We like many larger enterprises use software restriction policies with Microsoft Applocker, WDAC or similar products to limit the software the users can execute. Usually software will be controlled by verifying the publisher signatures.
In the last weeks we have had multiple problems with Rainbow, since helper programs such as the updater or uninstaller are not signed by Alcatel.
Rainbow seems to depend on dynamic executables like "C:\Users\xxxx\AppData\Local\Programs\Alcatel-Lucent-Enterprise\Rainbow\unins001.exe".
The missing signature means we need to create application rules based on the file hashes of these executables, which seem to vary with each update and are not available before they cause issues.
The main parts of the software are signed by "O=ALE INTERNATIONAL, L=COLOMBES CEDEX, S=ILE DE FRANCE, C=FR" or "O=ALE INTERNATIONAL, L=COLOMBES CEDEX, S=îLE DE FRANCE, C=FR".
What is the recommended way to circumvent these issues? Would it be possible to sign future executables accordingly?
Iniciar sesión para dejar un comentario.