AndreZuercher
Contributor
Contributor

Application Blocking %AppData%

Hi all

I noticed in several environment that application blocking is not blocking for the redirected %AppData%, but works for other redirected locations such as downloads, Favorites as expected. In another environment it blocks all correctly with the same DEM versions.

I cannot find a difference or any missconfiguration (no GPO, no whitelisting). Adding additional blocking rules don't have an effect either.

Some ideas what i could check further or what the reason could be?

Many thanks for any hint

 

 

0 Kudos
3 Replies
Pim_van_de_Vis
VMware Employee
VMware Employee

Could you add some more info? 

When you enable the global Application Blocking feature, only programs started from C:\Windows and C:\Program Files should be allowed. 

Any other location, including %AppData% (redirected or not) should be blocked. Are you telling me that's not the case?

0 Kudos
AndreZuercher
Contributor
Contributor

Yes thats my problem, it does not block the exe from running in %AppData% - altough no whitelisting exists.

It blocks exes in other locations (downloads, documents..) correctly but NOT in the roamed %AppData%

0 Kudos
AndreZuercher
Contributor
Contributor

Just in case someone else runs into this: I have nailed down the problem.
The solution was to give NTFS Permissions "list folder / read data" on the top redirected folder, like it's needed for computer env settings.

That seems to be true for application blocking as well:

Note If you want to use VMware Dynamic
Environment Manager computer environment settings,
remote computer accounts must also have Create
folders / append data permissions applied to This
folder only