Solved

Aurena agent security issue

  • 8 March 2022
  • 7 replies
  • 213 views
Nipun Gunaratne
Rank
Userlevel 5
Badge +9

Hi All,


It was found that the installed "IFSAurenaAgent.exe" in localappdata is an unsigned executable, and this was getting blocked by the customer's Security Restriction Policies (they do not allow unsigned applications to run in their system).
Customer manually allowed the "IFSAurenaAgent.exe" in their security policy, and the Aurena Agent worked afterwards.

Will need to know  whether this executable has been signed in future release, or if there is a different workaround to running this application in any environments with such security policies in place.

 

 

Thanks & Best Regards,

Nipun

icon

Best answer by Nipun Gunaratne 9 March 2022, 19:07

View original
This topic has been closed for comments

7 replies

Nipun Gunaratne
Rank
Userlevel 5
Badge +9

Hi @Mathias Dahl ,

Can we consider this as a bug in the aurena agent? 

 

Thanks & Best Regards,

Nipun

Mathias Dahl
Rank
Userlevel 7
Badge +30

Hi,

As of now, we're only signing the MSI package which the exe file is included in. Right now I cannot say if it would be more "correct" to also sign the exe file before it is packaged into the MSI.

Can you verify that the MSI used to install the agent is signed? The latest version should be.
 

/Mathias
Mathias Dahl
Rank
Userlevel 7
Badge +30

As an extra data point, I checked some of the standard exe files that are included in Windows. Some were not signed (Notepad, Cmd, PowerShell), some where (Explorer). Not sure if this is relevant or not though…

 

 

/Mathias
Nipun Gunaratne
Rank
Userlevel 5
Badge +9

Hi,

As of now, we're only signing the MSI package which the exe file is included in. Right now I cannot say if it would be more "correct" to also sign the exe file before it is packaged into the MSI.

Can you verify that the MSI used to install the agent is signed? The latest version should be.
 

Yes I think it’s a signed one. Although when we add Url to the installation process, it says it’s installed successfully. But the local path is not set at user settings

Mathias Dahl
Rank
Userlevel 7
Badge +30

Hi,

Firstly, in case you decide to file a case about the signing, the agent is part of the client framework and supported by their support teams.

Although when we add Url to the installation process, it says it’s installed successfully. But the local path is not set at user settings

Did you follow the steps in trouble shooting guide in our tech docs?

Also, make sure to reload any open web browser tab where you want to use the agent, after it has been installed.

 

/Mathias
Nipun Gunaratne
Rank
Userlevel 5
Badge +9

Hi,

Firstly, in case you decide to file a case about the signing, the agent is part of the client framework and supported by their support teams.

Although when we add Url to the installation process, it says it’s installed successfully. But the local path is not set at user settings

Did you follow the steps in trouble shooting guide in our tech docs?

Also, make sure to reload any open web browser tab where you want to use the agent, after it has been installed.

 

Hi Mathias, 

We have followed the troubleshooting guide and finally we realized that there wasn’t any log file created for App data. It’s because of above security reason. 

Best Regards,

Nipun

Mathias Dahl
Rank
Userlevel 7
Badge +30

So their Security Restriction Policies basically removes the exe file, or stops Windows from executing it then. That is something the installer would never know is happening, I think.

I have started a discussion internally about if we should also sign the exe file, or not. If you like you can file a support case about it already now.

 

/Mathias
Terms & ConditionsCookie settings