Signed Executables and Dlls Policy
Hi,
At my work, we use Windows AppLocker to allow only trusted code to be executed. Firefox works great in this environment, but I do have a request.
We were regularly getting notices of untrusted code being attempted from the "%windir%\temp\NS?????.tmp\" folder, which was a mystery to us for a long time. We finally tracked the cause back to "C:\Program Files\Mozilla Firefox\uninstall\helper.exe", which extracts DLLs (e.g. system.dll, shelllink.dll, userinfo.dll and accesscontrol.dll). It's my pleasure to report that the extracted DLLs ARE signed (btw, thank you so much for that!!). However, I had an embarrassingly hard time getting to this point since the code is code only exists temporarily, and I sadly never had the thought that NS might mean Netscape.
Incase there are others in my situation, I was wondering you'd like to prepend the .tmp folder name to include moz- or Mozilla?
I think there may be others in my situation, since our instance that followed the best practice of exempting all DLLs in Program Files from the exclusion policy, and since Firefox keeps all DLLs in Program Files, these were the only Firefox DLLs being checked.
Thank you for 30 years of a great product!
Rob