Add exception to Windows Defender at install time - windows-8

When running on Windows 8, our application is exceptionally slow unless we add a process exception for it in Windows Defender. (It is mostly from logging operations onto the disk.)
Is there a way to add the exception programmatically during our InstallShield installation? Calling a custom action in C# or VBScript is fine.

Actually i think you look for Add-MpPreference.
Your application is probably slow because you touch a lot of files, and each file you touch gets scanned by the defender.
I use this Powershell command two times, to excluding the exe (-ExclusionProcess) AND the files (-ExclusionPath) during installation.

If it would be so easy to add an exception to Windows Defender by using a VBScript script, Windows Defender would be no protection for your computer because any malware would simply add an exception for itself.
There are some registry keys which define if Windows Defender's real time protection is enabled or not. You can read these values to know if it is active and alert your user that the slowness is caused by Windows Defender. But you cannot modify these keys, not even running in a service with SYSTEM user. These registry keys are protected by Windows to forbid tampering.
Note that since Windows 10 the option to add exceptions to Windows Defender does not exist any more.
The only way to turn on or off Windows Defender:
Manually via Windows Defender configuration panel (MsAscUi.exe)
Install another antivirus program which disables Windows Defender automatically.
If you are interested in the registry keys read my answer in another question:
Find out if Windows Defender disc scan is running?

Related

Print PDF from Navision Application Server

I have problem printing reports to PDF through bullzip from Navision Application Server (1) if user is not in Local Admin group (2). Only under both conditions.
In Nav code I'm doing the following: init bullzip automation object (set all parameters to suppress GUI), run report to print document to virtual bullzip printer, catch output file. Thats it. Straight as a rail.
I have two environments: Windows Server 2008 and Windows 7 (different versions of Nav, but this is changing nothing). On Windows 7 it just do nothing (but works if user is admin). On server I can see error in Event Log (translated to English)
Faulting application gui.exe, version 9.8.0.1599, time stamp 0x517126dc, faulting module USER32.dll, version 6.0.6002.18541, time stamp 0x4ec3e39f, exception code 0xc0000142, fault offset 0x0006f52f, the process ID 0x3bc, application start time 0x01ce562238369fa9.
Gui.exe is a part of bullzip.
If I run the same code from Nav Classic Client, or from the same NAS launched in command line, or under local administrator account, or if i put the NAS user in local admin group - it works just fine.
To solve this problem i need to find out one of two and how to fix it:
What is the difference between local admin and regular user that could cause application to crash in non-interactive mode (service) under regular user account.
What is the difference in running NAS as service and as command line that could cause application to crash when run as service.
What I've tried so far: extend non-interactive desktop heap, give user all local privileges that admin have in gpedit. Not works. Don't know direction for further digging.
Any alternative free pdf printers advices are welcome.
This question is still actual. Though I've managed to setup PDF printing with PDFCreator. The tough part was to let several different NAS to print simultaneously. And now the setup have a bottleneck - PDFCreator's printing queue. With bullzip automations it could be avoided.
We've had some cases where third party DLL's have crashed within NAV due to permission restrictions.
The only effective way we could narrow down the files that it was trying to access was through using Process Monitor to try narrow down what was causing permission issues.
We found a folder within System32 to do with the System's Network Profile that some DLLs use. On that note, NAS's and such should be run under a domain account.
I think re-installing the application will do that,
Just make sure you are uninstalling each bullzip and ghost script,
Now Ghost script is tricky thing, if you are installing 32 bit over 64 then you are having problem,
refer this download link download appropriate version, install it,
and then install bullzip, after downloading new version from here
this will do..
then also if any problem(if you are using application for automation, you require new com object..) refer Forum, that explains most of application interface problems..
where you need to use public class PdfSettings with namespace bioPdf.
I hope this will help ..

Autostart within Windows 8 Desktop App Certification Requirements

The Windows 8 Desktop (not Metro!) App Certification Requirements state
10.2 Your app must avoid starting automatically on startup.
For example, your app should not set any of the following;
Registry run keys HKLM and, or HKCU under
Software\Microsoft\Windows\CurrentVersion
Registry run keys HKLM, and or HKCU under Software\Wow6432Node\Microsoft\windows\CurrentVersion
Start Menu AllPrograms > STARTUP `
I agree that lots of autostart background processes are unneccessary and this should be avoided if possible, but some apps (like mine) sit in the system tray and the user explicitly wants them to auto-start on boot.
Is there anything that's allowed to make the app auto-start?
Task Scheduler can be used to launch programs whenever a user logs on. However, I believe the team does not want certified apps to run automatically at all. Of course drivers will run on startup, but those aren't certified apps. I would guess that screen readers and accessibility tools wouldn't be considered certified apps either, but I'll ask around.

Testing install procedure of a program requiring administrative privileges

I'm trying to write automated test, to ensure that the installer for my program works okay.
The program can be installed for all users (requires admin privs), or for current user (does not require admin privs). The program can also autoupdate itself, which in some cases requires admin privileges, and in some cases doesn't.
I'm looking for a way where I can have an automated test click "Yes, Allow" on the UAC dialogs, so I can write tests for all different scenarios, on many different operating systems, so that I can be confident when I make changes to the installer that I didn't break anything.
Obviously, the installer process itself cannot do this. However, I control the complete machine, and could easily start some sort of daemon process with administrative rights, that the testprogram could make a socket connection to, to request it to "please click ok on the UAC now".
I actually figured out how to do this while looking to answer a similar question about UAC. Here is what you can do:
Write a service that runs as SYSTEM.
Open the process token of the winlogon.exe instance running in your logon session.
Use that token to launch a helper process on the Winlogon desktop via CreateProcessAsUser.
At this point, you have a helper process running as SYSTEM in your logon session on the Winlogon (secure) desktop. From here you can use some kind of IPC mechanism to communicate from your automated test program to the helper process. In the helper process you can EnumDesktopWindows to find the UAC prompt. This is as far as I took it; I didn't actually try to simulate clicking Yes or No, but I don't see any reason why it wouldn't work. Also, I only tested on Windows 7 32-bit; I believe the UAC architecture is identical to Vista, but I didn't test on it.
It took me a while to figure all this out; I can provide some code if you want.
EDIT: Just as a follow up I added code to use FindWindow() to find the "Yes" button and I was able to successfully send it a BM_CLICK message; the UAC prompt went away and the application was allowed to run.
An alternative solution might be to turn UAC off
The least bad solution I've found so far is to run the tests in a VMWare session, and control the mouse/keyboard trough the vmware sdk. Would love to hear about other solutions
Remote Desktop to it or run it as a guest VM (using Virtual PC or whatever, just don't boot to it.) This is also the best way to take a screenshot or video of the UAC prompt.

Registering every Windows login try

I want to keep a log with the attempted log-in to a machine. The OS is Windows Embbeded Standard. Is it possible to make Windows execute an application or a script after every login attempt to enable me to save that information in my database?
EDIT:
Extract from Superuser:
"Here, you can set auditing to all types of events. I believe the one you want is "Audit logon events", Set it to Failure (or Success as well if you want).
All events will now get sent to Event Viewer. ..."
Is it possible to access the Event Viewer info via WMI?
From a security viewpoint, I would assume this would not be possible. But it is possible to write your specialized GINA library which would replace the standard login system of Windows. This was done to support fingerprint readers and smart card readers, and many other alternative login methods.
But out of curiosity, what kind of problem are you trying to solve here? Windows already has plenty of build-in functionality which can be analysed by anyone who can log in.
Follow this link to see how it's done in Windows 2003. I've checked with Windows XP on a virtual machine and it works exactly the same there. So I assume it also works in embedded XP versions.For reading the event log, this link from MSDN will be practical too. This will require .NET though, which is optional on Windows XP.
WMI might be a good place to start. You could use WMI (or another method) to query the security event log for sucessful/failed logon events, too.
http://www.computerperformance.co.uk/vbscript/wmi_event_log_administrator.htm

Automatically launch app on USB (through autorun?)

Is it possible to automatically launch an application from a USB flash drive (bypassing windows prompt asking user what he wants to do)? on windows XP or vista.
I looked into "autorun.inf" and "open" entry seems to work only for CD drives for Windows XP SP2+ and Vista. Is it possible to launch program automatically on all windows versions?
I don't care if autorun is disabled by user in Windows settings.
First of all, some people choose to disable autorun for security reasons; but Windows computers up to Vista have it enabled. Edit: Apparently the functionality was removed from Windows 7 onwards.
Put a file named autorun.inf in the root of your USB flash drive. This is what's in mine:
[Autorun]
Open=PStart.exe
Action=Start portable apps
Icon=diskicon.ico
What it does: when you insert this disk, starts PStart.exe
On older computers, the program specified in Open= will launch automatically.
On most modern computers (Windows XP SP2+, Vista), dialog "what do you want to do" will be displayed (for security reasons), but what you have in autorun.inf will display as the selected default, with Icon= as icon and Action= as description. If you want to launch it, just click the "OK" button in the dialog.
So, although I'm not aware of any way to start the application (e.g. PStart) immediately, it is possible to insert flash disk with this configuration and start application by clicking OK.
Tested on different computers, running Windows XP without a SP, also on Windows XP sp 1, sp2, sp3, and on various Vistas (not sure which types, but should work all the way from Vista Home Basic to Vista Enterprise Super-Mega-Premium-Extended Edition) and "Windows 7". Also works on Windows 2000 (although autorun on Win2000 for removable drives is not enabled in default configuration).
Note that some applications, in addition, may trigger the "unknown/unsigned exacutable" security dialog, as if you opened them manually.
Edit: For more details, see also:
Autoplay in Windows XP: Automatically Detect and React to New Devices on a System
I've had something set up on my USB keys for a while now. Using the autorun.inf file will work, depending on your system's settings for autorun. Some disable it altogether after that little debacle with Sony a couple years back installing rootkit software on peoples' machines. Here're a couple articles to check out.
Label a Flash Drive with Your Name and Number
Have Your Lost USB Drive Ask For Help (1) or 2
you need UseAutoplay to let this work on usb.
and if you take ShellExecute instead of open you can also open scripts/documents/...
[Autorun]
ShellExecute=System\something.exe
UseAutoplay=1
there are also U3 usb sticks arround, they will be reconised as cdrom drives in windows.
if you put an a autorun.inf on one of those, it will get executed without the user being questioned.
regards morla
I found the solution in this blog
How To Auto-Launch Apps With A USB Stick [Windows]
It worked fine for me
(the article explains how to do it with AutoIT, a 3rd party app that must be installed on the host computer)