Windows Defender has what’s called “Exploit protection settings”. In Powershell, these are called ProcessMitigation. There’s one ProcessMitigation that prevents LO from running. In the GUI this setting is called “Validate handle usage”. In Powershell this setting is called StrictHandle. We have it enabled by default, i.e. system-wide.
With this mitigation enabled, LO cannot start, and produces the following error
LO does not have a problem with any other of the mitigation options we have enabled.
You can create exceptions in Defender though, and except a process from mitigations. Doesn’t help LO. I believe that this is due to LO running from soffice.bin. Defender can create rules and exceptions to .exe only. I have another program NoMachine that also runs from .bin files, and same issue. Cannot run with StrictHandle enabled, and cannot create exceptions for it.
System-wide changes to ProcessMitigation (or via the GUI) do not take effect until reboot. This means that to run LO, I need to remove the mitigation and reboot.
Has anyone figured out a way to work these two? I assume that .bin files run under some other system exe, which I can except. Process exceptions can be effected without rebooting (by killing and restarting the process)
Possible to take this into development consideration?
Was unable to find anything on the web related to this, or anything close.