You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched searched open and closed issues for duplicates.
I am using Signal-Desktop as provided by the Signal team, not a 3rd-party package.
Overall summary
Windows Defender Application Control (WDAC) is a security feature that you can enable (not enabled by default) to increase security on computer(s). Unfortunately it complains about and blocks ALL .node files located at:
I believe these are all the files WDAC complains about.
Normally, you can make a signed by publisher rule in WDAC which, if these files were signed by Signal would allow them to run. (However they are not signed, so WDAC blocks these .node files)
Alternatively, you could normally make a file path rule for these files but because appdata is a "user-writeable" area, WDAC will ignore any file path rules.
Then, the only option is, you can re-edit the policy you created in WDAC and check an option called "Disable Runetime Filepath Rules" but is insecure because an attacker could rename any of their files to the same name as one of the file path rules files or if someone created a rule with "*" , any file would run in the path defined in the WDAC rule.
Steps to reproduce
Setup WDAC policy with "Disable Runtime Filepath Rules" unchecked and "Audit mode" unchecked
Restart Windows PC
Run Signal
Expected result
Signal app runs like normal
Actual result
Signal will not open with error message complaining about .node file
Event viewer will have a WDAC log also complaining about .node file
Screenshots
No response
Signal version
7.3.0
Operating system
Windows 11
Version of Signal on your phone
No response
Link to debug log
No response
The text was updated successfully, but these errors were encountered:
@GHM3434 Hi there! I just installed Signal Desktop 7.3.0 on a Windows VM and verified that all of the .node files under C:\Users\Scott\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules have a digital signature.
You mention that you believe that they are unsigned? How did you verify that? Maybe it's something else that WDAC is complaining about?
@GHM3434 Hi there! I just installed Signal Desktop 7.3.0 on a Windows VM and verified that all of the .node files under C:\Users\Scott\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules have a digital signature.
You mention that you believe that they are unsigned? How did you verify that? Maybe it's something else that WDAC is complaining about?
Thank you for getting back to me.
It's been a while since I originally posted this issue (I posted a long time ago but github shadowbanned me and I didn't know so I deleted and reposted after Github support fixed my account). Let me test again and I will get back to you. Maybe this issue is fixed already.
It looks like the files are indeed signed now! Sorry for wasting your time. I will close the ticket now. I tested installing and running the latest version with no issues. Then, I went back and tried to install and run a version from a few months ago and it complained about those files in OP. I also checked 1 or 2 files after installing new version and they are indeed signed.
Using a supported version?
Overall summary
Windows Defender Application Control (WDAC) is a security feature that you can enable (not enabled by default) to increase security on computer(s). Unfortunately it complains about and blocks ALL .node files located at:
C:\Users\USERNAME\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules
More specifically these exact folders and files:
C:\Users\USERNAME\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules@nodert-win10-rs4\windows.data.xml.dom\build\Release\binding.node
C:\Users\USERNAME\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules@nodert-win10-rs4\windows.ui.notifications\build\Release\binding.node
C:\Users\USERNAME\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules@signalapp\better-sqlite3\build\Release\better_sqlite3.node
C:\Users\USERNAME\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules@signalapp\libsignal-client\prebuilds\win32-x64\node.napi.node
C:\Users\USERNAME\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules@signalapp\ringrtc\build\win32\libringrtc-x64.node
C:\Users\USERNAME\AppData\Local\Programs\signal-desktop\resources\app.asar.unpacked\node_modules@signalapp\windows-dummy-keystroke\build\Release\NativeExtension.node
I believe these are all the files WDAC complains about.
Normally, you can make a signed by publisher rule in WDAC which, if these files were signed by Signal would allow them to run. (However they are not signed, so WDAC blocks these .node files)
Alternatively, you could normally make a file path rule for these files but because appdata is a "user-writeable" area, WDAC will ignore any file path rules.
Then, the only option is, you can re-edit the policy you created in WDAC and check an option called "Disable Runetime Filepath Rules" but is insecure because an attacker could rename any of their files to the same name as one of the file path rules files or if someone created a rule with "*" , any file would run in the path defined in the WDAC rule.
Steps to reproduce
Expected result
Signal app runs like normal
Actual result
Screenshots
No response
Signal version
7.3.0
Operating system
Windows 11
Version of Signal on your phone
No response
Link to debug log
No response
The text was updated successfully, but these errors were encountered: