This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Applocker blocks some instances of firefox launched from network share

  • 1 cavab
  • 0 have this problem
  • 3 views
  • Last reply by poljos

more options

Hello,

we have been lately dealing with some issues between applocker and firefox browser launched from network share.

This issue was analyzed by microsoft engineer supports and concluded as a firefox app issue.

Issue description: 1)Applocker is turned on, there is path rule allowing executables to be run from network share where firefox is located.

After launching it is rendered unusable, just blank window opens. In event logs there are several allows but also several blocks. All of them are from the exact same path and executable(which should be allowed regarding the path rule).

2)Applocker is turned on, instead of whitelisting path i have used publisher rule(this one is not the prefered solution in our case).

Firefox launches just fine, but there are still block events in the logs. As we are collecting these logs it is filling our collector.

Microsoft provided me with steps on how to simulate this issue:

1. Setup a Windows 10 Enterprise 22H2 or Latest Windows 11 build. 2. Setup another remote machine to create SMB share where you need to place the Firefox program. 3. Use local group policy (gpedit.msc) to create Applocker policies. (Use publisher rule for Firefox.exe. There is no need to setup path rule as we are able to reproduce the issue using publisher policy itself) 4. Create two scenarios, working and non working. Running Firefox.exe from local folder will be working scenario. Running Firefox.exe from smb share will be non working scenario. 5. Firefox vendor can capture their own data and do the investigation, leveraging the inputs that we have given below.

FF version is 124.0.1 (64-bit)

Thanks for investigation.

Hello, we have been lately dealing with some issues between applocker and firefox browser launched from network share. This issue was analyzed by microsoft engineer supports and concluded as a firefox app issue. Issue description: 1)Applocker is turned on, there is path rule allowing executables to be run from network share where firefox is located. After launching it is rendered unusable, just blank window opens. In event logs there are several allows but also several blocks. All of them are from the exact same path and executable(which should be allowed regarding the path rule). 2)Applocker is turned on, instead of whitelisting path i have used publisher rule(this one is not the prefered solution in our case). Firefox launches just fine, but there are still block events in the logs. As we are collecting these logs it is filling our collector. Microsoft provided me with steps on how to simulate this issue: 1. Setup a Windows 10 Enterprise 22H2 or Latest Windows 11 build. 2. Setup another remote machine to create SMB share where you need to place the Firefox program. 3. Use local group policy (gpedit.msc) to create Applocker policies. (Use publisher rule for Firefox.exe. There is no need to setup path rule as we are able to reproduce the issue using publisher policy itself) 4. Create two scenarios, working and non working. Running Firefox.exe from local folder will be working scenario. Running Firefox.exe from smb share will be non working scenario. 5. Firefox vendor can capture their own data and do the investigation, leveraging the inputs that we have given below. FF version is 124.0.1 (64-bit) Thanks for investigation.

Modified by roman.marik

All Replies (1)

more options

Pochybuji, že by se tady vyskytl nějaký "Eso Rimmer" a znal odpověď. Toto je jenom uživatelské fórum "robíků". Zkus autory: https://bugzilla.mozilla.org