COStark26 10 Posted May 8, 2019 Share Posted May 8, 2019 Some sites imply an "Administrator" block doesn't always mean Windows so I thought I'd share a Fix for a Win 10 issue trying to Dnload my car's Nav Software Update. See Popup below and know that, while the Nav Sppt suggested Disabling AV-FW works for most .... No Disabling of Any / All Security mattered - the Dnload was BLOCKED. In Win 10 It is a " "Click Once Trust Prompt" Registry setting issue remedied as follows: \HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel Make "Internet" member "Enabled" vs Disabled - I typed - Enabled - over - Disabled - as Dbl-Clk did nothing. Clk'ing on downloaded - setup.exe - Then produced "Do you want to Install This App?" INSTEAD of the Security Block Popup. Probably Once-in-a-Lifetime thing but FYI.....https://www.gonnalearn.com/2018/10/04/your-administrator-has-blocked-this-application-because-it-potentially-poses-a-security-risk-to-your-computer/ Link to comment Share on other sites More sharing options...
itman 1,790 Posted May 8, 2019 Share Posted May 8, 2019 (edited) "Click once" are .Net based apps and Microsoft intentionally made this registry modification for security reasons on Win 10: Quote ClickOnce-deployed applications are considered "low impact", in that they are installed per user, not per machine. Administrator privileges are not required to install these applications. Each ClickOnce application is isolated from the others. This means one ClickOnce application is not able to "break" another. ClickOnce employs Code Access Security (CAS) to prevent system functions being called by a ClickOnce application from the web, ensuring the security of data and the client system in general. https://en.wikipedia.org/wiki/ClickOnce Note what I underlined above. Bottom line - these types of apps can silently install which makes them an ideal delivery mechanism for malware payloads. My next question is why is NAV using ClickOnce methods for updating purposes? Edited May 8, 2019 by itman Link to comment Share on other sites More sharing options...
COStark26 10 Posted May 9, 2019 Author Share Posted May 9, 2019 (edited) I know I trust the Map Upgrade source but on the premise that Enabling the "Internet" member in the Registry string above can Allow Malware insertion BY ANOTHER source, can't I just RESTORE the "Disabled" setting for Internet After the execution of -- setup.exe -- , as I just did. I sent an email inquiry as to WHY this Risky approach, but doubt I'll get a relevant Reply.. Edited May 14, 2019 by COStark26 Link to comment Share on other sites More sharing options...
itman 1,790 Posted May 9, 2019 Share Posted May 9, 2019 10 hours ago, COStark26 said: can't I just RESTORE the "Disabled" setting for Internet After the Dnload, as I just did. Yes, you can. Also remember a reboot is required for new registry settings to become effective. Link to comment Share on other sites More sharing options...
Recommended Posts