The ms-appinstaller protocol has been disabled; Activate it

0

Enterprise administrators can now re-enable the MSIX protocol handler ms-appinstaller that Microsoft previously disabled after Emotet Malware was used by threat actors to exploit the feature to deliver malicious Windows App Installer packages. This article describes how this protocol can be without issue activated again.

What is the ms-appinstaller protocol handler?

The ms-appinstaller (AppX Installer) protocol handler was introduced to allow users to seamlessly install an application by simply clicking a link on a website. Basically, this protocol handler allows users to install Windows applications directly from a web server using a MSIX package or App Installer without first downloading the installers to their computer.

The ms-appinstaller protocol has been disabled

Microsoft has disabled the ms-appinstaller protocol following earlier reports of Emoticon attacks exploiting a Windows AppX Installer zero-day spoofing vulnerability, forcing users to download application packages to their device before installing them using App Installer.

However, following a recent announcement, it seems Microsoft finally managed to resolve the issue and IT administrators can now safely re-enable the protocol. Microsoft had the following to say;

We recognize that this feature is essential for many businesses. We take the time to do extensive testing to ensure that re-enabling the protocol can be done in a secure manner. We plan to introduce a group policy that would allow IT administrators to re-enable the protocol and control its use within their organizations.

How to enable the ms-appinstaller protocol on Windows?

To enable the ms-appinstaller protocol for MSIX, you will need to download and install both the latest Application Installer (at the time of writing this article, version 1.17.10751.0) and the application Desktop App Installation Policy on your Windows computer and then enable the feature through the Local Group Policy Editor. To perform this task, follow these steps:

If you are running the ms-appinstaller protocol on your website, you can update the link to your app by removing ‘ms-appinstaller:?source=’ so that the MSIX package or App Installer file can be downloaded to the user’s machine.

  • To download the last Application Installer (offline version).
  • After downloading, unzip the archive package.
  • Now run it MSIXBUNDLE File to update to the latest version of App Installer.
  • Following, To download the last Desktop App Installation Policy (ADMX models).
  • After downloading, extract the contents of the archive package, then deploy the Administrative Templates.
  • Next, open the Local Group Policy Editor.
  • In the Local Group Policy Editor, use the left pane to navigate to the path below:
Computer Configuration > Administrative Templates > Windows Components > Desktop App Installer
  • In the location, in the right pane, double-click Enable ms-appinstaller App Installer Protocol strategy to modify its properties.
  • In the policy window, set the radio button to Authorized.
  • Click on To apply > Okay to save changes.
  • Exit the Local Group Policy Editor.
  • Restart the computer.

That’s it!

How to install Appinstaller on Windows 10?

To install Appinstaller on Windows 11/10, follow these steps:

  • Download the app package file to a local folder.
  • Install it using the Add-AppxPackage PowerShell command.
  • Next, download the appinstaller file to a local folder on your drive.
  • Install it using the Add-AppxPackage -Appinstaller PowerShell command.

What is the MSIX app?

MSIX is a Windows application package format that provides a modern packaging experience for all Windows applications. The MSIX package format preserves the functionality of existing application packages and/or installation files, in addition to enabling new modern packaging and deployment features for Win32, WPF, and Windows Forms applications.

Will MSIX replace MSI?

MSIX is Microsoft’s intended replacement for the MSI and AppX formats. Starting with Windows 10 1809, MSIX will completely replace AppX as a package format. MSIX is still undoubtedly the future of application packaging. Despite the huge benefits for large organizations, enterprise adoption will be slow until compatibility tools, ISV support, and proper packaging tools reach critical mass.

Share.

Comments are closed.