Windows Smart Screen blocks Kleopatra & gnupg command line functionality

Hello,

I have the latest version (3.1.15) of GPG4WIN installed on my system. However, since the last few days or so, both Kleopatra and its command line counterpart are blocked by Windows smartscreen for unknown reasons.

Upon lauching Kleopatra you are greeted with the Self Test dialog with one failed test (gpg configuration check). Invoking gpg.exe via command line (as administrator) also fails with “Access denied” message – apparently by Windows smartscreen. Please see the screenshots attached.

I’ve tried a reinstall of the gpg4win suite followed by a reboot with no luck. Disabling smartscreen too has little effect. Also, it seems all my stored certificates have been nuked in the process, although I do have a backup.

Any help’s appreciated.

Thank you

Screenshot 2021-03-30 14-18-15.png

Seems you can only upload one file per post.

Screenshot 2021-03-30 14-24-42.png

Thanks for reporting!

Can you give the precise version of windows you are using?

If you are in a position to test this: Does this work, if you disable smartscreen?
(I was under the impression that smartscreen would have stopped the installer,
but not files that got installed. Did you, by chance install Gpg4win as a different user?)

Best Regards,
Bernhard

Hi,

Forgot to add the version details. I’m on Windows 10 20H2-19042.867

The second screenshot was taken with the smartscreen disabled but it still fails. It’s weird smartscreen didn’t interrupt the installation itself.

The installation was done as an elevated user. If I remember right Gpg4win doesn’t let you install as a standard user (at least the last time I tried)

Thank you

Hi,
can you report on all the attributes of the gpg.exe file that is failing.
Please also calculate a checksum (e.g. sha256 or so) and give the precise length.

We have to rule out that the file or the permissions somehow got corrupted.

Thanks,
Bernhard

Looks like the gpg.exe is indeed corrupted. It reports the file size as 0 bytes.
Here’s the checksum:
Name: gpg.exe
Size: 0 bytes
CRC32: 00000000
CRC64: 0000000000000000
SHA256: E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA1: DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
BLAKE2sp: DD0E891776933F43C7D032B08A917E25741F8AA9A12C12E1CAC8801500F2CA4F

Hi,

Only just found out Gpg4Win has to be installed without elevated privileges. Would you recommend a reinstall as a standard user to see if the issue persists?

I clearly remember the installer (one of the older versions) warning you install as administrator so that all user accounts can benefit. So, I make it a practice to run the installer from an elevated CMD to avoid having to input the password every time.

Thank you

BRAC,
does ist all work fine, if you install it as regular user?

(What I am sure of is that it should be “run” only as regular user.)

Best,
Bernhard

Will try as a regular user and report back… That will take me some time because I’m not ready yet for a system restart.

Thank you

Hi,

I just reinstalled as a regular user to the Appdata/Local folder despite the installer’s recommendation to install with administrator rights (screenshot attached).

Although both Kleopatra and gpg.exe work even with smartscreen turned on, the issue now is the gpg explorer context menu doesn’t show up in spite of selecting the gpgEX check box during installation. Hope this particular feature doesn’t require installation as admnistrator.

Screenshot 2021-03-31 20-04-56.png

Hi,

Any idea why the “More gpgEX options” doesn’t show up upon right clicking a file. I don’t see any options in Kleopatra settings to enable this feature. It’s strange I’m having these little issues now considering I’ve been using gpg4win for years without any hiccups.

I don’t want to open a new topic for this. So, I"ll ask here:

Is it normal that two revocation certificates created years apart of a particular key shows different block data (that wall of random text) with different file sizes?

Hi BRAC,
yes, it is strange indeed.

Kleopatra itself does not interfere with GpgEX, it only talks (and my help to configure) the crypto engine. The install as regular user may cause the problem with gpgol, (again wild guess).

As for the revocation certificates (assuming OpenPGP): They will contain at least the date and time, so they will be different files. Size could also vary depending on crypto defaults for the signature. (If there are more question, please open another topic.)

Best,
Bernhard

Thanks for the clarification on revocation certificates.

I’ll put up with the unavailable GpgEx for now and hope for a fix in a future release. GpgOL doesn’t bother me much because I don’t use outlook (for now).

Don’t want to drag on this discussion (off topic) much but it would be nice
if the installer didn’t warn (mislead) the user to install Gpg4Win suite with administrative rights if it’s indeed intended to be installed as a regular user.

Anyway, thanks for your help and patience.

Hi BRAC,
as far as I know Gpg4win should be installed as admnistrator, but run as regular user.

Best,
Bernhard

Thanks for the heads up Bernhard.

Hope the smartscreen thing behaves this time.