Bug 160568

Summary: Is it possible to have .dll files be signed by a publisher for WDAC (Windows Defender Application Control)?
Product: LibreOffice Reporter: bz.32d35
Component: LibreOfficeAssignee: Not Assigned <libreoffice-bugs>
Status: NEW ---    
Severity: normal CC: cloph
Priority: medium    
Version: 7.6.6.3 release   
Hardware: All   
OS: Windows (All)   
Whiteboard:
Crash report or crash signature: Regression By:

Description bz.32d35 2024-04-06 17:01:12 UTC 
Description:
I have WDAC (Windows Defender Application Control) setup and during installation it fails because .dll files used at location: C:\Windows\assembly\tmp\XXXXXX\ during installation are blocked because they are not signed by a publisher.

Below are examples of files WDAC complains about but I didn't go through each file (so there are additional files that need to be signed not including the below) examples:

C:\Windows\assembly\tmp\XXXXXX\cli_basetypes.dll
C:\Windows\assembly\tmp\XXXXXX\cli_ure.dll
C:\Windows\assembly\tmp\XXXXXX\cli_uretypes.dll
C:\Windows\assembly\tmp\XXXXXX\cli_uretypes.dll
C:\Windows\assembly\tmp\XXXXXX\\policy.1.0.cli_basetypes.dll 
etc.

Note: XXXXXX changes on a per install basis, I think

LibreOffice being installed: LibreOffice_7.6.6_Win_x86-64 (non-enthusiast version)

Windows 11 23H2

Thank you

Actual Results:
Install fails

Expected Results:
Install succeeds


Reproducible: Always


User Profile Reset: Yes

Additional Info:
[Information automatically included from LibreOffice]
Locale: en-US
Module: StartModule
[Information guessed from browser]
OS: Windows (All)
OS is 64bit: no
Comment 1 Mike Kaganski 2024-04-06 17:15:32 UTC 
Yes, cli_* assemblies are not signed, unlike the DLLs in the program files. Christian: is there a reason why we don't sign them?