Serious Discussion WHHLight - simplified application control for Windows Home and Pro.

ProblematicPions said:
Is appidcertstorecheck.exe used when WDAC is ON? I'm asking because this .exe started to ask for internet access around the time I turned WDAC ON.

What I've read about it sounds good and legit, checking certificates.
Click to expand...

It is probably triggered more often because WDAC uses Code Integrity to enforce policies.
 
  • +Reputation
  • Like
Reactions: simmerskool, silversurfer, Parkinsond and 1 other person
ProblematicPions said:
Alright, good to know :)

The application, though, is fairly new, created on a Patch Tuesday in May. At least on my machine.
Click to expand...
AppID (Application ID) is a security feature in Windows that allows administrators to specify access permissions for certain applications. The appidcertstorecheck.exe process helps ensure that the digital certificates used to sign these applications are valid and trusted. By regularly checking the certificate store, this process can help prevent the execution of potentially malicious or unauthorized applications.
Click to expand...
WDAC needs to verifty digital certificates, as well as SmartScreen and MD "Block executable files from running unless they meet a prevalence, age, or trusted list criterion" rule, so it is not exclusive for WDAC.
 
  • Like
Reactions: ProblematicPions and Andy Ful
Allego said:
I'm planning to get Surface Pro for travel this Fall season. Is WHHLight compatible with ARM Windows laptops?
Click to expand...

I do not know. I did not test whether the WHHLight executables can be fooled by the ARM emulator. WHHLight checks the processor architecture (x64 and x86) and should refuse to run if the ARM emulator returns the wrong value.
 
Last edited:
  • Like
  • +Reputation
Reactions: dronefox1166, Gandalf_The_Grey, Allego and 2 others
With WDAC ON I'm having installation issues. I know that I miss to add some folder(s) - I just can't figure out which. With WDAC OFF installations work fine.

S:\Temp is where I store my installation files for a few days so my AV can catch if something bad has come down.
T:\Temp is my system temporary folder on a Ramdrive. The ramdrive is cleared on each reboot.

Error.png

List.png
 
  • Like
Reactions: piquiteco, Andy Ful and Parkinsond
ProblematicPions said:
With WDAC ON I'm having installation issues. I know that I miss to add some folder(s) - I just can't figure out which. With WDAC OFF installations work fine.

S:\Temp is where I store my installation files for a few days so my AV can catch if something bad has come down.
T:\Temp is my system temporary folder on a Ramdrive. The ramdrive is cleared on each reboot.

View attachment 290242
Click to expand...

Thanks for reporting. Did you use the WDAC Log to see what exactly was blocked?
I tried the latest version VSCodeUserSetup-x64-1.103.1, and the installation finished without issues.

Edit.
I managed to install and run it even with an empty WDAC Whitelist (installer is signed by Microsoft).
 
Last edited:
  • Like
  • +Reputation
Reactions: simmerskool, ProblematicPions, dronefox1166 and 2 others
Andy Ful said:
Thanks for reporting. Did you use the WDAC Log to see what exactly was blocked?
Click to expand...
Andy taking advantage of the hook. How do you do it in the case of the browser, for example: Vivaldi, which is on another partition G:\Browser\Vivaldi\Application, even though I added the folder to WHHL, Vivaldi opens but then crashes? I tried everything, and I couldn't figure out what it was. I didn't have the logs in WDAC, so I ended up giving up and going back to H_C. If I could figure out why, I would still prefer WHHL over H_C.
 
  • Like
Reactions: simmerskool, Andy Ful and Parkinsond
piquiteco said:
Andy taking advantage of the hook. How do you do it in the case of the browser, for example: Vivaldi, which is on another partition G:\Browser\Vivaldi\Application, even though I added the folder to WHHL, Vivaldi opens but then crashes? I tried everything, and I couldn't figure out what it was. I didn't have the logs in WDAC, so I ended up giving up and going back to H_C. If I could figure out why, I would still prefer WHHL over H_C.
Click to expand...
I have had similar incidence when using WDAC with 3rd party AVs; it always block their AMSI dll components inspite of excluding the entire folder containing the dll.
 
  • Like
  • +Reputation
Reactions: simmerskool, Andy Ful and piquiteco
Parkinsond said:
I have had similar incidence when using WDAC with 3rd party AVs; it always block their AMSI dll components inspite of excluding the entire folder containing the dll.
Click to expand...
I believe that's right about WDAC, although I've used it before and had no problems, as I restored a backup image because of McAfee. So it could be.
 
  • Like
Reactions: simmerskool and Parkinsond
piquiteco said:
I believe that's right about WDAC, although I've used it before and had no problems, as I restored a backup image because of McAfee. So it could be.
Click to expand...
SAC is more portability-friendly compared to WDAC, according to my personal experience; it only lacks the advantage of exclusions.
 
  • Like
Reactions: piquiteco
  • Like
  • +Reputation
Reactions: dronefox1166, simmerskool, ProblematicPions and 1 other person
piquiteco said:
Andy taking advantage of the hook. How do you do it in the case of the browser, for example: Vivaldi, which is on another partition G:\Browser\Vivaldi\Application, even though I added the folder to WHHL, Vivaldi opens but then crashes? I tried everything, and I couldn't figure out what it was. I didn't have the logs in WDAC, so I ended up giving up and going back to H_C. If I could figure out why, I would still prefer WHHL over H_C.
Click to expand...
Downloaded the latest version:
Vivaldi.7.5.3735.62.x64.exe

Used the settings from my previous post (almost MAX settings). No problems with installation.
It is probable that in your case, it is not the WHHLight block but some conflict with other security solutions.
 
  • +Reputation
  • Like
Reactions: simmerskool, Parkinsond and piquiteco
  • Like
Reactions: simmerskool and Andy Ful
piquiteco said:
View attachment 290249 (y)

I believe so, that must be it. No problem, use it with MD, there won't be any issues. Thank you for your attention! :)
Click to expand...

When using Vivaldi, I recommend using also default WDAC Whitelist and adding the application path (in your case "G:\Browser\Vivaldi").
Currently, Microsoft whitelisted Vivaldi components, but they can be blocked during the next update.
 
  • +Reputation
  • Thanks
  • Hundred Points
Reactions: simmerskool, Parkinsond and piquiteco
Andy Ful said:
When using Vivaldi, I recommend using also default WDAC Whitelist and adding the application path (in your case "G:\Browser\Vivaldi").
Currently, Microsoft whitelisted Vivaldi components, but they can be blocked during the next update.
Click to expand...
It actually worked before, Andy. When Vivaldi was installed in C:\Program Files @Parkinsond, he advised me to install Vivaldi on my hard drive, saying that the cache and everything would stay there, without affecting the SSD, which would save writing to the SSD. To be honest, I don't really care about that. One day I'll have to replace the SSD anyway; nothing lasts forever. What I liked about the tip was that the cache extensions would all stay there, as if it were a portable version of Vivaldi. That's what I did, the installation went smoothly, but when I open it, it crashes. But you're right, it must be some conflict with some security software. @Parkinsond also mentioned that.
 
  • Like
  • Hundred Points
Reactions: simmerskool, Andy Ful and Parkinsond

You may also like...