Firefox and Dropbox updater programs are denied even with a Trusted Vendor rule

Version 1

    Verified Product Versions

    AppSense Application Manager 8.9AppSense Application Manager 8.8AppSense Application Manager 8.7AppSense Application Manager 8.6AppSense Application Manager 8.5AppSense Application Manager 8.4AppSense Application Manager 8.3AppSense Application Manager 8.2AppSense Application Manager 8.1AppSense Application Manager 8.0

    Introduction

    The Firefox updater executable "updater.exe" and the Dropbox updater "dropbox-upgrade-*.exe" are denied for restricted users by Application Manager resulting in popup messages from Application Manager and corresponding event id 9000 events raised where configured.

    Detail

    The signing of these exectuables includes an Intermediate Certification Authority certificate and unless this is in the Computer Certificate Store on the end-point running the Application Manager agent then the Application Manager agent is unable to verify the authenticity of the full certification path and therefore denies the execution request.

    The Intermediate Certification Authority certificate should be imported to the Intermediate Certification Authority  container within the Computer certificate store on the end-point. This is currently "Thawte Code Signing CA - G2".

    Alternatively, within the Trusted Vendors rule within the Application Manager configuration, right click on the certificate, select "Advanced Options" and tick the "Ignore end certificate revocation errors" and "Allow untrusted roots" options.