Results 1 to 1 of 1

Threaded View

  1. #1
    Join Date
    Nov 2015
    Location
    Christchurch, Dorset, United Kingdom
    Posts
    347

    Default What Just Happened? My Software is Failing Left and Right!

    [Edit: This was posted in response to an ACP problem, but the cause is starting to affect many programs. Thanks to William Bristow for this excellent explanation of a new Microsoft security feature, Controlled File Access (CFA) and the consequences of enabling it. We at DC-3 Dreams recommend you not try to enable this on your observatory computers. The costs (complexity of administration) outweigh the benefits (protection from ransomware etc.). Instead, don't click links in emails and on dodgy websites (whatever they are!) on your observatory systems. Several people have enabled it, fought it out with whitelisting, and eventually decided it was just too much. -- Bob Denny]


    Are you using Windows Defender on Windows 10 as your AV program and have you enabled anti-ransomeware protection in Windows Security?

    If so, type "Controlled Folder Access" (without quotes) in the lower toolbar search box and from the results list click on "Controlled folder access, System Settings" which will take you direct to that feature.

    If you have Controlled Folder Access (CFA) enabled then currently the majority of astronomy applications available will not install correctly and even if they do install then they may not run correctly unless you manually configure CFA accordingly to allow those apps to write log files and user files etc to any location on the hard drive.

    By default with CFA enabled unauthorised applications are only allowed to write to the user desktop, any other location is blocked and this will cause most installations to fail.

    If this applies in your case then decide whether you want the hassle of having to configure every application individually for CFA permissions.
    If your computer is only used in the observatory and you do not access email attachments or install software from unknown sources then it will be easier to switch off CFA permanently and foregoe anti-ransomeware protection.

    If you use the computer for general email, on-line financial, family documents or business and need anti-ransomware protection then you will need to work around the problems of CFA in Windows 10.

    If the above applies in your case then to install FocusMax, download the installer and carry out a manual AV scan, then temporarily switch off CFA in Windows security to allow you to run the installer, when installation is complete switch CFA back on and then click on the link "Allow an app through Controlled folder access" then on the following page click "+ Add an allowed app" and click "Browse all apps" then navigate to (for a typical install):
    C:\Program Files (x86)\FocusMax V4 and add FocusMax.exe to the allowed Apps list, then repeat for FocusMaxUpdate.exe and unins000.exe.

    You will need to repeat the procedure for all of the ACP .exe's, any ASCOM tools .exe's that you use and MaxIm's too

    Depending on which ACP version you are installing these will include all the .exe's in:
    C:\Program Files (x86)\ACP Obs Control,
    C:\Program Files (x86)\ACP Scheduler,
    C:\Program Files (x86)\ACPHorizonEditor
    C:\Program Files (x86)\Diffraction Limited\MaxIm DL 6

    With CFA enabled, any app that either does not install or run as expected then the first place to check is by clicking on the "+ Add an allowed app" link then click the "Recently blocked apps" link, if you can match the blocked .exe in that list to the application or installer you are trying to run then you can click that .exe to add it to the allowed apps list and then rerun the installer or start the application.

    A few tips:
    If you uninstall an application after manually adding it to CFA's allowed white list then its permissions will be automatically removed from the white list and you will have to manually re-add it to the white list after re-running the installer.
    This is causing all sorts of issues because as a result of CFA's blocking the apps associated uninstall.exe's, programs are not always cleanly removed and reinstalls often fail requiring a manual cleanup of registry settings etc.
    Occasionally, following Microsoft's Windows "Patch Tuesday" Quality Updates, Windows Feature Updates and Windows Defender/AV Protection Updates CFA's white list is purged of all non-Microsoft applications and you will have to re-enter all the previous .exe's into the white list that you allowed through CFA.

    This issue of Windows 10 anti-ransomeware protection switching on CFA is catching out app developers across the Windows software market since it has been poorly documented for both app developers and end users and most app installers are not written to check the status of CFA during the install process and are not submitted to Microsoft for pre-approval and automatic addition to CFA's white list (which I think is limited to those apps available via the Microsoft Store, not 100% sure on that one).

    William.
    Last edited by Bob Denny; Oct 27, 2020 at 21:02.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. What Happened to My Message?
    By Madison Post in forum Help Using the Comunication Center
    Replies: 1
    Last Post: Sep 26, 2018, 12:48

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •