Azure Data Studio 1.47.0 Install File Unsigned - ASR Block

[mslsac]

• Azure Data Studio Version: 1.47.0
• OS Version: Windows 11 Version 22H2 build 22621.2428

Steps to Reproduce:

1. Have Attack Surface Reduction Rule - "Block executable files from running unless they meet a prevalence, age, or trusted list criteria" turned on in your environment, per Microsoft best practices.
2. Try to run the installer or update through the application
3. ASR rule will block the exe from running as files contained within the installer are not signed by Microsoft or any trusted publisher
4. Per Microsoft best practices it is not advised to allow temp files through ASR Rules and files should be signed by publisher

Example Files From Defender:
(based on if updated through application or directly through installer)

%LOCALAPPDATA%\Temp\is-KQ5QU.tmp\azuredatastudio-windows-setup-1.47.0.tmp
%LOCALAPPDATA%\Temp\2\is-AQL8K.tmp\AzureDataStudioSetup-stable-c7c2b2f21505562d21972d4c135119d00806db4f.tmp

File Hashes:
SHA1 - df13a84848a05ce0ef303c18604a75743a6585e4
SHA256 - 6d2e16cf674b6d02417b4dcc6272e43bdf0226ff1efb8eda9860b31585594baf
MD5 - 7f1717b0f05046080da7076183300298

Signer:
Unsigned file
This file's signer is unknown

Does this issue occur when all extensions are disabled?: Yes/No - Does not apply

[Charles-Gagnon]

@mslsac We're investigating this - while we do that could you check if you see the same warnings using the previous 1.46.1 installer?

[Charles-Gagnon]

Can you also try installing VS Code and see if you get a similar warning?

[mslsac]

@mslsac We're investigating this - while we do that could you check if you see the same warnings using the previous 1.46.1 installer?

Version 1.46.1 installs without issue when manually running the installer that you linked to. We also have this version deployed out to various devices within our network with no issue. Only ran into issue when using the newly released version 1.47.0 installer.

Can you also try installing VS Code and see if you get a similar warning?

Visual Studio Code 1.84.1 updated on my system 11/8/2023 without throwing any errors.

[mslsac]

Unsure if this is helpful or not during your investigation but this is the exact error from the installer that is being shown, once ASR blocks the temp file that is generated by the installer.

Error - Unable to execute file in the temporary directory. Setup aborted. - Error 5: Access is denied.

No GUI for the installer is ever displayed.

[kisantia]

@mslsac are you still seeing this error? We were able to repro this last week, but no longer see the error now when this ASR rule is enabled.

[mslsac]

@mslsac are you still seeing this error? We were able to repro this last week, but no longer see the error now when this ASR rule is enabled.

@kisantia is there a new download link for the new version?
I still only see 1.47.0 here -
https://learn.microsoft.com/en-us/azure-data-studio/download-azure-data-studio?tabs=win-install%2Cwin-user-install%2Credhat-install%2Cwindows-uninstall%2Credhat-uninstall

[kisantia]

@mslsac can you try the 1.47.0 release again? There wasn't a new release created, but the ASR rule shouldn't block it anymore since the time period of the ASR rule has passed.

[mslsac]

@mslsac can you try the 1.47.0 release again? There wasn't a new release created, but the ASR rule shouldn't block it anymore since the time period of the ASR rule has passed.

Confirmed, the installer is now running without ASR block

[kisantia]

Great thanks for confirming! We'll work on making sure that future ADS releases don't get blocked by this rule. #24964 is tracking getting this unsigned file fixed for the next release.