none
WACK Pass on Desktop, Failure on security for online submission? RRS feed

  • Question

  • I am struggling with this. I have followed the guidelines on Microsoft website :
    https: //docs.microsoft.com/en-us/windows/uwp/publish/the-app-certification-process

    • Technical compliance tests: Technical compliance is tested by the Windows App Certification Kit. (You should always make sure to test your app with the Windows App Certification Kit before you submit it to the Store.)

    I have done this exactly. using WACK 10.0.17763.1 receiving a 100% Pass, but when I submit to the store I get security errors with regards to SAFESEH, DYNAMICBASE, NXCOMPAT, and APPCONTAINER

    My app is a C# UWP app, and the help link in the web WACK links to the binary analyzer tests.

    https: //msdn.microsoft.com/library/windows/apps/hh920280.aspx

    I have implemented these suggestions, and C# apps don't have linker options. I have also contacted reportapp@microsoft.com which was not helpful. Has anyone had these issues/found a resolution?

    Tuesday, October 16, 2018 2:07 PM

All replies

  • Hello,

    It is normal for local WACK tests to pass successfully but online WACK tests to fail.The online WACK test refer to the most current Microsoft Store Policies and test your app with the most current version of the Windows App Certification Kit to make sure that your app complies with the latest performance requirements.

    >SAFESEH, DYNAMICBASE, NXCOMPAT, and APPCONTAINER

    As your error information was not detailed enough, I just listed some reasons that might lead to your certification failure.

    For SAFESEH issue: Please refer to /SafeSEH Exception Handling Protection 

    For DYNAMICBASE issue: Please refer to Address Space Layout Randomization

    For NXCOMPAT issue: Please refer to Data Execution Prevention 

    For APPCONTAINER issue: Please refer to AppContainerCheck

    Best regards

    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, October 17, 2018 5:51 AM
    Moderator
  • Hello,

    Is there any update for your WACK?Please feel free to update here if you have any question.

    Best regards

    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, October 23, 2018 6:13 AM
    Moderator
  • Thank you for your comment, but the links lead to more questions:
    For example the SafeSEH Exception Handling Protection says this:

    "Enable the /SAFESEH option in the linker command when you build your app. This option is on by default in the Release configurations of Visual Studio. Verify this option is enabled in the build instructions for all executable modules in your app."

    My app is a UWP C#, and from what I can tell C# doesn't have linker options. What is the best course of action now? Also, it identifies the failures within system libraries, that I have no control over:

    Windows security features test

    FAILED
        Binary analyzer

        Error Found: The binary analyzer test detected the following errors:
            File plugins\access\libaccess_concat_plugin.dll has failed the SafeSEHCheck check.
            File plugins\access\libaccess_imem_plugin.dll has failed the SafeSEHCheck check.
            File plugins\access\libaccess_mms_plugin.dll has failed the SafeSEHCheck check.
            File plugins\access\libaccess_realrtsp_plugin.dll has failed the SafeSEHCheck check.
            File plugins\access\libattachment_plugin.dll has failed the SafeSEHCheck check.
            File plugins\access\libdsm_plugin.dll has failed the SafeSEHCheck check.
            File plugins\access\libfilesystem_plugin.dll has failed the SafeSEHCheck check.
            File plugins\access\libftp_plugin.dll has failed the SafeSEHCheck check.
            ...
            File plugins\video_filter\libsharpen_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_filter\libtransform_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_filter\libvhs_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_filter\libwave_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_output\libdirect3d11_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_output\libdrawable_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_output\libflaschen_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_output\libvdummy_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_output\libvmem_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_output\libyuv_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_splitter\libclone_plugin.dll has failed the SafeSEHCheck check.
            File plugins\video_splitter\libwall_plugin.dll has failed the SafeSEHCheck check.
            File plugins\visualization\libvisual_plugin.dll has failed the SafeSEHCheck check.

        Impact if not fixed: If the app doesn’t use the available Windows protections, it can increase the vulnerability of the customer's computer to malware.

        How to fix: Apply the required linker options - SAFESEH, DYNAMICBASE, NXCOMPAT, and APPCONTAINER - when you link the app. See links below for more information:


    It asks me to apply linker options again, but again, I don't see how this works on C# UWP applications ?

    Wednesday, October 24, 2018 12:41 PM
  • Does anyone know how to enable SAFESEH on C# UWP ?
    Friday, October 26, 2018 1:29 PM
  • Hello,

    Sorry for the delay reply and the forum couldn't track your app certification process.Could you make a support ticket (free) through your developer account to ask for help?Please click 'Contact us' , select 'Dashboard issue' as the support topic and 'App certification failures' as the issue type to 'submit an accident'.by the way, this thread may give you some help for the /SAFESEH setting.

    Best regards

    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, October 29, 2018 2:04 AM
    Moderator
  • Hi Daisy,

    Thank you for responding. I am reaching out to the forums because the "submit an incident" is Much less than helpful than everyone seems to think. I have done exactly what you suggested, and it provides a link to contact reportpp@microsoft.com. Satish, the representative from reportapp@microsoft.com, keeps telling me to contact the forums, and go through the aka.ms/storesupport link.

    My issue is certification, and the certification team is not acknowledging the problem.

    I will take a look at the linked thread you have provided.


    Monday, October 29, 2018 12:00 PM