DataGuard feature blocks applications running from the Windows users AppData folder

Issue:

DataGuard blocks applications such as Firefox, OneDrive etc. that are installed to and running from AppData folder.

Resolution:

If setting "Discover trusted applications automatically" is enabled, only applications that are installed under 'default trusted locations' or utilizing 'default trusted processes' will be allowed to make changes to DataGuard Monitored folders automatically. The default trusted locations and processes are predefined as follows;

C:\PROGRAM FILES (X86)\
C:\PROGRAM FILES\
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\FILEMANAGER\PHOTOSAPP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SPLWOW64.EXE
C:\WINDOWS\SYSTEM32\MSPAINT.EXE
C:\WINDOWS\SYSTEM32\MSTSC.EXE
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\PICKERHOST.EXE
C:\WINDOWS\SYSTEM32\RUNTIMEBROKER.EXE
C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE
C:\WINDOWS\SYSTEM32\SIHOST.EXE
C:\WINDOWS\SYSTEM32\SNIPPINGTOOL.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\WFS.EXE
C:\WINDOWS\SYSTEM32\WRITE.EXE
C:\WINDOWS\SYSWOW64\EXPLORER.EXE
C:\WINDOWS\SYSWOW64\MSPAINT.EXE
C:\WINDOWS\SYSWOW64\MSTSC.EXE
C:\WINDOWS\SYSWOW64\NOTEPAD.EXE
C:\WINDOWS\SYSWOW64\PICKERHOST.EXE
C:\WINDOWS\SYSWOW64\SEARCHPROTOCOLHOST.EXE
C:\WINDOWS\SYSWOW64\WRITE.EXE
C:\WINDOWS\WRITE.EXE

Since AppData is not on the list, applications installed to the AppData folder will be blocked by DataGuard. Resolution is to either;

  1. Uninstall the application from AppData and reinstall to trusted location such as C:\Program Files or C:\Program Files (x86) 
  2. Add the application to the Trusted Application list under DataGuard. This can be done by going to Settings (in Policy Manager) or Profile (in PSB): DataGuard > Access control list > Manually added trusted applications and folders
  3. Exclude the application's target path from being monitored by DataGuard. This can be done from Profile (PSB only): DataGuard > Monitored folders > Manually excluded folders.

Article no: 000018119

Sign In or Register to comment.