I have an application that calls the COM API for Windows Firewall to check if the firewall is enabled, and whether an exception has been added for itself. Unfortunately, the parameters for the call to the COM object don't seem to be captured by the Cameyo virtualization engine, and the path for the process exception references the virtual path rather than the physical path. As a result, the call to INetFwProfile::get_AuthorizedApplications and subsequently INetFwAuthorizedApplications::Item ( "Path to exe", 0x0012f4e0 ) always returns "0x80070002 = The system cannot find the file specified" and the application reports that it needs an exception added.
Is there any way to trap this sort of call either to correct the parameter or to "lie" to the application?
I haven't tested the Firewall APIs, but from what you're saying it seems there is not much you can do. You can certainly script a custom action as .VBS and make the Firewall pre-authorize the executables you need. But you still won't be able to make that error appear.
I haven't tested the Firewall APIs, but from what you're saying it seems there is not much you can do. You can certainly script a custom action as .VBS and make the Firewall pre-authorize the executables you need. But you still won't be able to make that error appear.
What I wound up doing was writing an AutoIt script that adds the "dummy" firewall rule that references the virtual path, and the "real" firewall rules that reference the VOS path. However, in doing so, I ran into a different issue.
The AutoIt script is compiled with the "RequireAdmin" directive to set the manifest on the executable to require elevation. I wanted it this way so that if a standard user launched the virtual firewall update app, they would be prompted for administrative credentials. However, what I've found is that while elevation works with a user who is already an administrator, if a standard user provides the credentials of a different user to launch the process, Cameyo returns the "Error=2" message.
The custom "addtofw.exe" program is added to the list of exclusions such that it runs outside of the sandbox.
The reason I need a standard user to be able to launch the virtual firewall update app too is that I need to capture the username to determine the path to the correct VOS process image.
The reason I need a standard user to be able to launch the virtual firewall update app too is that I need to capture the username to determine the path to the correct VOS process image.
Wouldn't it then be easier to set the VOS path to a machine-wide path (i.e. C:\CameyoVOS) instead of user-specific path (like %AppData%)?
The reason I need a standard user to be able to launch the virtual firewall update app too is that I need to capture the username to determine the path to the correct VOS process image.
Wouldn't it then be easier to set the VOS path to a machine-wide path (i.e. C:\CameyoVOS) instead of user-specific path (like %AppData%)?
This is certainly an option, however doesn't this remove the ability for each user to maintain their own settings / customizations and the ability to revert them simply with "-remove"? This also doesn't address the "Error=2" problem when a standard user uses a different set of credentials in the UAC elevation prompt. Not all users of the application will have administrative rights on the system, however all of them will have access to someone who can quickly type their credentials into the UAC prompt.
What do you think may be causing the "Error=2" issue with UAC swapping credentials? Is this a known compatibility issue between the current version of Cameyo and UAC?
Well, I don't know how you need it to be set up exactly, but remember that you can set the PROG path (where executables are) into C:\CameyoVOS, and the CHANGES path into a user-specific directory.
Well, I don't know how you need it to be set up exactly, but remember that you can set the PROG path (where executables are) into C:\CameyoVOS, and the CHANGES path into a user-specific directory.
That requires the licensed Cameyo, however.
Understood. However, do you have any comment regarding the Cameyo "Error=2" UAC issue?
