Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled

Message

SimPassion · #1 Post by **SimPassion** » Fri Mar 22, 2019 8:55 pm

I finally get rid of up to 10 following Air Player launch before to get it running,
by disabling totally Exploit protection in Windows Security / App & browser control

Air Player now runing every time on first and single engine start

Who's said Windows 10 realtime security is a bit intrusive ?

Gilles

SimPassion · #2 Post by **SimPassion** » Sat Mar 23, 2019 1:42 am

Also, with this workaround, no more issue while sending panels from AM to AP

Gilles

Ralph · #3 Post by **Ralph** » Sat Mar 23, 2019 6:48 am

Never knew that this existed

Thank you for finding the solution, might be helpful in other occasions.

SimPassion · #4 Post by **SimPassion** » Sat Mar 23, 2019 12:40 pm

I've seen previously many time the behavior that windows induce a small latency before releasing the process from its realtime analyzing
So in a dev view, I think that each new executable component should be registered in Exploit protection database, following Microsoft recommendations and operating mode, in order to be usable without issue.
I think of Bootloader.exe / Airplayer.exe and related libraries

Gilles

SimPassion · #5 Post by **SimPassion** » Sat Mar 23, 2019 1:45 pm

Here's the beginning of exported custom "Settings.xml"

Gilles

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
  <SystemConfig>
    <DEP Enable="false" EmulateAtlThunks="false" />
    <ASLR BottomUp="false" />
    <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" />
    <SEHOP Enable="false" TelemetryOnly="false" />
    <Heap TerminateOnError="false" />
  </SystemConfig>

SimPassion · #6 Post by **SimPassion** » Sat Mar 23, 2019 1:51 pm

As we can add a program and customize parameters in Exploit Protection list,
here's how it goes :

Gilles

Code: Select all

<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
  <SystemConfig>
    <DEP Enable="false" EmulateAtlThunks="false" />
    <ASLR BottomUp="false" />
    <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" />
    <SEHOP Enable="false" TelemetryOnly="false" />
    <Heap TerminateOnError="false" />
  </SystemConfig>
  <AppConfig Executable="D:\Simu\Air Player BETA\AirPlayer.exe">
    <DEP Enable="false" EmulateAtlThunks="false" />
    <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" />
    <StrictHandle Enable="false" />
    <SystemCalls DisableWin32kSystemCalls="false" />
    <ExtensionPoints DisableExtensionPoints="false" />
    <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" />
    <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" />
    <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" />
    <Fonts DisableNonSystemFonts="false" AuditOnly="false" />
    <ImageLoad BlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" />
    <Payload EnableExportAddressFilter="false" EnableImportAddressFilter="false" EnableRopStackPivot="false" EnableRopCallerCheck="false" EnableRopSimExec="false" />
    <SEHOP Enable="false" TelemetryOnly="false" />
    <Heap TerminateOnError="false" />
    <ChildProcess DisallowChildProcessCreation="false" />
  </AppConfig>
  <AppConfig Executable="D:\Simu\Air Player BETA\Bootloader.exe">
    <DEP Enable="false" EmulateAtlThunks="false" />
    <ASLR ForceRelocateImages="false" RequireInfo="false" BottomUp="false" HighEntropy="false" />
    <StrictHandle Enable="false" />
    <SystemCalls DisableWin32kSystemCalls="false" />
    <ExtensionPoints DisableExtensionPoints="false" />
    <DynamicCode BlockDynamicCode="false" AllowThreadsToOptOut="false" />
    <ControlFlowGuard Enable="false" SuppressExports="false" StrictControlFlowGuard="false" />
    <SignedBinaries MicrosoftSignedOnly="false" AllowStoreSignedBinaries="false" EnforceModuleDependencySigning="false" />
    <Fonts DisableNonSystemFonts="false" AuditOnly="false" />
    <ImageLoad BlockRemoteImageLoads="false" BlockLowLabelImageLoads="false" />
    <Payload EnableExportAddressFilter="false" EnableImportAddressFilter="false" EnableRopStackPivot="false" EnableRopCallerCheck="false" EnableRopSimExec="false" />
    <SEHOP Enable="false" TelemetryOnly="false" />
    <Heap TerminateOnError="false" />
    <ChildProcess DisallowChildProcessCreation="false" />
  </AppConfig>

SimPassion · #7 Post by **SimPassion** » Sat Mar 23, 2019 1:56 pm

Indeed, the inscription should be done programmatically on install
here, it was only as a sample after doing an "Export settings" to "Settings.xml"

Gilles

Sling · #8 Post by **Sling** » Sat Mar 23, 2019 11:12 pm

I’ve seen similar issues with anti virus software but never with windows. Thanks for the heads up.

Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled

Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled

Re: Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled

Re: Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled

Re: Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled

Re: Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled

Re: Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled

Re: Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled

Re: Air Player launch issue when Windows Security / App & browser control / Exploit protection is enabled