msaccess-vcs-addin icon indicating copy to clipboard operation
msaccess-vcs-addin copied to clipboard

Published 20 hours ago verified publisher icon joyfullservice

Windows Security blocking installation and causing an error with v4.0.34

Open damorinCan opened this issue 1 year ago • 2 comments

Hi,

In Windows 10, when clicking on the 'Version Control.accda' and clicking on "Install Add-In', this is causing the following error:

ERROR: Unhandled error, likely before `On Error' directive Source: .Unknown.LogUnhandledErrors.

In Windows Security, the description is:

App or process blocked: MSACCESS.EXE Blocked by:Attack surface reduction Rule: Prevent all office applications to create child process

As a note the "Rule" was in French on my PC, I translated this to my best knowledge.

Before asking my IT department to add an exception, can someone confirm this is not a problem ?

Thanks,

damorinCan avatar Jul 12 '24 12:07 damorinCan

As someone who operates in a "high security" environment, I can almost guarantee this issue is caused by your cyber policy blocking macro execution.

If you can have them add an exception for Access Macros, that'd be the best way.

What our IT group did was add a specific folder an access file has to operate in for the exception to be valid. This allows the IT / OT group to reduce the attack surface (it is highly unlikely other access / office products will know to move to the "special" folder), and for us to run Access VBA macros (which at the time we did this couldn't be signed, that's changed, but the currently delivered file doesn't have signed macros).

What I recommend:

  1. Pick a folder to develop in. Make sure ALL your devs use that same folder. 2. We use c:\users\[Username]\Documents\[OurGroupName]-Tool-Dev\ 3. We have a separate folder in C:\Users\[Username]\AppData\Local\[DatabaseRelease]\ for everyone to operate the delivered product.
  2. Install either to the delivered product location (what we do), or to the development folder (less ideal because if you're me you have a tendency to accidentally delete it when you're cleaning house.
  3. It looks like we'll need to update the install to show the added options for higher security environments. I'll try and remember to do that...
  4. Make sure the "Enable Execution" yellow bar at the top is gone (select "Enable Macros").
  5. Make sure "Trust Add-In Folder" is selected.
  6. Click "Advanced Options"
    1. image
  7. Select "Use ribbon addin" and "Open add-in after installing to trust the add-in file"
  8. Select the installation folder you previously chose above.
  9. Install Addin.

If that doesn't work, you may need to uncheck "Use Ribbon Addin"; but the ribbon is such a nice thing try first to use it.

hecon5 avatar Jul 12 '24 13:07 hecon5

Your IT group may also be interested in this: https://github.com/joyfullservice/msaccess-vcs-addin/wiki/Security-Considerations

hecon5 avatar Jul 12 '24 13:07 hecon5

Did you resolve this? If so, can you close the issue? If there's more to be determined on the add-in side, we can troubleshoot.

hecon5 avatar Aug 01 '24 12:08 hecon5

Yes, we found another way around it; it's to run the 'cmd' file to complete the installation.

Thanks.

damorinCan avatar Aug 01 '24 13:08 damorinCan

@damorinCan, can you close this if it's fixed?

hecon5 avatar Aug 21 '24 12:08 hecon5

Done.

damorinCan avatar Aug 21 '24 13:08 damorinCan

Thanks!

hecon5 avatar Aug 21 '24 13:08 hecon5