Hello, I am seeing access denied error while installing below app. The policy allows child processes with Full Admin token. In EPM Analytics I see that child processes are getting the token assigned. https://www.dinolite.us/download/ Dinocapture 2.0
In Process Explorer it shows only 4 child processes. These are getting Full Admin assigned per PMC logs. I couldn’t see any processes accessing the said files from error screenshot when checked in handle.exe. Attaching the logs , in case anyone has seen similar errors in other apps and got any pointers to troubleshoot further. The install works fine with local admin user.
Best answer by Neil
Hey @bt101, are you on the latest EPM client version, 25.2.40? If not, I would test with that version first.
The reason I bring this up is because you may be running into a recently resolved issue:
Regsvr32 elevation not working correctly since 25.2 - call to dllregisterserver failed with error code 0x80070005
We’ve improved compatibility for installers that require COM registration by refining our COM protection mechanism, ensuring legitimate elevated processes can register COM objects without issue while maintaining strong security against COM hijacking. We have also added a local auditing event, when a process is blocked from reading or writing to the HKU\Software\Classes\CLSID part of the registry, this event will be generated. This helps administrators understand why an application might have behaved unexpectedly.
Hey @bt101, are you on the latest EPM client version, 25.2.40? If not, I would test with that version first.
The reason I bring this up is because you may be running into a recently resolved issue:
Regsvr32 elevation not working correctly since 25.2 - call to dllregisterserver failed with error code 0x80070005
We’ve improved compatibility for installers that require COM registration by refining our COM protection mechanism, ensuring legitimate elevated processes can register COM objects without issue while maintaining strong security against COM hijacking. We have also added a local auditing event, when a process is blocked from reading or writing to the HKU\Software\Classes\CLSID part of the registry, this event will be generated. This helps administrators understand why an application might have behaved unexpectedly.
By clicking “Accept Cookies”, you agree to the storing of cookies on your device to enhance and personalize your experience. Learn more about our cookies.
You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.
