This App Has Been Blocked for Your Protection in Windows

When launching certain programs downloaded from the Internet, Windows may display an error message stating: This app has been blocked for your protection. When such an error occurs, the user, even if they have local administrator privileges, will be unable to install or run the application. This problem may occur with third-party EXE and MSI files, and in some cases, with built-in Windows *.msc snap-ins launched via MMC.exe.

User Account Control
This app has been blocked for your protection
An administrator has blocked you from running this app. For more information, contact the administrator.

Publisher: Unknown

This error may also look like this:

This publisher has been blocked from running software on your machine.

Why Windows May Block an App from Running

User Account Control (UAC) in Windows prevents the execution of files with expired, revoked, invalid, or corrupted digital signatures, as well as those signed by certificates added to the Untrusted Certificates store

Information about the digital signature of an executable file can be viewed in the file properties on the Digital Signatures tab. Most likely, you will see that the Code Signing certificate has already expired, which means that the file will be blocked from running.

You can also use the SigCheck utility to check a file’s digital signature information (the tool is available for download on the Microsoft website).

sigcheck.exe c:\users\sysops\Desktop\anvir.exe

In our case, the tool indicated that the certificate used to sign the file was found in the “Untrusted Certificates” store (the certificate can be added in this store by the administrator via GPO or by the user themselves).

Run the App from the Elevated Command Prompt

The simplest way to run a blocked app is to run it from an elevated command prompt (running as an administrator. In this case, you don’t have to edit any Windows security settings.

1. Open the CMD or PowerShell console in “Run as administrator” mode.
2. In the File Explorer GUI, right-click on the executable file and select Copy as path.
3. Right-click in the command prompt window to paste the file path into it and press Enter to run the file.
4. This app launch method lets you bypass the UAC check of the file’s digital signature.

If you need to run this application frequently, you can create a BAT or CMD script containing the program launch command and run it with administrator privileges.

Removing Digital Signature from an Executable File

A damaged or revoked digital signature from an executable (or setup) file can be removed using the third-party FileUnsigner tool.

1. Download and run the File Unsigner tool (requires installation of .NET Framework 3.5)
2. Open a command prompt. When you run the tool, specify the path to the file from which you want to remove the signature: FileUnsigner.exe "C:\Users\sysops\Desktop\anvir.exe"<
3. If the digital signature is successfully removed from the file, the message “Successfully Unsigned” will appear. 
4. After this, you will be able to run the app without blocking it from launch by UAC (SmartScreen warnings may still appear).

Permanently Disable UAC to Bypass Restrictions

As far as it is the UAC blocks running an application, it can be temporarily disabled.

You can disable UAC using the local Group Policy Editor (gpedit.msc). The UAC GPO settings can be found in the Windows Settings -> Security Settings -> Security Options section.

Open the “User Account Control: Run all administrators in Admin Approval Mode” option and set it to Disable.

Restart your computer update the Group Policy settings.

It is much more convenient and easier to disable UAC through the registry. To do it, open the Registry Editor (regedit.exe), navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System, and change the value of EnableLUA to 0.

Or run this command:
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Windows will prompt you to restart the computer to turn User Account Control off.

Try to install/run the blocked application. In case of success, turn UAC back on by setting the EnableLUA parameter value to 1.

Unblock a File Downloaded from the Internet

If you downloaded an executable file from the Internet (or other untrusted source), check if it is blocked by the Windows Security subsystem. To do this, open the file’s properties and select the “Unblock” checkbox.

Or unblock an executable file using PowerShell:
Unblock-File install_filename.exe

MMC.EXE: This App Has Been Blocked for Your Protection

In some cases, Windows may start blocking the launch of built-in tools and programs. For example, you will be unable to run the MMC.exe program, which used to launch all Microsoft Management Console (MMC) consoles, such as gpedit.msc, compmgmt.msc, services.msc, secpol.msc, devmgmt.msc, etc.

Try to run the Process Explorer and add the Verified Signer column. Most likely, you will see the words “No signature was present on the subject Microsoft Corporation” next to the most system process.

First, make sure your Windows contains up-to-date root certificates. Update the root certificates if necessary.

Another possible cause is errors in the operation of the Cryptographic Services. Verify that the CryptSvc service is running and is set to start automatically.

The Cryptographic Service database may be corrupted, but you can safely rebuild it using the following PowerShell commands:

Stop-Service cryptsvc
Rename-Item -Path "C:\Windows\System32\catroot2" -NewName catroot2.old
Restart-Computer

If none of the described methods helped, try using the following commands to check and restore the system files in the Windows image:

Sfc.exe /scannow
Dism.exe /Online /Cleanup-Image /Restorehealth