since recently, the KeePassRPC plugin is being blocked by Windows 11 Smart App Control on my system.
As far as I understand, this is because the plugin is not digitally signed. Currently, the only workaround seems to be disabling Smart App Control completely, which is not ideal from a security perspective.
Is there any other solution to this problem?
For example, would it be possible for the developer to provide a digitally signed version of the plugin, or is there another recommended workaround?
The plugin (DLL file) is built dynamically by KeePass on your own system (using the PLGX file that you originally installed) so there can be no way to digitally sign it.
It is possible that I could generate a new DLL for every release of KeePass but:
a) I’ve never verified whether this would allow for a digital signature to be applied to the DLL file
b) I can’t commit to new releases aligned with the timing of every new KeePass release
c) Users would have to reinstall the KeePassRPC plugin every time they update the KeePass executable, which would be an inconvenience too far for many people
(a) may be trivial to overcome (I just don’t know about it yet). (b) should be possible to workaround, perhaps if someone were to develop a GitHub Actions workflow to automate the process. (c) might be a tolerable trade off for a handful of users.
So I would say there is a chance this situation could be changed in future but it’s not something I have any spare time to dedicate to at the moment and it’s not a great tradeoff between effort and benefit right now.
As for whether the lack of digital signature is the cause of your “Smart App Control” block, I’m afraid I have no idea. Perhaps someone else has come across a similar problem and knows of a way to work around the block, or might inform us that the block isn’t really related to signatures at all?
Hi, thank you very much for your reply. Your analysis is very interesting.
I’ve now checked everything again on the affected PC - without changing anything - and suddenly it’s working again! As I said, Smart App Control is still enabled and I haven’t changed anything else. Maybe there was a Windows update? I don’t know, but in any case, thank you again for trying to help.
I’ll get in touch again if the problem comes back. Maybe in the future, Microsoft will establish a way to configure Smart App Control in a more flexible way, for example by allowing exceptions.