Ente Auth installer is blocked by Microsoft Defender ASR because it extracts temporary executables

[me1299]

Ente Auth installer is blocked by Microsoft Defender ASR because it extracts temporary executables

Description

On systems where Microsoft Defender Attack Surface Reduction (ASR) rules are enforced, the Ente Auth installer is blocked during installation.

The installer extracts one or more temporary executables into a user temp folder and launches them immediately. These extracted files are new and have no reputation yet, which triggers the ASR rule that blocks low age and low prevalence executables. Because of this, every new release of Ente Auth is blocked until reputation builds up.

Older versions often install without issues simply because they already have cloud reputation. New releases always hit this rule first.

Request

Please consider adjusting the installer so it does not trigger ASR. Possible improvements include:

• providing a pure MSI installer
• avoiding extraction of executables into random temp folders
• signing any inner extracted binaries
• using an installer format that does not run newly created temp executables

Any of these changes would help prevent ASR from blocking new releases of Ente Auth.

Impact

Users in enterprise environments cannot install or update Ente Auth without administrative workarounds or exclusions. Improving the installer structure would allow new versions to install normally and reduce friction for enterprise deployments.