May 21 2020 10:50 AM
Hi!
I'm working for Mozilla. We have a case that Firefox does not launch because EAF is turned on for firefox.exe by the customer's corporate IT policy. Since Firefox does not support EAF, what we can do is to ask customers to disable EAF, but they can't if they don't have admin rights.
The current security baseline contains a script to disable EAF for several executables such as onedrive.exe or acrord32. Could you please add an entry to disable EAF for firefox.exe as well?
I also confirmed Chrome (chrome.exe) and the new MS Edge (msedge.exe) has the same issue.
Thanks,
Toshihito
May 22 2020 06:25 AM
You could configure Exploit Protection , they way you want (like disable EAF for firefox.exe or other apps) and then export it, take a look at:
Then you may use number of ways like Group Policy, MEM ,... to deploy policy and manage it, take a look at:
May 23 2020 05:26 AM
@tokikuch from a security baseline perspective we would not make this change to our baseline as it appears this is something your local IT department changed. The EP-reset.xml that we distribute resets the settings we originally had in EP.xml. If you look in it (EP.xml) we do not mess with EAF for the ones you mention.
What @Reza_Ameri-Archived mentions below is your best bet.
May 26 2020 07:59 AM
@Rick_MunckOh, I see. It means a previous baseline had enabled EAF for those applications like Adobe. Thanks you for clarifying it!