Modify update location to avoid conflicting with Enterprise policies

  • I would recommend changing the scheme of temporary update directory tree structure to one that is less dynamic. Currently the structure looks like this : %AppData%\Local\Temp\1\Update-e25df029-01a4-4d91-b03a-e1c022ac8058\Vivaldi.2.0.1309.37.exe. As executable files are more and more commonly disabled from the temporary directories in the enterprise, it make it almost impossible to support the current update directory scheme. If the updates directories were not update specific, the enterprise could create an exclusion for said directory to commonly allow updates for vivaldi. This could be as simple as %AppData%\Local\Temp\1\VivaldiUpdate\Vivaldi.2.0.1309.37.exe. This would allow for a simple exclusion such as %AppData%\Local\Temp\1\VivaldiUpdate\*.exe

    In addition, the installer may also be impacted by this.

    The disablement of executable from running via SRP is an Anti-Ransomware method, which is recommended by the FBI.

    //MODEDIT: Added inline code blocks for better readability

  • Moderator

    The installer can be unpacked with a utility such as 7zip, if it would be easier for you to install.

    You would not set the registry entries that way, but if you're just upgrading from one version to the next, that should work fine.

    Unpack installer > copy and replace existing files

  • I would guess that %temp%\Vivaldi\Update-e25df029-01a4-4d91-b03a-e1c022ac8058\ would be a better place to store the installer, because the update process might need a unique/empty folder each time.

    %temp%\Vivaldi\ might then be used for other, perhaps cache-related, temporary operations.

  • @dantesoft That would be a workable solution. The Vivaldi directory could then be whitelisted, and all future updates would then work for the entire enterprise.

  • @lonm This solution might be appropriate for a singular knowledgeable user or power user. That said, this would be time intensive to find all installs of this application, and to then manually run installers to update those machines. If, however, the installer/update temp location was more static, then a whitelist could be created for it, and it would allow users to install on their own accord.

  • @kindofscsi said in Modify update location to avoid conflicting with Enterprise policies:

    //MODEDIT: Added inline code blocks for better readability

    I have tested the installer on a fresh Windows 10 Install with the SRP via GPO. The installer is in fact directly affected by this as well. This would mean that any Enterprise that has deployed Temp directory Executable disablement via SRP will not be able to install the Vivaldi browser.

    Exclusions for Vivaldi cannot be made in advance due to the dynamic directory structure used in both the installer and the updater.

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.