Client Security or Server Security DataGuard feature blocks applications running from the Windows Users \ AppData folder

Issue:

WithSecure Client Security or Server Security DataGuard blocks applications such as Firefox, OneDrive etc. that are installed to and running from the Users \ AppData folder on a Windows computer.

Resolution:

If the setting Discover trusted applications automatically is enabled, only applications that are installed under the 'default trusted locations' or utilizing 'default trusted processes' will be allowed to make changes to DataGuard Monitored folders automatically. The default trusted locations and processes are predefined as follows;


C:\PROGRAM FILES (X86)\
C:\PROGRAM FILES\
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\FILEMANAGER\PHOTOSAPP.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SPLWOW64.EXE
C:\WINDOWS\SYSTEM32\MSPAINT.EXE
C:\WINDOWS\SYSTEM32\MSTSC.EXE
C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\PICKERHOST.EXE
C:\WINDOWS\SYSTEM32\RUNTIMEBROKER.EXE
C:\WINDOWS\SYSTEM32\SEARCHPROTOCOLHOST.EXE
C:\WINDOWS\SYSTEM32\SIHOST.EXE
C:\WINDOWS\SYSTEM32\SNIPPINGTOOL.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\WFS.EXE
C:\WINDOWS\SYSTEM32\WRITE.EXE
C:\WINDOWS\SYSWOW64\EXPLORER.EXE
C:\WINDOWS\SYSWOW64\MSPAINT.EXE
C:\WINDOWS\SYSWOW64\MSTSC.EXE
C:\WINDOWS\SYSWOW64\NOTEPAD.EXE
C:\WINDOWS\SYSWOW64\PICKERHOST.EXE
C:\WINDOWS\SYSWOW64\SEARCHPROTOCOLHOST.EXE
C:\WINDOWS\SYSWOW64\WRITE.EXE
C:\WINDOWS\WRITE.EXE

Since the AppData folder is not on the list, applications installed to the AppData folder will be blocked by DataGuard.

Resolution is to either:

Uninstall the application from the AppData folder and to reinstall it to a trusted location such as C:\Program Files or C:\Program Files (x86)
Add the application to the DataGuard Trusted applications list

How to add the application to the DataGuard Trusted applications list:

Log in to the Policy Manager Console
Select a host or policy domain from the Domain Tree
Go to the Settings tab
Go to the DataGuard settings page
Scroll down to the Trusted applications table and click Add
Write the full application path to the Applications field
Distribute the policy (Ctrl + D)

Note: You can use system environment variables when you want to create an exclusion for many users. The supported environment variables are: %USERPROFILE%, %HOMEDRIVE%, %HOMEPATH%, %APPDATA%, %ProgramFIles%, %ProgramFiles(x86)% %ProgramData%, %windir%, %SystemRoot%, %SystemDrive%

Article no: 000018119