Questions About Win10 Defender Controlled Folders vs Icon Packager Skins

from Stardock Forums
I'm seeing a lot of Controlled Folder notifications about Windows core applications getting blocked while apparently trying to modify user settings for an Icon Packager skin. Examples: C:\Windows\System32\PickerHost.exe has been blocked from modifying %userprofile%\Documents\Stardock\IconPackager\Steel Dragon\Steel Dragon\ by Controlled Folder Access. C:\Windows\System32\RuntimeBroker.exe has been blocked from modifying %userprofile%\Documents\Stardock\IconPackager\Steel Dragon\Steel Dragon\ by Controlled Folder Access. Is this some kind of issue of Icon Packager vs Windows 10? Shouldn't PickerHost.exe or RuntimeBroker.exe already be okayed to do whatever to these settings? Am I supposed to do something about this or just leave this all alone? The notifications keep happening from time to time.
11,246 views 9 replies
Reply #1 from Stardock Forums Top

Hello,

I have push your question to our CM support Team for respond.

Fences - Organize your desktop icons today!
Reply #3 from Stardock Forums Top
Also seeing similar notifications about WindowBlinds skin User Profile access requests from various Win10 core processes.
Reply #4 from Stardock Forums Top

Quoting basj, reply 1

Hello,

I have push your question to our CM support Team for respond.

Any updates on this? It needs to be answered, it's a security question.

Reply #6 from Stardock Forums Top

Quoting sdRohan, reply 5

Please disable Controlled Folder Access:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard

 

 

Wait...THAT is your "solution"...?

 

I'm not going to disable a security feature just so you can lazybum around and not fix whatever is wrong with your software vs Windows 10.

 

Don't be ridiculous!

 

How about fix the issue at your end instead.

Reply #7 from Stardock Forums Top

Just to be clear - no other software is causing these messages...whitelisting their applications fixes every other bit of software vs Windows 10 Controlled Folder Access...why doesn't your software work like that?

Reply #8 from Stardock Forums Top

Quoting Khitteh, reply 7

I'm not going to disable a security feature just so you can lazybum around and not fix whatever is wrong with your software vs Windows 10.

From MS themselves:

10/18/2017

'Warning

Controlled folder access is a new technology that monitors apps for activities that may be malicious. Sometimes it might block a legitimate app from making legitimate changes to your files.+

This may impact your organization's productivity, so you may want to consider running the feature in audit mode to fully assess the feature's impact.'

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard

Quoting Khitteh, reply 7

Access...why doesn't your software work like that?

It is not up to our software how an MS security feature treats it (how secure would that be if it could).  That said, there is no known reason why IP would be treated any differently.

Quoting Khitteh, reply 7

Shouldn't PickerHost.exe or RuntimeBroker.exe already be okayed to do whatever to these settings?

Have you done this:

'Use the Windows Defender Security app to allow specific apps'

Detailed here:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard

Reply #9 from Stardock Forums Top

Quoting sdRohan, reply 8
Have you done this:

'Use the Windows Defender Security app to allow specific apps'


Detailed here:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard

 

Yes I have - I whitelist all the apps I want Defender to allow access to the controlled folders. All the other apps I have allowed all run perfectly and don't throw these constant access denied notifications - only the Stardock apps are causing these notifications.

 

So somehow all the other apps exist in harmony with controlled folder access after being whitelisted, while whitelisted Stardock apps are the only ones to have issues with controlled folders.

 

The other apps must be doing something Stardock apps aren't doing, because it's clear something about Stardock products is different from every single other app on my computer.

 

Perhaps your team should contact Microsoft and ask them how to write code for Stardock apps that properly conform to controlled folder access whitelisting.