Running in a secure environment

garethem · September 12, 2022, 11:09:32 AM

All our Windows machines are running with a restrictive "software restriction policy" applied at domain level.
This policy helps to prevent ransomware and other malware by only allowing software to run from a few secure folders.
We can install Exiftool into one such folder, but when it runs it is obviously tries to run something from AppData\Local\Temp which is not allowed.

Access to C:\Users\MACHINENAME~1.SIT\AppData\Local\Temp\par-676172657468\cache-exiftool-12.44/exiftool.exe has been restricted by your Administrator by the default software restriction policy level.

Questions:
1) Can this behaviour be altered so that it runs from the folder it is installed in?
2) If not, can the folder be specified somewhere to allow use of a non-restricted folder

StarGeek · September 12, 2022, 11:35:59 AM

I don't believe this is possible due to the way the exiftool Windows executable works.

You should probably take a look at Oliver Betz's alternative exiftool build as I believe he created it with situations like this in mind.

Another alternative would be to use the actual Perl code version, but that requires installing either ActivePerl or Strawberry Perl.

StarGeek · September 12, 2022, 11:38:31 AM

Actually, it might be possible. See this thread.

But I still think Oliver's version is a better choice.

garethem · September 12, 2022, 12:00:37 PM

Looks like Oliver Betz's version was the solution.

Thanks!

Phil Harvey · September 12, 2022, 07:47:41 PM

It should be possible to set the temporary folder for the standard .exe version by setting the PAR_GLOBAL_TEMP environment variable to the directory you want ExifTool to unpack and run from.

- Phil

Edit: Ah, I see that this is mentioned in StarGeek's link. But the Betz version is probably better as he says.

ExifTool Forum

News:

Running in a secure environment

garethem

StarGeek

StarGeek

garethem

Phil Harvey