0

I'm encountering an issue and I'm not sure how to resolve it.

We've developed a Microsoft Outlook VSTO add-in using C# with the .NET framework 4.6.1. We deploy it to our clients using ClickOnce and a URL. Our ClickOnce application is signed with a certificate authority. It's deployed on thousands of machines, however, some of our clients use Windows Defender Endpoint protection.

When the setup.exe is downloaded and installed, there are no issues. The problem occurs when Outlook restarts, and when we publish an update. ClickOnce is configured to check for updates each time Outlook is opened. For most of our clients, this works perfectly fine, except for those using Windows Defender 365 for Endpoint.

ClickOnce downloads the new version, and the files are deleted by Windows Defender during the download.

We have tried several things:

  • Adding our certificate to the trusted publishers
  • Signing all DLLs that weren't signed with our public certificate

The only thing that has worked, but is far from secure, is to exclude the %userprofile%\AppData\Local\Temp\Deployment folder.

Does anyone have a lead on this? Here's the error message that appears at the time of the download:

Windows defender delete file on update

Eugene Astafiev
  • 47,483
  • 3
  • 24
  • 45
Cédric Boivin
  • 10,854
  • 13
  • 57
  • 98
  • Try to add the URL of your ClickOnce app to your Trusted Sites in `Internet Options` in Control Panel. – Eugene Astafiev Jun 26 '23 at 20:43
  • Also make sure that you did everything like described at https://learn.microsoft.com/en-us/visualstudio/deployment/how-to-add-a-trusted-publisher-to-a-client-computer-for-clickonce-applications?view=vs-2022 – Eugene Astafiev Jun 26 '23 at 20:44
  • Yes, we have already tried that. I will double-check the Internet Trusted Sites, but the problem seems to be with the open source dll, which isn't signed by any certificate. Is there a way to allow all dll files deployed by a trusted publisher, I mean, regardless of what files are deployed by that publisher? It looks like Windows Defender analyzes each file independently, regardless of who the publisher is. – Cédric Boivin Jun 27 '23 at 11:18
  • Try to sign it with your digital signature. You can check out the source code of such assemblies if it is open and then sign it. Does it help? – Eugene Astafiev Jun 27 '23 at 11:34
  • Yes, we have already tried that. Each dll I sign with our own certificate works fine. However, there are some dlls that have been signed with certificates from third-party NuGet sources. For example, we use BouncyCastle.Cryptography. This dll is signed by 'Legion of the Bouncy Castle Inc.', and it has been deleted by WD. I am trying to find the best and most viable approach for our customers. I can't ask them to trust all dlls from the publishers that we use, and it's not recommended to sign each dll that has already been signed with the publisher's certificate using our own certificate. – Cédric Boivin Jun 27 '23 at 11:50
  • You can ask for non-signed components from vendors, so you could sign them with your own signature. – Eugene Astafiev Jun 27 '23 at 15:04
  • @EugeneAstafiev yes, but some dll deleted by windows defender are signed by the vendor and it's not working also. – Cédric Boivin Jun 27 '23 at 19:52
  • Have you tried opening a support case with MS? – Eugene Astafiev Jun 27 '23 at 20:18
  • @EugeneAstafiev that is my next step. I will do it today. – Cédric Boivin Jun 28 '23 at 16:41
  • 1
    Good luck! Don't forget to share your results for other users here. – Eugene Astafiev Jun 28 '23 at 16:47

0 Answers0