Jump to content

FIXED: W10 Admin Security Block - NAV Software


Recommended Posts

Some sites imply an "Administrator" block doesn't always mean Windows so I thought I'd share a Fix for a Win 10 issue trying to Dnload my car's Nav Software Update.

See Popup below and know that, while the Nav Sppt suggested Disabling AV-FW works for most .... No Disabling of Any / All Security mattered - the Dnload was BLOCKED.

In Win 10 It is a " "Click Once Trust Prompt" Registry setting issue remedied as follows:
\HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel
Make "Internet" member "Enabled" vs Disabled - I typed - Enabled - over - Disabled - as Dbl-Clk did nothing.

Clk'ing on downloaded - setup.exe - Then produced "Do you want to Install This App?" INSTEAD of the Security Block Popup.

Probably Once-in-a-Lifetime thing but FYI.....

https://www.gonnalearn.com/2018/10/04/your-administrator-has-blocked-this-application-because-it-potentially-poses-a-security-risk-to-your-computer/

 

1214878420_SECURITYBLOCK.jpg.603d56faae90ed290efba20c820675e8.jpg

Link to comment
Share on other sites

"Click once" are .Net based apps and Microsoft intentionally made this registry modification for security reasons on Win 10:

Quote

ClickOnce-deployed applications are considered "low impact", in that they are installed per user, not per machine. Administrator privileges are not required to install these applications. Each ClickOnce application is isolated from the others. This means one ClickOnce application is not able to "break" another. ClickOnce employs Code Access Security (CAS) to prevent system functions being called by a ClickOnce application from the web, ensuring the security of data and the client system in general.

https://en.wikipedia.org/wiki/ClickOnce

Note what I underlined above. Bottom line - these types of apps can silently install which makes them an ideal delivery mechanism for malware payloads.

My next question is why is NAV using ClickOnce methods for updating purposes?

Edited by itman
Link to comment
Share on other sites

I know I trust the Map Upgrade source but on the premise that Enabling the "Internet" member in the Registry string above can Allow Malware insertion BY ANOTHER source, can't I just RESTORE the "Disabled" setting for Internet After the execution of -- setup.exe -- , as I just did.

I sent an email inquiry as to WHY this Risky approach, but doubt I'll get a relevant Reply..

 

Edited by COStark26
Link to comment
Share on other sites

10 hours ago, COStark26 said:

can't I just RESTORE the "Disabled" setting for Internet After the Dnload, as I just did.

Yes, you can. Also remember a reboot is required for new registry settings to become effective.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...