PSAppDeployToolkit icon indicating copy to clipboard operation
PSAppDeployToolkit copied to clipboard

Published 20 hours ago verified publisher icon PSAppDeployToolkit

PSAPPDEPLOYTOOLKIT-EXECUTEASUSER.VBS blocked by Microsoft Applocker

Open Championte opened this issue 2 years ago • 3 comments

Describe the bug When Microsoft Applocker is deployed in an Enterprise environment and running Deploy-Application.exe. The script PSAPPDEPLOYTOOLKIT-EXECUTEASUSER.VBS is blocked. This cannot be digitally signed to prevent this. From event viewer: %OSDRIVE%\USERS\USER\PSAPPDEPLOYTOOLKIT\EXECUTEASUSER\PSAPPDEPLOYTOOLKIT-EXECUTEASUSER.VBS was prevented from running.

To Reproduce Steps to reproduce the behavior:

  1. Download PSADT 3.9.2
  2. Run it with no changes.
  3. See error message from applocker on screen and in event viewer.

Screenshots

Toolkit Version: 3.9.2

Powershell Version: 5.1.19041.2364

OS: Windows 10 20H2

Championte avatar Feb 07 '23 08:02 Championte

This might help https://github.com/PSAppDeployToolkit/PSAppDeployToolkit/issues/741#issuecomment-1416114180 but I think you'll need 3.9.1 or even 3.9.0 to make it work.

In 3.9.2, the PSAPPDEPLOYTOOLKIT-EXECUTEASUSER.VBS file is hardcoded to go into the user profile where AppLocker will not allow to run.

That-Annoying-Guy avatar Feb 07 '23 18:02 That-Annoying-Guy

Looks like Defender doesn't like VBS script being launched from a user's profile too. https://discourse.psappdeploytoolkit.com/t/microsoft-defender-suspicious-scheduled-task-launched/4476

That-Annoying-Guy avatar Feb 15 '23 15:02 That-Annoying-Guy

We will address this in an upcoming release by moving away from having to use a VBScript in this way.

mmashwani avatar Mar 12 '23 14:03 mmashwani

Duplicate of #582.

mjr4077au avatar Oct 14 '24 11:10 mjr4077au