4

I am working with the software "Wonderguard Filmora" which some of our users require and am running into an error on launch. The issue stems from the Software attempting to run an update detection on launch which is run through a .tmp file under USERS\User*\APPDATA\LOCAL\TEMP\IS-4CRPP.TMP\WONDERSHARE FILMORA UPDATE(X64).TMP This is an unsigned execution and thus is being blocked by applocker. Now i see making an applocker exception for this case as a security risk, as just allowing any temp files to run form a location is the only way to enable this since the name is different every time.

I'm looking for a best practice solution to resolve this issue without making a security compromise.

Samuel
  • 59

1 Answers1

7

making an applocker exception for this case as a security risk

An exception for the location (or similar file name or path criteria) is beyond risk. That is an actual problem, and it negates using AppLocker.

This is an example of the most common obstacle for implementing AppLocker. However, if the code is signed, and it should be, creating an exception for the signer should be fine.

If the code is not signed, you either: don't have AppLocker protection, or: replace the application with an application that follows simple industry practices for signing code.

Sometimes you can reach out to the vendor and ask them to look into this. I suspect that there are reasons why the code is not signed, but those reasons are usually incompatible with security.

Greg Askew
  • 39,132