Jump to content

FP: Windows 10 x64 Insider Preview Build 14328 FeedbackHub


John L. Galt

Recommended Posts

After some testing, I figured out a way to do this. Please run the following commands in order from an Administrator Level Command Prompt.

takeown /f "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" /r
icacls "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" /grant:r Everyone:f /t
rd /s /q "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe"
robocopy "c:\windows\infusedapps\packages\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" /e /b /copyall

 

Link to post
Share on other sites

2 hours ago, AlexSmith said:

After some testing, I figured out a way to do this. Please run the following commands in order from an Administrator Level Command Prompt.


takeown /f "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" /r
icacls "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" /grant:r Everyone:f /t
rd /s /q "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe"
robocopy "c:\windows\infusedapps\packages\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" /e /b /copyall

 

Hi,

I'd rather use PowerShell :

Add-AppxPackage -register "C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64_8wekyb3d8bbwe\appxmanifest.xml" -DisableDevelopmentMode

I'll try tomorrow

Link to post
Share on other sites

11 minutes ago, Tof_SLRCORP said:

Hi,

I'd rather use PowerShell :

Add-AppxPackage -register "C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64_8wekyb3d8bbwe\appxmanifest.xml" -DisableDevelopmentMode

I'll try tomorrow

That might not work since you are missing an actual file from that Appx package folder. You also run the risk of making things a little worse if the Add-AppxPackage still brakes UWP apps as it does in 10586.x.

Link to post
Share on other sites

17 minutes ago, AlexSmith said:

That might not work since you are missing an actual file from that Appx package folder. You also run the risk of making things a little worse if the Add-AppxPackage still brakes UWP apps as it does in 10586.x.

I'll check tomorrow and let you know.

This problem reveals how hard it is to create a reliable anti-ransomware... they are a real plague.

Link to post
Share on other sites

4 hours ago, AlexSmith said:

After some testing, I figured out a way to do this. Please run the following commands in order from an Administrator Level Command Prompt.


takeown /f "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" /r
icacls "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" /grant:r Everyone:f /t
rd /s /q "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe"
robocopy "c:\windows\infusedapps\packages\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" "c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe" /e /b /copyall

 

That worked.

Expected output when it works:  PilotshubApp.txt

Mind you, the directory remove command fails with a "The system could nit find the specified file" statement, but all seems to work regardless.

Also, I was then able to add the app to the Exclusion list, however, I Was not able to navigate to it normally - I had to enter the following path into the file browser window:

c:\program files\windowsapps\Microsoft.WindowsFeedbackHub_1.2.5.0_x64__8wekyb3d8bbwe

And then I was able to select the PilotshubApp.exe to Anti-Ransomware as an exclusion.

MBARW FP 8.PNG

 

Thanks again, @AlexSmith.

Link to post
Share on other sites

7 hours ago, John L. Galt said:

Just to let you know, Windows 10 Insider Preview 14332 was just released and I am now on it.  I'll see if PilothubApp.exe breaks again.

yes, please keep us posted. I am not eager to crash it again - so I stopped MWB for now!

Link to post
Share on other sites

So far, nothing.  However, both of you have to realize that this is a βeta test of the core functionality of a product that will later be integrated into the main Anti-Malware suite.  As such, if you attempt to test this on a live system with mission critical data, you are risking errors such as this.  Then again, the same can be said for using Windows 10 Insider Preview builds. 

The fix above by Alex should work perfectly fine in case this recurs with the new build, but at the same time, you should be expecting things like this to happen - that is why it is a βeta test.

As stated in red in this topic:

Don't use it on live production machines.

For that reason, I'm using it on my Insider Preview build machines - because those are note live production machines either, and for the same reason.

Link to post
Share on other sites

  • 3 weeks later...

I'm not able to quote but what Alex Smith said above is correct.

I got a false positive with the Windows Feedback App (I don't care actually, it will get replaced).  What I know is sfc /scannow or dism will NOT fix it.  I will wait for the next upgrade.

The authorities on this folder include ALL APPLICATION PACKAGES which is a new SID since Windows 8. (Perhaps 8.1 I can't remember).  It also excludes local users including Administrators and if you decide to take ownership and grant yourself authority you could end up messing up every other app as they are a bit fussy about authority. 

I really think if you get a false positive with a Windows App you should report it and then restore back.  If you play with permissions to replace the object you will only make it all worse.

The other option is to disable MBAR and do an in-place upgrade.  That definitely fixes it as it replaces all of your default apps in that folder.

 

 

 

 

Link to post
Share on other sites

  • 2 months later...
  • Root Admin

@John L. Galt @AlexSmith @Decrypterfixer

I personally don't like this approach. I don't like having to modify permissions if you don't have to.

Linux can easily put the file back and for any advanced user is pretty easy to do.

I'd rather do that, or use this tool. Both methods bypass the need to modify rights to the system.

Quote

RunAsTI or RunAsTrustedInstaller

Is a tool to launch a program of choice (usually cmd.exe) with the same privileges as the TrustedInstaller. That privilege is very powerfull! Actually the tool makes a clone of the token from TrustedInstaller, and thus the newly created process has an identical token.

Why would you need it? Sometimes it is just not enough to just be running as "nt authority\system". Maybe it's a file or a registry key that is locked. Running a tool with this powerfull privilege most likely solve that. Usually such an issue may be due to Windows Resource Protection (WRP) protecting it (previously called Windows File Protection (WFP)); http://msdn.microsoft.com/en-us/library/windows/desktop/aa382503(v=vs.85).aspx

How do you run it? Simply double click it and cmd.exe will launch. Or pass it the program to launch as parameter.

The tool is actually a merge of 2 previous tools; RunAsSystem and RunFromToken. The curious ones might notice that RunFromToken is attached as a resource.

The tool only runs on nt6.x (Vista and later), since TrustedInstaller does not exist on earlier Windows versions.

Requirement: Administrator.

 

https://github.com/jschicht/RunAsTI

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.