Community Help Hub

Karln83

Good afternoon, I am looking for some advice as in our environment we are currently experiencing an ongoing issue where all the inbuilt windows 10 apps, i.e. Calulator.exe, Time.exe etc are blocked from launching on all Windows 10 clients due to file write denied events. I have performed some testing and applied skiplist -d against the relative path of \Program Files\Windows Apps, and this fixes the issue. However, I am unsure if I am using the correct skiplist function for this issue as the risk associated with this skiplist command is high. Would skiplist -d at \Program Files\Windows Apps, be the correct way to go about this? Is there a best practise for the Windows Apps folder? Many thanks in advance for your support Karl

Pravas

Hi @Karln83 ,

SolidCore solidifies any .dll file. In this case AppCore.Windows.dll is protected, so it denies access to Services.exe which is a generic launcher process.

I think adding a Write-Protect exclusion should be the way forward. However, you can log a SR with technical support to explore other alternatives.

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

View solution in original post

Pravas

Hi @Karln83 ,

We would need to review the logs to understand the cause of write denied.

S3diag.log would possibly have the reason why the App was blocked.

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Karln83

Hi @Pravas ,

So this is what we are seeing on one of the clients (extract of a few lines from S3diag.log).

(WRITE_DENIED file_name= "C:\Program Files\Windows Apps\Microsoft.Windows.Photos_2019.19071.12548.0_x64_8wekyb3d8bbwe\AppCore.Windows.dll" pid="4504" process_name="c:\windows\system32\svchost.exe" ppid="1080" parent_process_name="c:\windows\system32\services.exe" event_time="1684779111889" event_time_system="May 22 2023:18:11:51" is_system_file="false" deny_reason="File-solidified" user_name="NT Authority System")

There are more but they are all similar, just different windows apps/dll's. I will add that these issues seem to arise after the monthly patching cycle, and once the process is given the ability to write to the file, for example using skiplist -d against \Program Files\Windows Apps, (as has been the case during my tests), it seems that there are no issues once I remove the rule. But the problem re-appears at the next patching cycle which is causing issues for our end users.

Karln83

Hi @Pravas have you managed to have a look at my previous response at all?

Pravas

Hi @Karln83 ,

SolidCore solidifies any .dll file. In this case AppCore.Windows.dll is protected, so it denies access to Services.exe which is a generic launcher process.

I think adding a Write-Protect exclusion should be the way forward. However, you can log a SR with technical support to explore other alternatives.

Thanks

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Windows 10 Apps Blocked from launching

Re: Windows 10 Apps Blocked from launching

Re: Windows 10 Apps Blocked from launching

Re: Windows 10 Apps Blocked from launching

Re: Windows 10 Apps Blocked from launching

Re: Windows 10 Apps Blocked from launching

Community Help Hub

Join the Community