You are here

Temp Folder Access

10 posts / 0 new
Last post
Devo
Offline
Last seen: 4 months 3 weeks ago
Joined: 2007-09-04 14:55
Temp Folder Access

At work they recently updated our security software (McAfee) and restricted user access to the Temp folder. Because of this it is causing pretty much all of my portable apps to not start (Notepad++, Gimp, 7-zip, etc.) throwing up an error that states "Another instance of [AppName] Portable is starting. Please wait of it to start before launching again." There are only a few apps that will run, Firefox being one of them. Has anybody else encountered this error or does anybody know of any work arounds?

John T. Haller
John T. Haller's picture
Online
Last seen: 6 min 18 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Portable TEMP folder in PortableApps.com Platform

You can use a portable TEMP folder as outlined under Advanced Options here: https://portableapps.com/support/platform#advanced

This will work with apps that get it from the environment variable including the platform, app launchers, app installers, updater, etc. Some specific apps may not work with this setup.

Sometimes, the impossible can become possible, if you're awesome!

Devo
Offline
Last seen: 4 months 3 weeks ago
Joined: 2007-09-04 14:55
Do I need to enable a setting

Do I need to enable a setting somewhere in the platform? I've created the TempForPortableApps folder in the correct location and launching Notepad++ from the platform still throws up the same error:
"Another instance of Notepad++ Portable is starting. Please wait for it to start before launching it again."

If it's because Notepad++ is using an older version of the PAL, then I can just create a new launcher, but not even the PortableApps.com Launcher program will run.

John T. Haller
John T. Haller's picture
Online
Last seen: 6 min 18 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Locked Down

If you created TempForPortableApps next to Start.exe, only launch the PortableApps.com Platform using Start.exe (which handles the TEMP change), and then run all your apps from the PortableApps.com Platform (and *only* from the PortableApps.com Platform) then they would be using that TEMP directory. If that is failing, your PC is more locked down than just an inability to use TEMP. Unfortunately, this likely means you are forbidden by corporate (or at least technical) policy from running portable apps and should absolutely not use them as you'd be risking your employment. You'll need to check with IT to determine what is and isn't allowed by corporate policy and the new technical restrictions on their machines.

Sometimes, the impossible can become possible, if you're awesome!

Devo
Offline
Last seen: 4 months 3 weeks ago
Joined: 2007-09-04 14:55
Maybe it is more locked down

Maybe it is more locked down that I realize, but the TempForPortableApps is working for Firefox and nothing else. When I try to run other programs I can see a new temp folder being created in the TempForPortableApps folder, but then it fails to load as mentioned above. I just find it really strange that Firefox works perfectly, but nothing else does. Is there a technical reason for this or am I just lucky? Is there any other information I could provide you to help troubleshoot the issue?

John T. Haller
John T. Haller's picture
Online
Last seen: 6 min 18 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
No Checks

The Firefox Portable launcher is an older custom launcher and has fewer checks to ensure multiple copies don't step all over each other. It also has no checks to ensure it was shut down properly last time and clean up on next launch. So, whatever they did to lock down your PC could be interfering with the launcher's ability to set a system-wise Regex, the ability to write certain files to TEMP, the ability to check what processes are running, or a couple other things. All of these things can interfere with any software which is not installed functioning properly. It's likely that even running Firefox Portable could get you fired if they've gone to these extreme measures, so I highly suggest engaging your IT department.

Sometimes, the impossible can become possible, if you're awesome!

Devo
Offline
Last seen: 4 months 3 weeks ago
Joined: 2007-09-04 14:55
I have been working with my

I have been working with my IT department, they recently rolled out a new version of McAfee and told me they did not intend to break PortableApps. I'm currently working with them to figure out what was done that broke PortableApps which is why I'm engaging you in this discussion. Would it be possible to use an older version of the PortableApps.com Launcher program to create older launchers without all the checks? If so do you know which version of the program I would need to use?

John T. Haller
John T. Haller's picture
Online
Last seen: 6 min 18 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Custom Launcher, not PAL

Firefox Portable doesn't use a PAL launcher. It uses an old custom launcher. Aka hand-coded specifically for Firefox. It will eventually be switched to use PAL as well as the vast majority of our apps are. So, you can't use the current Firefox Portable launcher with anything except Firefox.

It would help if I knew what they have McAfee set to break/lock down in Windows from the list I provided you above as well as anything else they can think of.

Sometimes, the impossible can become possible, if you're awesome!

Devo
Offline
Last seen: 4 months 3 weeks ago
Joined: 2007-09-04 14:55
I've asked them what rules

I've asked them what rules they have set up other than the TEMP folder restriction so I'll let you know what they tell me. In the mean time I was able to look at McAfee's log to determine why everything is failing and here is the reason:

9/8/2016 1:20:47 PM Blocked by Access Protection rule E:\PORTABLEAPPS\NOTEPAD++PORTABLE\NOTEPAD++PORTABLE.EXE E:\TempForPortableApps\nsr7DAB.tmp\System.dll Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder Action blocked : Read

There are a couple other rules that keep popping up in the logs:

9/8/2016 8:04:23 AM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\PROGRAM FILES\LENOVO\HOTKEY\SHTCTKY.EXE HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TPHKLOAD\SETTINGS\ Common Maximum Protection:Prevent programs registering as a service Action blocked : Create
9/8/2016 8:04:24 AM Blocked by Access Protection rule NT AUTHORITY/SYSTEM C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings Action blocked : Create
9/8/2016 11:02:52 AM Blocked by Access Protection rule C:\WINDOWS\EXPLORER.EXE C:\USERS\[USERNAME]\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\tray.exe\ Common Maximum Protection:Prevent programs registering to autorun Action blocked : Create
9/8/2016 11:03:43 AM Blocked by Access Protection rule E:\PORTABLEAPPS\PORTABLEAPPS.COM\PORTABLEAPPSPLATFORM.EXE HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\AUTODETECT Anti-spyware Standard Protection:Protect Internet Explorer favorites and settings Action blocked : Create
9/8/2016 11:03:43 AM Blocked by Access Protection rule E:\PORTABLEAPPS\PORTABLEAPPS.COM\PORTABLEAPPSUPDATER.EXE C:\Users\ddvorak\AppData\Local\MICROSOFT\Windows\TEMPORARY INTERNET FILES\counters.dat Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder Action blocked : Read
9/8/2016 11:03:44 AM Blocked by Access Protection rule E:\PORTABLEAPPS\PORTABLEAPPS.COM\PORTABLEAPPSUPDATER.EXE E:\TempForPortableApps\nsgFF94.tmp\System.dll Anti-spyware Maximum Protection:Prevent all programs from running files from the Temp folder Action blocked : Read

This probably doesn't help troubleshoot why it's not using the TempForPortableApps folder, but I'll keep digging and let you know what I find out.

John T. Haller
John T. Haller's picture
Online
Last seen: 6 min 18 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Using but blocked

It appears McAfee is also blocking the alternate TEMP directory from the ability to access DLLs as well according to that log. In this case, it can't call kernel32::CreateMutex because it is blocked from accessing the system.dll it extracted to TEMP. The older Firefox Portable custom code just ignores this scenario and continues executing, only checking if the return value says something is running. PAL looks for a value of it not running and assumes everything else including errors means it is running. In fairness, all launchers should simply error out if nothing can run from TEMP. I'll explain why.

For background, NSIS extracts its shared DLLs to a unique directory within TEMP while it is running. These DLLs are used for things like system calls (mutex to ensure only a single copy is running, for example), text replace within settings files, registry calls, getting file details from EXE files, etc. With TEMP execution blocked, all of these calls will fail. None of our launchers have error detection and fallback handling for all of that happening, so you'll wind up with unpredictable results. So, an app like Firefox Portable may run, but may fail to properly update paths within prefs.js and similar breaking some parts of portability.

All app launchers and installers as well as the platform's updater/app store and backup/restore utilities as well as our installer packager, app compactor, and some other utilities are written in NSIS. If TEMP is blocked from run access entirely, even when using an alternate TEMP directory, you won't be able to use our software at present. A small number of apps may start, but won't be properly portablized.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments