To allow the execution of .tmp.node files by an Electron app in Windows using WDAC (Windows Defender Application Control), you can follow these steps:
Identify the Electron app's signed binaries: Ensure that the Electron app you want to allow has signed binaries. Electron apps usually consist of an executable file (e.g., .exe), DLLs, and other supporting files. Make sure all these files are signed by the app's developer.
Create an allow list policy: Open the Group Policy Editor by typing "gpedit.msc" in the Run dialog (Windows Key + R) and press Enter. Navigate to "Computer Configuration" > "Windows Settings" > "Security Settings" > "Application Control Policies" > "AppLocker" and select "Packaged app Rules".
Right-click and choose "Create New Rule": In the right pane, right-click and choose "Create New Rule". The "Create Packaged app Rule" wizard will open.
Choose the Electron app's binaries: In the "Permissions" tab of the wizard, select "Path" and browse for each of the Electron app's signed binaries, including the .tmp.node file. Add all these files to the rule.
Set the rule's action to "Allow": In the "Actions" tab, set the rule's action to "Allow". This allows the Electron app's binaries, including the .tmp.node file, to run without being blocked by WDAC.
Save and apply the policy: Follow the prompts to finish creating the rule, and then make sure to save and apply the policy.