cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WDAC How to allow .tmp.node file by Electron app?

Henry21th
Copper Contributor

‎Nov 23 2021 07:30 PM

‎Nov 23 2021 07:30 PM

WDAC How to allow .tmp.node file by Electron app?

Hi all,

 

I'm facing an issue with .tmp.node file that executed by an application called Ledger Live and written by Electron.

This application generated a temporary file with random filename in user's Temp folder and then executed.

 

I tried to allow the application's folder (C:\Program Files\Ledger Live\*) and even whitelist *.tmp.node in the WDAC policy XML.

But the WDAC was still blocked this .temp.node file execute as the below screenshot.

 

133773563-c0e14902-55fa-4f85-a92f-3240b1e927e3.png

 

Is there a way to allow it to run or skip the Enterprise signing level check?

 

Thanks.

Labels:
1,720 Views
0 Likes
3 Replies
Reply
3 Replies
Bevan2335

‎Apr 18 2022 11:36 PM

‎Apr 18 2022 11:36 PM

Re: WDAC How to allow .tmp.node file by Electron app?

I'm having the exact same problem but with a different application.
Whitelisting specific tmp.node files/folders seems impossible. To test I whitelisted an entire directory and redirected the tmp files to that folder, yet they are still blocked. The only possible solution I can think of is setting the application as a "Managed Installer" but that is a lot of effort for 1 application, and it's definitley not a recommended security best practice to have random applications set as a Managed Installer that can essentially do whatever it wants.
0 Likes
Reply
danielm305

‎Aug 03 2023 01:30 AM

‎Aug 03 2023 01:30 AM

Re: WDAC How to allow .tmp.node file by Electron app?

Hi,
By default if a folder area is user writable, WDAC will not apply any file name whitelists. If you want to disable this feature include 'Disable Runtime Filepath Rules' as enabled. From a security view enabling this isn't the best ideas as it allows none admin users to execute any code given that specific name.
0 Likes
Reply
Kiddhu

‎Jan 13 2024 07:49 PM

‎Jan 13 2024 07:49 PM

Re: WDAC How to allow .tmp.node file by Electron app?

To allow the execution of .tmp.node files by an Electron app in Windows using WDAC (Windows Defender Application Control), you can follow these steps:

Identify the Electron app's signed binaries: Ensure that the Electron app you want to allow has signed binaries. Electron apps usually consist of an executable file (e.g., .exe), DLLs, and other supporting files. Make sure all these files are signed by the app's developer.

Create an allow list policy: Open the Group Policy Editor by typing "gpedit.msc" in the Run dialog (Windows Key + R) and press Enter. Navigate to "Computer Configuration" > "Windows Settings" > "Security Settings" > "Application Control Policies" > "AppLocker" and select "Packaged app Rules".

Right-click and choose "Create New Rule": In the right pane, right-click and choose "Create New Rule". The "Create Packaged app Rule" wizard will open.

Choose the Electron app's binaries: In the "Permissions" tab of the wizard, select "Path" and browse for each of the Electron app's signed binaries, including the .tmp.node file. Add all these files to the rule.

Set the rule's action to "Allow": In the "Actions" tab, set the rule's action to "Allow". This allows the Electron app's binaries, including the .tmp.node file, to run without being blocked by WDAC.

Save and apply the policy: Follow the prompts to finish creating the rule, and then make sure to save and apply the policy.
0 Likes
Reply