Page MenuHome GnuPG
Create Task
Maniphest T6371

GpgOL: Handle CreateProcess errors caused by Microsoft Defender Enterprise
Open, WishlistPublic
Actions

Description

There have been two reports now from users that the configuration dialog cannot be opened and that decryption of messages failed. The underlying cause is a Microsoft Defender rule that blocks CreateProcess calls. I believe it is https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-all-office-applications-from-creating-child-processes

In this case we should handle the error and probably show a MessageBox with at least some information pointing administrators to the possible source of the problem. GpgOL uses GPGME Spawn Engine for that and the decryption failure with Unsupported Protocol also comes from GPGME so maybe GpgME's w32-io spawn would be the best place for such an error handling. Though we need to check which return code occurs in case of such a blockage.

Event Timeline

aheinecke triaged this task as Wishlist priority.Feb 14 2023, 9:27 AM
aheinecke created this task.
aheinecke added a comment.Feb 14 2023, 9:33 AM

I have seen that the rule is honoring the exclusions of Microsoft Defender but I do not know if one would need to exclude gpgol.dll or the gpgolconfig.exe / gpg.exe in this case. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#microsoft-defender-antivirus-exclusions-and-asr-rules