Edge Chromium not updating

[dennyamarojr]

Describe the bug After importing the applocker settings, Microsoft Edge Chromium are not updating. See screenshot below A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

Expected behavior I expect to be able update edge chromium, I check in other browsers like brave, vivaldi and it's working. I don't know which file is required by edge chromium, I try to see on google but didn't anything. I check in the event viewer and it seems the edge update service is not starting. A clear and concise description of what you expected to happen.

Screenshots

If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Windows 10 20H2[e.g. iOS]
• Browser Edge Chromium [e.g. chrome, safari]
• Version 87.0.664.52 (Official build) (64-bit) [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Additional context Add any other context about the problem here.

[simeononsecurity]

@dennyamarojr

After reproducing the steps taken, we don't seem to be coming to the same conclusion.

Please try to download the latest edge by visiting https://www.microsoft.com/en-us/edge To reinstall it manually and try again.

[dennyamarojr]

I will try to reinstall manually here

[dennyamarojr]

I reinstall Edge Chromium Dev here and it seems to have the same issue :(

I don't know what exactly is the cause, when I remove the Applocker settings just works for me. Could this to be related to Exploit protection settings?

[dennyamarojr]

and this is my program settings: https://we.tl/t-HKDpUWOB89

[dennyamarojr]

I will try to install Windows 10 in VM and them import the applocker to see if I can get the same message

[dennyamarojr]

I also will upload the Windows Defender settings, that may cause this issue (not sure).

[simeononsecurity]

We personally run all these settings locally. The Applocker-Hardening is for more advanced users, who we don't expect to be running ie, edge, or chromium edge. There is a reason we haven't implemented these settings under our more "turn-key" hardening scripts. Though, we don't want this to be an expected behavior of our Applocker-Hardening script.

We don't beleive this is an issue with Windows Defender or Windows Defender Application Control. Chromium Edge is a Microsoft-signed binary and it shouldn't be blocked by Defender, even with our rules.

You can look in event viewer to see specifically if that service is being blocked by app locker. You'll have to identify the binary associated with the stopped service and use this documentation to identify where to look in event viewer.

[dennyamarojr]

I check on google and it seems some problem with Windows itself, I import the Applocker settings and try to update manually with the .msi file from www.microsoftedge.com (link provided by you @simeononsecurity ) and it works. The process was made in a VM, I will try the same in my computer now and back here to answer and close this little issue. :)

[dennyamarojr]

After sometimes trying the settings, find the solution. The problem with the Control Flow Guard in the exploit protection>program settings

I put the msedge.exe process and enable the Control flow guard (CFG) and them enable Use strict CFG which cause the issue to preventing the browser check the updates here's the pic of the option enable

[simeononsecurity]

Interesting. 🤔 Since this isn't relevant to this repo we'll have to close it.

That setting is quite possibly a part of Windows-Optimize-Harden-Debloat or Windows-Defender-Hardening if you also ran them.

But, @dennyamarojr let me suggest that you don't just run any of my scripts without reading the "suggested reading" sections and the readme. With all things security, things are likely to break when you force them to be secure. Also, it's not smart to just run any script on the internet. Slow down and try to take some time to understand them.

Furthermore, if you're interested in security, you shouldn't be using any of the Microsoft browsers or any Chrome variant. Install FireFox and take a look at Recommended Browser Plugins and my FireFox-Privacy-Script.