Applocker and java update?

Discussion in 'other security issues & news' started by acr1965, Oct 22, 2010.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have not been successful trying to set applocker to allow java update installs. Is there some trick or setting short of disabling applocker, rebooting and doing a manual update?

    If not, what other updates will I have a similar experience, such as flash, et al...?
     
  2. wat0114

    wat0114 Guest

    Did you create rules for the path: C:\%PROGRAMFILES%\Common files\Java ?

    Don't forget you can easily discover exactly what's been blocked through AppLocker logs:

    Computer management->Event viewer->Application and services logs->Microsoft->Windows->Applocker, then check for "Error" level entries to see what was blocked.
     
    Last edited by a moderator: Oct 22, 2010
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Thanks, just did that. I had no problem finding that an update was available, just installing the update. So I believe the update check was allowed to run but the installer was prevented by applocker.
     
  4. wat0114

    wat0114 Guest

    Oh, I see. There might be rare cases where you'll need to create path rules under a user's Appdata directory to get something to work properly.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  6. katio

    katio Guest

    Allow Adobe and Oracle? Updates need to be signed for that. Flash is no problem, don't know about Java.
     
  7. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I eventually did that and it worked, but I disabled the applocker process. Are you able to have java allowed to be installed from the new update prompt? Or are you only able to install via manual download?

    also, what about adobe flash? same issues?
     
  8. wat0114

    wat0114 Guest

    The logs will show exactly what's blocked, including the path(s).
     
  9. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Yes, thanks. I saw the java update was blocked but could not find any way to have the update installed short of the manual download. I seen the java installer was not visible when I tried to white list it in applocker. I had the java.exe white listed but to no avail.
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I've always downloaded and installed these two manually, so I don't know.
     
  11. wat0114

    wat0114 Guest

    I install Java and Flash updates as administrator, so AppLocker does not form part of the equation anyway. Also, most of my rules are autogenerated, so behavior with that approach as opposed to path rules can differ in certain situations. However, I've had to create dll path rules to address ever-changing Flash temp files under the user's appdata directory path (this is just to use Flash - never mind installing it). It's a nuisance but that's the trade-off, I guess, for including dll rules in AppLocker. An example shown.

    BTW acr, sorry for nattering like an old woman :D regarding the logs, but I've found it to be indisputably the best way to find and correct application functionality problems using AppLocker.
     

    Attached Files:

  12. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Why not just follow MrBrian's approach, which seems to be the most straightforward option? Download and manually update. You can even have a third-party application downloading the installers, whenever a new version is found. Then, you only need to install.

    Besides Secunia PSI, which will for sure let you know right on time, there's Ketarin (http://ketarin.canneverbe.com/), which you'll need to set up for whatever installers you want.

    It's from same developer as CDBurnerXP, I think. It's open-source, if you've got any concerns.

    I still haven't tried it out. Have downloaded it though, still not in the stage of setting it up. Doing other stuff, at the moment.

     
  13. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I'll probably just download manually from here on out with java. I was concerned previously about whether a manual download was appropriate or some other method. I guess at this point I need to figure what else needs a manual update.

    thanks
     
Loading...
Thread Status:
Not open for further replies.