V1.16.2 Update - problems encountered

RayG rgsub1 at btinternet.com
Tue Aug 2 16:46:46 UTC 2022


I have just installed the above version on:

Edition	Windows 10 Pro
Version	21H2
Installed on	‎04/‎04/‎2022
OS build	19044.1865
Experience	Windows Feature Experience Pack 120.2212.4180.0

And run into some issue which at first sight would appear to be windows
tightening the protection using ASLR so what follows maybe of help to
others.

I have a PowerShell script to update the configuration files which has
always run without issue, Now I get :

“App or process blocked: cmd.exe

Blocked by: Attack Surface Reduction

Rule: Block executable files from running unless they meet a prevalence, age
or trusted list criteria

Affected Items: C:\Program Files\Unbound\unbound-checkconf.exe”

Cmd.exe is trying to run unbound-checkconf.exe which windows is not happy
with. unbound-checkconf.exe does not have the required “status” for ASLR it
would seem.

https://docs.microsoft.com/en-gb/microsoft-365/security/defender-endpoint/at
tack-surface-reduction-rules-deployment-implement?view=o365-worldwide

is a helpful page and running the following in a PowerShell window with
admin privs resolves the issue:

Add-MpPreference -AttackSurfaceReductionOnlyExclusions "C:\Program
Files\Unbound"

So now v1.16.2 is running OK with a new configuration.

Just to complete the problems I had…

Unbound used to run quite happily under the “Network Service” account
something that was considered a long time ago and not implemented by
NLNetLabs.

I did however persevere with getting the setup to work and it was running
perfectly until this update.

In order to get things running instead of upgrading over the top and I have
done for many versions. I uninstalled Unbound and reinstalled it to run
under the system account.

One of the problems under the network service account was that there was no
logging output although unbound was resolving names. 

I will when I have time investigate further to see if I can return to the
status quo I had before.

I hope that helps if you have the same issues.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20220802/403a6c56/attachment.htm>


More information about the Unbound-users mailing list