Many users have noticed that when running or installing some programs in Windows 10, “This app has been blocked for your protection” error pops up and prevents normal running or installing the applications. Interestingly, the problem occurs not only with third-party exe or msi files, but also with standard Microsoft msc snap-ins, launched via mmc.exe. Thus, even a user with local administrator privileges cannot run or install such applications.
This app has been blocked for your protection An administrator has blocked you from running this app. For more information, contact the administrator.
The error “
This publisher has been blocked from running software on your machine” can also appear.
The Windows 10 User Account Control (UAC) blocks running/installing applications with an expired or revoked digital signature. You can verify this in the properties of the executable file on the Digital Signatures tab. Most likely the Code Signing certificate has already expired.
If you are sure that the application is safe and was received from a trusted source, you can bypass this notification and run/install the program. There are some ways to bypass it:
Running the Application from the Elevated Command Prompt
You can try to bypass this software restriction block by running the command prompt with the administrator privileges and starting the application there:
Alternatively, you can create a bat/cmd file with the application launch string and run the batch file as an administrator.
Unblock a File Downloaded from the Internet
If you downloaded the executable file from the Internet, check if it is blocked by the Windows security system. To do this, open the file properties and set the “Unblock” checkbox.
It is also possible to unblock a file using PowerShell:
Removing Digital Signature from a File
You can try to remove the code digital signature of a setup file (for example, using a third party FileUnsigner tool).
As far as it is the UAC system that blocks running an application, it can be temporarily disable it.
You can disable UAC through Group Policies. UAC GPO settings are located under Windows Settings -> Security Settings -> Security Options section. The names of the UAC policies start from User Account Control. Open the option “User Account Control: Run all administrators in Admin Approval Mode” and set it to Disable.
To update the Group Policy settings, you need to restart your computer.
It is much more convenient and easier to turn off UAC through the registry. To do it, go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System in the Registry Editor (regedit.exe) and change EnableLUA value to 0.
Or run this command:
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
To turn User Account Control off, the system will require to restart the computer:
Try to install the blocked application. In case of success, enable UAC back by setting the EnableLUA value to 1.
Run an App Using the Built-in Windows Administrator Account
If no of the previous methods helped, you can try to run/install the application with the built-in administrator account. There is no UAC for this account. How to enable the built-in Windows 10 administrator account is described here.
MMC.exe App Has Been Blocked for Your Protection
In some cases, Windows 10 may start blocking the launch of built-in Windows tool and programs. For example, mmc.exe program, through which run all Microsoft msc snap-ins (gpedit.msc, compmgmt.msc, services.msc, secpol.msc, devmgmt.msc, etc.).
Try to run the Process Explorer and add the Verified Signer column. Most likely, in front of the applications, you will see the caption “
No signature was present on the subject Microsoft Corporation”.
First of all, make sure that your Windows contains up-to-date root certificates. Update them if necessary.
Another possible problem is errors in Cryptographic Services. Make sure the CryptSvc service is running and configured to start automatically.
You can recreate the Cryptographic Service EDB database file with the following PowerShell commands:
Rename-Item -Path "C:\Windows\System32\catroot2" -NewName catroot2.old
If all the described methods didn’t help, try to check and restore the integrity of Windows system files with the commands:
Dism.exe /Online /Cleanup-Image /Restorehealth