Forum Discussion
uap10:PackageIntegrity not working?
To clarify the package integrity option does a light weight check against the trust level ACE to detect tampering of files. Due to I/O and performance we do not do a full rescan of the blockmap. That being said it would not detect deletes. We are adding some full blockmap validation that can be forced in the next version of Windows to help address this. This is a similar experience in the Microsoft Store workflows.
John Vintzel (@jvintzel)
PM Lead, MSIX
Sorry for the super late reply,
Yes the namespace seems correct to me:
<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10"
xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest"
xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3"
xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
xmlns:rescap3="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities/3"
xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10"
IgnorableNamespaces="uap mp rescap rescap3 uap10">
...
<Properties>
<uap10:PackageIntegrity>
<uap10:Content Enforcement="on" />
</uap10:PackageIntegrity>
</Properties>
A more detailed description on how this is supposed to work, would really help us here validate if it is working correctly.
Thank you for looking into this and best regards
Marvin
To clarify the package integrity option does a light weight check against the trust level ACE to detect tampering of files. Due to I/O and performance we do not do a full rescan of the blockmap. That being said it would not detect deletes. We are adding some full blockmap validation that can be forced in the next version of Windows to help address this. This is a similar experience in the Microsoft Store workflows.
John Vintzel (@jvintzel)
PM Lead, MSIX