ferventcoder
commented
6 years ago Should they be signed by a self-signed certificate or do you want a way of configuring your cert and password?
Open hambone124 opened 6 years ago
ferventcoder
commented
6 years ago Should they be signed by a self-signed certificate or do you want a way of configuring your cert and password?
What You Are Seeing?
When certain packages are installed, Chocolatey generates shims for executables within the packages. For enterprises that implement AppLocker, executables that are not signed or don't have their file hash added to their Allow rule list are immediately blocked. These shims are generated without being signed and with unique hashes per machine. This creates significant overhead for an admin wanting to secure their environment with AppLocker.
What is Expected?
Sign shims generated by Chocolatey, so that the certificate may be added to AppLocker and significantly reduce the effort needed to use shims.
How Did You Get This To Happen? (Steps to Reproduce)
An example would be the
camunda-modelerpackage, which installs the executable within the Chocolatey lib folder and generates a shim within the Chocolatey bin folder.