Crapplocker screw up ??

Discussion in 'other anti-malware software' started by acr1965, Aug 17, 2010.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    So I had applocker enabled for a while but then decided to disable it for a while to try out other security options. I just tried to install an app I wanted to try (desktop notes program, clean on VT). I am not allowed to install the program. I have tried various ways to get applocker to allow this install this app but am not able.

    I was just able to install a different program recently. It appears the main difference between the two programs is that applocker will not allow a program without a digital signature to be installed. The program allowed to be installed had a digital signature while the one applocker denied did not have a DS.

    How do I get my system back to where I can install this app which does not have a digital signature?

    Please do not remind me a million times about it not being wise to install an app that lacks a valid digital signature. I realize what I am doing is not the smartest install ever. But for now I just need my computer back to the pre-applocker status.

    Thanks in advance for any help.
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Did you keep the default rules that allow Administrators to run anything? If you kept them, you should be able to install by right-click and choose 'Run as administrator'.
     
  3. wat0114

    wat0114 Guest

    MrBrian, I'm thinking acr has deleted or possibly altered those administrator Path rules. acr, you've never really made it clear how you're AppLocker config is set up and whether or not you decided to run as administrator, so it's hard to help. You haven't posted any screenshots of your rules, nor of your AppLocker log results when problems occur. AppLocker works exactly as it should based on the way the user has configured the rules. There's no buggy behavior whatsoever that I've ever noticed, not once.

    Possibly what's currently happening to you is the application you're trying to install is already installed with a version that is digitally signed and has a Publisher rule assigned to it, so it is not allowing the current version because of its lack of a digital signature. Just my guess, but as MrBrian points out the default allow all path rule for admins should allow it to install.
     
    Last edited by a moderator: Aug 17, 2010
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    When I right click there is no "run as admin". With some installers I have there is a "run as admin" but not this one.
     
  5. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    It's a .MSI file then I assume? I have one specific folder where a limited user can both execute from and write to, for such purposes as this. Make such a rule, then run your .MSI from there.
     
  6. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I'm running as admin and always have. I have now tried applocker with rules enforced and as audit only. But I am unable to install this app no matter how I try to configure applocker. I'd like to just disable applocker. Actually I thought before that if I just deleted off all the rules and had none enforced that applocker would essentially not be enabled.
     

    Attached Files:

    Last edited: Aug 18, 2010
  7. wat0114

    wat0114 Guest

    You may need an msi rule for your "Admin" named administrator account. I have found that the default rules for the "Built-in" administrator account is not enough.
     

    Attached Files:

  8. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,046
    Location:
    USA
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\Msi.Package\shell\runas\command]
    @=hex(2):22,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
    00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,00,\
    73,00,69,00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,22,00,20,00,2f,\
    00,69,00,20,00,22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00


    Put the above in a .reg file and merge and that will enable the right click "Run as Admin" option for .msi files.
     
  9. ParadigmShift

    ParadigmShift Registered Member

    Joined:
    Aug 7, 2008
    Posts:
    203
    "By default, if enforcement is not configured and rules are present in a rule collection, those rules are enforced."

    Temporarily disable the Application Identity Service or add the user account (Admin-PC\Admin) to AppLocker Allow.
     
  10. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    forgot about just disabling the service- thanks for pointing that out. I decided to go with another sticky note program.

    FWIW- I tried creating a rule by path and hash but after doing so I was still unable to install the program. Could there be a "higher" rule in applocker that does not allow non-digitally signed installs nomatter what I set up for installer rules?

    I guess I kinda like the applocker as admin set up, better than most other things I have tried. It just takes a bit getting used to.
     
Thread Status:
Not open for further replies.