Documents and Music folder -> Windows Defender Ransomware protection breaking my app - windows

So it looks like Windows 10 Ransomware has broken my app (StationRipper). It's a C++/MFC app, but it looks like it would break any app that is doing what StationRipper is doing.
My high-level question:
My app needs to write files (e.g., mp3's) as it records them. Is there actually a sensible place do this to (like, say, the Music folder) if Ransomware protection is on, or am I stuck just creating an arbitrary folder someplace? My app is doing the recording behind the scenes, so the user can't choose the dir for each file.
Details:
My app records music files. A very long time ago (like, in 2002) it wrote it to the users "Music" directory. That worked fine, but now I'm seeing a problem - I'm getting the error code for "The system cannot find the file specified." on CreatedDirectory for my app (which was really fun to track down, as that error code isn't listed as an error that CreateDirectory to return), and when I try to write any file to that directory if I manually create it via file explorer.
I finally tried running mkdir, and to create a file in that dir, outside of my app... the same thing happens.
I turned off Ransomware protection in Windows Defender... and it now works from my app.
It looks like I have to use something like the file picker to save to that dir? Which, as I said, won't work as the user isn't involved after they start recording.
I can't just tell my users to turn Ransomware protection off to use my app, but I would prefer to put the music files in their Music folder...
Any suggestions?
Additional info requested in comments:
TCHAR szDocPath[MAX_PATH];
szDocPath[0] = 0;
if (::SHGetSpecialFolderPath(NULL, szDocPath, CSIDL_PERSONAL, FALSE))
{
_tcscat(szDocPath, "\\StationRipper");
DWORD m_dwLastError = ::GetLastError();
BOOL bResult = CreateDirectory(szDocPath, NULL);
m_dwLastError = ::GetLastError();
}
Running the above with Ransomware protection on results in a zero. With it off returns a 1 (and the directory is created).

(note: SHGetSpecialFolderPath is not supported, but its modern equivalent, SHGetKnownFolderPath has the same issue)
Rather than asking users to disable Ransomware Protection entirely, you can ask them to whitelist your application. See the Whitelist apps with Controlled folder access section of this article (the official documentation is somewhat lacking).

Related

Launcher.LaunchUriAsync does not work on Xamarin Forms UWP [duplicate]

no Error just nothing happen and file target still there in my path
public void keyboard(){
ProcessStartInfo touchkey = new ProcessStartInfo(#"C:\Program
Files\Common Files\microsoft shared\ink\TabTip.exe");
touchkey.WorkingDirectory = #"C:\";
touchkey.WindowStyle = ProcessWindowStyle.Hidden;
Process.Start(touchkey);
}
Update
The suggested solution threw a `UnauthorizedAccessException`:
var path = #"ms-appx://C:/Program Files/Common Files/microsoft
shared/ink/TabTip.exe";
var file = await
Windows.ApplicationModel.Package.Current.InstalledLocation.GetFileAsync(path);
await Windows.System.Launcher.LaunchFileAsync(file);
Update2
I try to use FullTrustProcessLauncher it's work fine but like code before Keyboard tabtip.exe not show I dont know what should I do
await Dispatcher.RunAsync(CoreDispatcherPriority.High, () =>
{
FullTrustProcessLauncher.LaunchFullTrustProcessForCurrentAppAsync();
});
UWP applications are sandboxed and cannot launch other processes directly due to security restrictions.
The only way to launch other applications is if those applications have a URI registered, or an application is a default handler for a particular file type.
In those instances, you can use methods such as LaunchUriAsync or LaunchFileAsync
Without TabTip.exe
I recognize you are trying to show the on-screen keyboard judging by the path of the exe. I suggest a better approach would be to trigger the new touch-enabled keyboard which is easily possible without additional hassle from UWP with InputPane API:
var pane = InputPane.GetForCurrentView();
pane.TryShow();
With TabTip.exe
If you prefer the older on-screen keyboard for some reason, you have two problems with your existing code.
Firstly, ms-appx: scheme is used to refer to files at the application installation path. The path you require is an absolute path, so you can't use it there.
Secondly, as this is an arbitrary path on the hard drive, you don't have access to it directly (as UWP apps run in a sandbox and can't access the filesystem directly for security reasons). To access the file, you will need to declare the broadFileSystemAccess capability, which will then allow you to initialize the StorageFile instance. You can check for example this SO question to learn how to do just that.
Note: I don't have my VS PC around so I can't say for sure if this will allow you to launch the executable or not, as that seems like an additional permission which may not be granted. In case this fails, I strongly recommend the first solution.
Make sure you edited the manifest file and add the extension for full trust process in the application.

Failed to Create Data Directory - Google Chrome Cannot Read and Write Its Data Directory - Cordova

I've been working on a Cordova app, and I've suddenly had troubles with Chrome.
I've wanted to start debugging, so I added support for a browser platform, and I use Chrome.
After running the app on Chrome, which worked before, I encountered this problem:
Failed To Create Data Directory
Google Chrome cannot read and write its data directory:
C:/Chromedevsession"
screenshot here: http://prntscr.com/876kax
Things I tried:
Deleting Chrome -> Reinstalling Chrome - found this online
Deleting Windows registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome - there's no
Chrome folder or key inside the Google folder, only an Update folder
While uninstalled, using a different browser as my default browser - the command that runs the app (cordova run) didn't open another
browser (I tried Firefox).
It already worked before, and I don't know why it suddenly happened. I tried upgrading to Windows 10 a few times and it failed, so could there be a problem in the registry?
I solved this issue by editing the run file (platforms/browser/cordova/run) and removing the speech marks from around C:/Chromedevsession on line 33.
The line now reads:
spawn('C:/Program Files (x86)/Google/Chrome/Application/chrome.exe', ['--user-data-dir=C:/Chromedevsession', '--disable-web-security', project]);
This is because the script that launches chrome, uses a folder location that typically can't be created with your permissions. That folder is used for history, bookmarks, cookies, etc (ie user data). This is beneficial for testing out features in Chrome (plugins, etc) and not affecting your normal instance. I don't consider it much of a concern here, more of a nuisance message. If you don't like it you could always just manually create that folder on your system as well.
You can see this here what causes the issue
switch (process.platform) {
case 'darwin':
spawn('open', ['-n', '-a', 'Google\ Chrome', '--args', '--disable-web-security', '--user-data-dir=/tmp/temp_chrome_user_data_dir_for_cordova_browser', project]);
break;
case 'win32':
//TODO: Use regex to fix location of chrome.exe
//TODO: Get --user-data-dir to work for windows
spawn('C:/Program Files (x86)/Google/Chrome/Application/chrome.exe', ['--user-data-dir="C:/Chromedevsession"', '--disable-web-security', project]);
break;
}
Since it can't use that folder, I believe it just reverts to the defaults which on Windows 10 would be
C:\Users\%USERNAME%\AppData\Local\Google\Chrome\User Data\Default
Remove Space in Path in Registry Policy
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\UserDataDir
or
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome\UserDataDir
Example:
${roaming_app_data}\Google\Chrome\User_Data
instead of
${roaming_app_data}\Google\Chrome\User Data
There is a simpler solution to this. Just specify the full path to the special directory you want to use for your debug chrome instance. In my case I set the user data directory to a folder next to the default user data directory, called "Debug". The following works for me specified as a script in my package.json:
"start-remote-debugging-browser": "C:\\PROGRA~2\\Google\\Chrome\\Application\\chrome.exe -incognito --app=http://localhost:4200/ --remote-debugging-port=9222 --user-data-dir=C:\\Users\\mmcin\\AppData\\Local\\Google\\Chrome\\User Data\\Debug"

QLPreviewView can not show the quicklook preview in sandbox

I use QLPreviewView to show the quicklook preview in the app. Without sandbox, this works well, but once change the app to sandbox, the preview can not show up.
I found the error in Console: QuickLookUIHelpe(20786) deny file-read-data XXX.
I have used the security-scoped bookmarks & com.apple.security.files.user-selected.read-write to grant access the user home dir, then:
[allowedURL startAccessingSecurityScopedResource];
self.myPreiviewItem.myURL = fileURL;
self.myQLPreviewView.previewItem = self.myPreiviewItem;
[self.myQLPreviewView refreshPreviewItem];
[allowedURL stopAccessingSecurityScopedResource];
with these, I can delete files of user home dir, but the QLPreviewView can not work.
I do not know what is the difference between these 2 scenes, does QLPreviewView need more for sandbox?
If I add com.apple.security.files.downloads.read-only into the entitlement, the files in "Downloads" can be previewed, but other files of user home dir can not be previewed.
Finally I have found the solution!
refreshPreviewItem is an async call, so before Mac finishes loading the preview, the following api stopAccessingSecurityScopedResource immediately shutdown the access, as a result, Mac failed to load the preview successfully.
so the solution is: do NOT call stopAccessingSecurityScopedResource here, keep the allowedURL's access right until you do not need the QL preview function, and then call stopAccessingSecurityScopedResource there, such as when closing the window.
I encountered this, or at least a similar, issue a while back (in Mavericks).
This is why I started asking users for access to parent folders of files they wish to Quick Look. Feel free to look at how I do it in this app of mine, version 1.1 at the time of this writing. Just go into Chikoo → Preferences… → Folder Access. Here are two screenshots:
I confess that this is not a great solution. It’s a compromise that I came up with to work around the problem.

Issues while converting a windows app to windows service

I created a monitoring utility that checks cpu, ram, drive space stats and emails if the usage goes above set threshold. It works great in the system tray but I realized that the exe will stop when I log out of windows server. That led me to believe that I needed to create a windows service. I would like to use the existing GUI Form to save data to application settings and use those settings in windows service. Here are the steps I took so far,
Added a Windows Service class.
Modified the original code to get rid of any interactive items that were related to GUI Form.
Added the code to this class.
Added a Service installer.
Added this code to it-->
public ProjectInstaller()
{
InitializeComponent();
ServiceProcessInstaller serviceProcessInstaller = new ServiceProcessInstaller();
ServiceInstaller serviceInstaller = new ServiceInstaller();
serviceProcessInstaller.Account = ServiceAccount.LocalSystem;
serviceProcessInstaller.Username = null;
serviceProcessInstaller.Password = null;
serviceInstaller.StartType = ServiceStartMode.Automatic;
serviceInstaller.ServiceName = "Server Monitoring";
this.Installers.Add(serviceProcessInstaller);
this.Installers.Add(serviceInstaller);
}
Change Start up object to Utility.Program.
When I try installing this through installUtil I get this error
System.IO.FileNotFoundException: Could not load file or assembly 'file:///C:\Use
rs\AdminUser\Desktop\Temp\Server' or one of its dependencies. The system cannot
find the file specified..
Thanks!
If you are saving these application settings into a file that is in the same directory as the Windows service, that is going to be your problem. All Windows Services are run in the C:/Windows directory (or a sub-directory in there) so when you access files you will need to do one of two things:
Change the executing directory
You can change the 'current directory' for the executing app back to the folder that contains the exe with the following line of code:
System.IO.Directory.SetCurrentDirectory(System.AppDomain.CurrentDomain.BaseDirectory);
This will make all relative files become relative to the executable location once again.
Make all file request full paths
This one is easier for some files than others. System files are the hardest. So if you are trying to get to a .config file, that's going to be a nightmare.

I can change signed executable

I've tried to download a signed executable
( http://live.sysinternals.com/procexp.exe )
and modify it. I've thought it can't be done and Windows will somehow prevent me from running it (or warn me at least). But when I change a single character (for example in DOS stub or any other text data) it is still runable.
Before modification, when I run this app it splashes UAC warning showing it signed Microsoft and asking whether I want to run it. After modification, there is no such thing. Even when I revert changes back, it still won't show up. I've compared modified and reverted executable to the original (in total commander) and it shows no difference. But the original still splashes UAC.
Why is that?
I'm using Windows 7 and Firefox.
I've never tried to do it. Yet when you edited the file, you invalidated the digital signature, you should see it in the Properties of the file.
Windows usually does not check digital signatures. Digital signatures come into play when the file is marked as downloaded from the Internet (if the signature is valid, Windows will show its publisher in the confirmation dialog; otherwise, the publisher will be unknown), and UAC (in this case, the digital signature also confirms the file came from a publisher stored as part of the digital signature).
Whether to show or not to show UAC confirmation is not controlled with digital signature, it's controlled with the application manifest.
So in my understanding, UAC dialog should be shown. But since the modified file fails digital signature check, Windows may decide the file is unsafe to elevate. You could look for messages in Windows event log, there could be events explaining the behavior you see.
I have copied chrome.exe in other directory and started writing random bytes in the application.
I checked properties , the digital signature was there. I have changed the application. It was unable to execute (giving some king of internal error not windows error) but still showing valid certificate in properties. Its strange.
I think windows validates certificate of an application only once.
After you change the file it will still show a digital signature but if you click on the Details button for that signature I think you will find that it says the signature is not valid.
When i changed it back to exactly what it originally containsed it once again told me that the signature was valid. (But you have to use an editor that edits the bytes in place - not one that might add a line break or something unintentionally.)

Resources