On the occasion of VoodooShield 5.3 getting WC. Just a reminder as per your request, that WC still ask for withelist brave.exe with each update.
I would be interested to know if anybody else has the same issue.
Indeed. I also noted, Brave Setup also requires whitelisting each time it executes. Dan will weigh in for sure, but I think it could be because the Setup.exe is unsigned, and where it is executing from is a suspicious location.
Yeah, Sly is right, to test I just installed Brave and WC blocked “C:\Users\UserName\AppData\Local\Temp\CR_15FB5.tmp” because it was in a dangerous location and was not signed. Usually I can find a way to fix stuff like this and to improve usability in VS and WC, but in this case there is very little I can do, sorry about that!
This is a classic example of why you need VS. Appdata\Local\Tmp is a favourite blackhat target because so many users do not know where or what it is. If you’re working in Admin… 🙁 In addition, many lazy non-security-oriented software authors make their installers execute from there. With VS you can lock that folder tighter than a snare-drum, although you may need to choose better softs that don’t want to use it as a staging post.
And I bet that .tmp file never has the same name again.
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]
Yeah, you might want to create a rule for Brave… then again, once I am finished with VS’s WLC implantation, I would be shocked if it blocks these updates. Well, it will block the update for the first unlucky person who gets the update, but from then on, all VS users will have the file auto allowed by WLC. Thank you!