Code GUID.

CA004 - Identical Upgrade Codes

Description: The Windows Installer databases are scanned for the presence of identical Upgrade Codes. A collision may occur when two or more packages have the same Upgrade Code.

Background: The Upgrade Code is a GUID representing a related set of products. A set of different versions of one application will have the same Upgrade Code. This enables newer versions of the application to search and upgrade previous versions already installed on the same computer.

More Information: https://msdn.microsoft.com/en-us/library/aa372375%28v=vs.85%29.aspx

Manual Remediation: A new Upgrade Code should be generated for the package(s) that unintentionally share the same Upgrade Code GUID.

CA005 - Files

Description: The Windows Installer database is compared to the snapshot and/or MSI packages and scanned for the presence of identical file names in the same folder but with different attributes. A collision may occur when a different version of the same file name in the same folder is installed.

Background: Files are the main element of nearly every application. Proper working of the application depends on the availability of specific versions of these files in the appropriate locations. If different applications install different versions of the same file in the same location, then it might cause a collision between them.

More Information: https://msdn.microsoft.com/en-us/library/aa368596%28v=vs.85%29.aspx

Manual Remediation: Self-developed software should be re-authored to access the colliding files in a different location.

CA006 - Registry

Description: The Windows Installer database is compared to the snapshot and/or MSI packages and scanned for the presence of identical registry value names containing different data.

Background: The Windows registry contains 3 basic elements: keys, values and data. A collision occurs if multiple applications add the same registry value with different data.

More Information: https://msdn.microsoft.com/en-us/library/aa371168%28v=vs.85%29.aspx

Manual Remediation: Self-developed software should be re-authored to read the registry values from a different key or different value name.

CA007 - INI Files

Description: The Windows Installer databases are scanned for the presence of identical INI file names in the same location but with colliding values.

Background: INI files are used to store application configuration. The proper working of the application often depends on the configurations in the INI file. Collisions may occur if different applications use the same INI file with colliding values.

More information: https://msdn.microsoft.com/en-us/library/aa369282%28v=vs.85%29.aspx

Manual Remediation: Self-developed software should be re-authored to use unique values / sections in shared INI files.

CA008 - Mismatch between INI File and File

Description: The Windows Installer database is compared to the snapshot and/or MSI packages and scanned for the presence of INI files that are installed from different sources (INI File table and File table).

Background: INI files can be installed either as flat files (from the File table) or as modular files (from the INI File table). If the INI file already exists on the target system and a Windows Installer package is installed that contains an INI file in the File table, the complete INI file will be overwritten. However, if the INI file is installed with the IniFile table, Windows Installer will edit the existing INI file and add the new content. Collisions may occur if the same INI file is installed from the INI File table and the File table.

More Information: https://msdn.microsoft.com/en-us/library/aa369282%28v=vs.85%29.aspx

Manual Remediation: The INI file should be removed from the File table and added to the IniFile table.

CA009 - Shortcuts

Description: The Windows Installer database is compared to the snapshot and/or MSI packages and scanned for the presence of identical shortcut names with different data.

Background: If multiple applications install the same shortcut name pointing to a different file or a different file location, collisions may occur.

More Information: https://msdn.microsoft.com/en-us/library/aa371847%28v=vs.85%29.aspx

Manual Remediation: Self-developed software should be re-authored to change the colliding shortcut name.

CA010 - File Associations

Description: The Windows Installer database is compared to the snapshot and/or MSI packages and scanned for the presence of identical file extensions pointing to different programs.

Background: A File Association links a file extension to an application capable of opening that file. A collision occurs if different applications associate the same file extension to a different program.

More Information: https://msdn.microsoft.com/en-us/library/aa368571%28v=vs.85%29.aspx

Manual Remediation: Self-developed software should be re-authored to change the colliding file association.

CA011 - Fonts

Description: The Windows Installer database is compared to the snapshot and/or MSI packages and scanned for the presence of identical font file names but with different font names.

Background: Windows Installer tracks all fonts by checking the columns “File_” and “FontTitle” in the Font table. A collision occurs if the same font file name is found with different font names (FontTitle).

More Information: https://msdn.microsoft.com/en-us/library/aa368606%28v=vs.85%29.aspx

Manual Remediation: Self-developed software should be re-authored to change the font file name to a new unique name.

CA012 - Services

Description: The Windows Installer database is compared to the snapshot and/or MSI packages and scanned for the presence of identical Service names but with different configurations.

Background: Windows Service Applications enable you to create long-running executable applications that run in their own Windows sessions. These services can be automatically started when the computer boots, can be paused and restarted, and do not show any user interface. Services can also run in the security context of a specific user account that is different from the logged-on user. A collision may occur if different applications install the same service but with different configuration options.

More Information: https://msdn.microsoft.com/en-us/library/aa371637%28v=vs.85%29.aspx

Manual Remediation: Self-developed software should be re-authored to use unique Service names.

CA013 - ODBC Data Sources and drivers

Description: The Windows Installer database is compared to the snapshot and/or MSI packages and scanned for the presence of identical ODBC Driver names pointing to different source files and for identical ODBC Data Source names with different configuration settings.

Background: ODBC (Open Database Connectivity) is a standard interface for accessing database management systems. A collision may occur if more than one application registers the same ODBC driver or Data Source but with different configuration options.

More Information: https://msdn.microsoft.com/en-us/library/aa370547(v=vs.85).aspx

https://msdn.microsoft.com/en-us/library/aa370546(v=vs.85).aspx

Manual Remediation: Self-developed software should be re-authored to use unique ODBC drivers and / or Data Sources.

CA014 - Environment Variables

Description: The Windows Installer database is compared to the snapshot and/or MSI packages and scanned for the presence of identical Environment Variable names. A collision occurs when at least one uses the “overwrite” option and has a different value to be set.

Background: Environment Variables are dynamic objects that store values to be referenced by applications.

Data can be appended to Environment Variables but it is also possible to overwrite the complete content of the Environment Variable with new data in which case a collision will occur.

More Information: https://msdn.microsoft.com/en-us/library/aa368369%28v=vs.85%29.aspx

Manual Remediation: Self-developed software should be re-authored to append the data to the existing content of the Environment Variable instead of overwriting it.

CA015 - Legacy Files

Description: The Windows Installer database is compared to the snapshot and/or other Windows Installer databases and scanned for the presence of Autoexec.bat and/or Config.sys files installed in the root of the System Drive.

Background: Autoexec.bat and Config.sys files are the primary automatic execution and configuration system files that were originally on DOS-type operating systems. Since Windows NT the content of those files is mostly ignored and only environment variables are taken into account.

More Information: None available.

Manual Remediation: Functionalities included in the Autoexec.bat and Config.sys files should be moved using new technologies.

CA016 - Executables Registration

Description: The Windows Installer databases are scanned for the presence of the same executables (.dll, .exe, .ocx) but are registered from different locations.

Background: Registering a DLL puts the path to the file in the registry where it can be looked up. That eliminates the problem of the program (or another program that also uses that same DLL) from having to hunt around for it.

More Information: None available.

Manual Remediation: None available.