Applocker blocks some instances of firefox launched from network share
Hello,
we have been lately dealing with some issues between applocker and firefox browser launched from network share.
This issue was analyzed by microsoft engineer supports and concluded as a firefox app issue.
Issue description: 1)Applocker is turned on, there is path rule allowing executables to be run from network share where firefox is located.
After launching it is rendered unusable, just blank window opens. In event logs there are several allows but also several blocks. All of them are from the exact same path and executable(which should be allowed regarding the path rule).
2)Applocker is turned on, instead of whitelisting path i have used publisher rule(this one is not the prefered solution in our case).
Firefox launches just fine, but there are still block events in the logs. As we are collecting these logs it is filling our collector.
Microsoft provided me with steps on how to simulate this issue:
1. Setup a Windows 10 Enterprise 22H2 or Latest Windows 11 build. 2. Setup another remote machine to create SMB share where you need to place the Firefox program. 3. Use local group policy (gpedit.msc) to create Applocker policies. (Use publisher rule for Firefox.exe. There is no need to setup path rule as we are able to reproduce the issue using publisher policy itself) 4. Create two scenarios, working and non working. Running Firefox.exe from local folder will be working scenario. Running Firefox.exe from smb share will be non working scenario. 5. Firefox vendor can capture their own data and do the investigation, leveraging the inputs that we have given below.
FF version is 124.0.1 (64-bit)
Thanks for investigation.
Modified
All Replies (1)
Pochybuji, že by se tady vyskytl nějaký "Eso Rimmer" a znal odpověď. Toto je jenom uživatelské fórum "robíků". Zkus autory: https://bugzilla.mozilla.org