My company intends to increase the security of clients by using Microsoft App Control.
This basically means that any executable not located in %programfiles...% must be digitally signed with our company key.
Now signing the executables is a bit of a hassle but generally not really a problem.
But for ETX, two security mechanisms come in to conflict. The ETX launcher checks the hash value of the main (Native Client) executable but if the executable is signed by us the hash value changes.
So:
sign the main executable -> The ETX Launcher won't start it.
Don't sign the main executable: Microsoft App Control prevent execution.
Oops!
Has anybody found a solution for this problem?
