none
Steps to disable security warnings for debugging a Windows service while in development mode RRS feed

  • Question

  • Greetings,

    Question, what are the steps to disable Security Warning: Attaching to a process owned by an untrusted user can be dangerous. If the following information looks suspicious or you are unsure, do not attach to this process” for running a Windows Service running on Windows 10 using Visual Studio 2017 while not in production but instead during development of the service?

    Background, I wrote a Windows service which is launched via a C# utility. Run this utility, starts the service which in turn in OnStart event of the service Debugger.Launch triggers a security warning.

            /// <summary>
            /// When in debug mode when you start up the service a prompt for
            /// a debugger will be displayed. Select the instance of Visual Studio
            /// with the source for this project open. If you currently have the service
            /// installer running while attempting this you will not be able to select it.
            /// </summary>
            /// <param name="args"></param>
            protected override void OnStart(string[] args)
            {
    #if DEBUG
                Debugger.Launch();
    #endif
                ScheduleService();
            }

    I found the following (but it's not for VS2017) which indicates to traverse to 

    HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\<version>\Debugger\DisableAttachSecurityWarning and set DisableAttachSecurityWarning to 1.

    Understanding that Visual Studio 2017 uses C:\Users\username\AppData\Local\Microsoft\VisualStudio\15.0_4b344226\ privateregistry.bin I loaded the file, traversed to Computer\HKEY_LOCAL_MACHINE\KP\Software\Microsoft\VisualStudio\15.0_4b344226\Debugger and noted there is no DisableAttachSecurityWarning so I added one and set it to 1. Started the service and still was presented with the security warning.

    Same as in this post

    https://stackoverflow.com/questions/42753355/disable-security-warning-when-attaching-a-process-in-visual-studio-2017

    Environment

    I am an admin on the box with pretty much full rights using Visual Studio 2017

    Note service needs to run under local system

    Reference which lead me down the path above.

    https://developercommunity.visualstudio.com/content/problem/33667/disabling-attach-security-warning.html

    Github repository for a sample solution which the above is based off.

    In closing, I believe all details are present and if not ask for more specifics.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange




    Monday, July 8, 2019 8:41 PM

All replies

  • Hi Kareninstructor,

    Thank you for posting here.

    After testing your sample which is from github, when I run the ServiceInstaller.exe as administrator and then choose JIT debugger, there is no Security Warning in my side. But it will break on the code line :Debugger.Launch(). 

    My environment: visual studio 2017 enterprise 15.9.10,  win10 enterprise 1903

    And as developer community link, did you have related registers in the specified path like the below picture?

     

    Best Regards,

    Dylan


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Tuesday, July 9, 2019 9:54 AM
  • Hello Dylan,

    My environment, Visual Studio Enterprise, 15.9.13, Windows 10 Enterprise 1703 (have no control over updates which are managed by the service desk).

    In regards to the registry

    In regards to running things, I start visual studio in admin mode. In the following screenshot my requirement is to not have the prompt to "Yes, debug..." but instead go right to the Debugger.Launch line and start the debug process.

    Just took this screenshot


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Tuesday, July 9, 2019 1:25 PM
  • Hi Kareninstuctor,

    Thank you for reply.

    After research, when Debug.launch() method runs, it would throw a security exception.

    Please refer more from: Debugger.Launch Method

    Maybe you could set the UIpermission to start the debugger.

    Best Regards,

    Dylan


    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Wednesday, July 10, 2019 8:44 AM
  • Hello Dylan,

    Yes Debugger.Launch throws an exception and as per Microsoft documentation found in this post (which is also in my initial post) indicates that a registry setting will resolve this issue for VS2015 which which lead me to another post for VS2017 to do the same but by loading a registry file as per this post and under the Debugger node add the same setting as per the first post which I did and that failed also.

    All of the above prompted me to post this post to learn how to circumvent the security prompt for working in development mode, not test mode and not production mode.

    In regards to UIPermission, I did a quick search and found nothing to assist with where to begin to use this for discarding the security prompt. So, can you provide instructions which steps through what needs to be done to circumvent the security prompt would be great, otherwise I'm without a path to attempt this with UIPermission.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Wednesday, July 10, 2019 10:29 AM
  • I do not think security warnings
    "Attaching to a process owned by an untrusted user can be dangerous ..."
    and
    " ... was launched without necessary security permisson ..."
    are interchangeable.

    When you try to attach with VS debugger to a higher privileged process you get a popup, which is called by devenv:

    "DisableAttachSecurityWarning" is ignored

    The equivalent for Debugger.Launch  - which resembles 'Just In Time Debugging', therefore involving an additional process 'vsjitdebugger.exe' - seems to be:

    .

    In this case, "DisableAttachSecurityWarning" also does not apply, Vsjitdebugger.exe does not know about this registry key, devenv may not be even started. 

    Well, "involving an additional process" is not quite correct, in fact, when warning appears, there are two instances of vsjitdebugger, and reaching *Choose Just-In-Time Debugger' three.

    Trying to to attach manually with vsjitdebugger from an administrator command-prompt. which I would have expected should do the trick, shows also security dialog, invoked by the second instance of vsjitdebugger, which is started by svchost.exe. This instance is just started with unsufficient privileges.

    No warranty
    With kind regards

    Friday, July 12, 2019 10:14 PM
  • I do not think security warnings
    "Attaching to a process owned by an untrusted user can be dangerous ..."
    and
    " ... was launched without necessary security permisson ..."
    are interchangeable.

    When you try to attach with VS debugger to a higher privileged process you get a popup, which is called by devenv:

    "DisableAttachSecurityWarning" is ignored

    The equivalent for Debugger.Launch  - which resembles 'Just In Time Debugging', therefore involving an additional process 'vsjitdebugger.exe' - seems to be:

    .

    In this case, "DisableAttachSecurityWarning" also does not apply, Vsjitdebugger.exe does not know about this registry key, devenv may not be even started. 

    Well, "involving an additional process" is not quite correct, in fact, when warning appears, there are two instances of vsjitdebugger, and reaching *Choose Just-In-Time Debugger' three.

    Trying to to attach manually with vsjitdebugger from an administrator command-prompt. which I would have expected should do the trick, shows also security dialog, invoked by the second instance of vsjitdebugger, which is started by svchost.exe. This instance is just started with unsufficient privileges.

    No warranty
    With kind regards

    Thanks for the reply but I need to fire up the service via the utility app I have and with that there must be a method to do this. This service I'm working on is a very mature and rather large service that when working on the service in debug mode I really don't have time to do as you have suggested.

    Our enterprise level engineers have never had to deal with this before until a contract ended with a vendor and I tool over modifying the service.  

    Bottom line is I need to get in fast, make changes, get back in quickly to run test and not be slowed down with security working with a service I've gone over all the code so there are zero security risk.


    Please remember to mark the replies as answers if they help and unmarked them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.

    NuGet BaseConnectionLibrary for database connections.

    StackOverFlow
    profile for Karen Payne on Stack Exchange

    Saturday, July 13, 2019 2:42 AM
  • Hi Kareninstructor,

    Sorry to trouble you and just want to confirm that if your issue is solved or not, if yes, we will appreciate that you could share the solution here. If not, we recommend you could post it as suggestion to vs product team: https://developercommunity.visualstudio.com/content/idea/post.html?space=8

    Have a nice day.

    Best Regards,

    Dylan



    MSDN Community Support Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Friday, July 26, 2019 6:04 AM