whitelisting blocks kmdf install on server 2003

massoud_navab · October 25, 2010, 4:33pm

Here is the long version from a log:

Whitelisting software is blocking execution of “c:\windows\temp\wdftemp\microsoft kernel-mode driver framework install-v1.9-win2k-winxp-win2k3.exe”.

Do you what security setting affects this?

thanks,

Peter_Viscarola_OSR · October 25, 2010, 4:45pm

No WINDOWS security setting.

It has something to do with the specific 3rd party software installed on the machine.

Peter
OSR

massoud_navab · October 25, 2010, 5:26pm

So “c:\windows\temp\wdftemp\microsoft kernel-mode driver framework
install-v1.9-win2k-winxp-win2k3.exe”.

is a file that shows up after wdf coinstaller runs. This client of mine is signing my package but wdf coinstaller expanded files are not there to be signed to begin with.

Thanks for all the help.

Alex_Grig · October 25, 2010, 5:34pm

I think your client is running wrong configuration. Your client is trying to protect the system by restricting what an administratove user can run, instead of properly making the users non-administrators. Sorry, that’s wrong approach.

Doron_Holan · October 25, 2010, 6:06pm

This is signed as well, it the updater for KMDF

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: Monday, October 25, 2010 2:29 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] whitelisting blocks kmdf install on server 2003

So “c:\windows\temp\wdftemp\microsoft kernel-mode driver framework install-v1.9-win2k-winxp-win2k3.exe”.

is a file that shows up after wdf coinstaller runs. This client of mine is signing my package but wdf coinstaller expanded files are not there to be signed to begin with.

Thanks for all the help.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

massoud_navab · October 26, 2010, 1:31pm

Thank you Alex and Doron.

Right, seems like they are restricting not just based on signature by trusted source, but also by
filename. This system could not by MS update compatible!
Doron, can I get list of files that the coinstaller expands to.
Instead of asking them to correct their approch, which might be a tall order, I can ask them
authorize a list of files.

Pavel_A1 · October 26, 2010, 1:46pm

Before you dig in the list of files… it may be much simpler.
They could just forbid execution of everything from %windir%\temp or *\temp. It happens.

–pa