I got a ransomware last year. I formatted and reinstalled Win10. After installing a few programs I enabled whitelisting in Local Security Policy (Disallowed), i.e. every executable needs to have its hash added before it can run (or path/certificate). I don’t want to toggle whitelisting for every update/installation.
The issue seems to be the temporary folders/EXEs installers create.
I’m running the PC logged in as standard user.
Elsewhere they suggested me to use PowerShell, but that didn’t work either. I get the same error messages.
A few examples. All had their installation EXE hashes whitelisted:
Backblaze
bzinst
ERROR: RunCommand, CreateProcess failed, err=C, GetLastError=1260
TeraCopy 2.3
Error
Unable to execute file in the temporary directory. Setup aborted.
Error 1260: This program is blocked by group policy. For more information, contact your system administrator.
TeraCopy 3.9.2
This installation is forbidden by system policy. Contact your system administrator.
