Application Metering is not blocking application from running if UEFI and Secure Boot are enabled

book

Article ID: 161060

calendar_today

Updated On:

Products

Inventory Solution

Issue/Introduction

Application Metering blocking policies don't work on Windows 8 / 8.1 workstations if UEFI and Secure Boot are enabled. If Secure boot is disabled there is no problem to block applications.

Cause

According to http://msdn.microsoft.com/en-us/library/windows/desktop/dn280412(v=vs.85).aspx,

"Windows 8 adopted UEFI and secure boot to improve the overall system integrity and to provide strong protection against sophisticated threats. When secure boot is enabled, the AppInit_DLLs mechanism is disabled as part of a no-compromise approach to protect customers against malware and threats.

Please note that secure boot is a UEFI protocol and not a Windows 8 feature. More info on UEFI and the secure boot protocol specification can be found at http://www.uefi.org."
 

Resolution

You can check MSInfo32 -> BIOS Mode to verify if UEFI and Secure Boot State is ON. To be able to use Application Metering blocking policies you will need to disable UEFI Secure boot following the steps from http://technet.microsoft.com/en-in/library/dn481258.aspx


Applies To

Application Metering 7.5x + Windows 8/8.1 with UEFI and Secure Boot