AppLocker whitelisting Firefox updates
We have deployed AppLocker in our organization and have whitelisted Firefox with a publisher rule. However, I am seeing logs where certain DLL files used by Firefox (I'm pretty sure) when doing updates that are getting blocked. Here are some examples: %TEMP%\NSG8B0B.TMP\SHELLLINK.DLL %TEMP%\NSW8F97.TMP\SYSTEM.DLL %TEMP%\NSOE41F.TMP\CITYHASH.DLL %TEMP%\NSZB4A8.TMP\USERINFO.DLL %TEMP%\NSG8B0B.TMP\APPLICATIONID.DLL
The files are already gone whenever I go to inspect them. I have attempted to deny delete permissions on the %TEMP% folder in order to catch them, but I have not been successful. According to the browser Firefox is still updating successfully. So, I assume the DLLs are not integral to the update process. But I do see a string of these getting blocked every so often, just as Firefox is starting up. Anyone using application whitelisting that has come across this have a suggestion? Or any general information on the files mentioned? Thanks
所有回覆 (3)
If you use the system O/S permission doesn't that not block updates? I think your letting users as Admin which allows for such updates. If your system isn't set for User limited access it will probably update and change because of the user. If this is the case then you got security issues going on here.
Thanks for the response. I'm not sure I follow your question regarding "system O/S permission". But, end users do not have administrative rights.
I could be wrong about the files in question having something to do with updates. As I mentioned Firefox is staying up to date. The DLLs might just be related to user profiles or something. But, AppLocker is blocking something that has to do with Firefox. I would like to whitelist whatever that is so that Firefox is fully functional.
Found old bug report that sounds the same and posted there https://bugzilla.mozilla.org/show_bug.cgi?id=709738