Solution: Your administrator has blocked this application because it potentially poses a security risk to your computer

The Problem: Your administrator has blocked this application…

You’re trying to install a ClickOnce application and get an error message saying: “Your administrator has blocked this application because it potentially poses a security risk to your computer”:
Your administrator has blocked this application because it potentially poses a security risk to your computer

You are the administrator and don’t remember blocking any applications (if you’re not the admin, contact them instead of reading this article).

The reason this is happening

The ClickOnce trust prompt is disabled on your operating system, so instead of a dialog (prompt) which allows you to either proceed with the installation or not, you just get the message above.

The solution

You can change the ClickOnce trust prompt behavior by editing the registry subkeys under:

\HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\.NETFramework\Security\TrustManager\PromptingLevel

There should be five subkeys, one for each security zone:
Registry trustmanager promptinglevel

Each subkey can have one of the following values:

  • Disabled: No trust prompt is shown, instead you get the error message above.
  • Enabled: A trust prompt is shown.
  • AuthenticodeRequired: A trust prompt is shown only for signed applications (other applications cannot be installed).

Trust prompt example

If the application you’re trying to install has been published on the Internet, you’ll want to set the Internet subkey to “Enabled” (or to “AuthenticodeRequired” if the applicationt has been digitally signed). You should then see a trust prompt instead of the “your administrator has blocked this application” error:
Trust Prompt - do you want to install this application

Free Trust Prompt Tool

As an alternative to editing the registry manually, you can also use a free trust prompt tool I wrote:
Trust Prompt Tool

It allows you to easily display and modify the trust prompt configuration.

Notes:

  • If you don’t trust yourself or other people using your PC, you can change the respective zone setting back to “Disabled” after installing the ClickOnce application. The trust prompt configuration has no effect on installed applications and their updates.
  • You could also add the publisher’s site to your trusted sites and only enable trust prompts for the TrustedSites subkey.
  • Are you wondering why all your trust prompt settings have been changed to “Disabled”? Unfortunately, I have no idea. I’ve had this happen on multiple PCs and I’m pretty sure I didn’t do this myself.

New Admin Email Address message from WordPress – a bug, not a breach

I woke up today to the following message concerning three of my blogs:

Howdy <wp.com username>,

You recently requested to have the administration email address on
your site changed.

If this is correct, please click on the following link to change it:
<blog URL>/wp-admin/adminemail/<hash>/

You can safely ignore and delete this email if you do not want to
take this action.

This email has been sent to <my email>

Regards,
All at <blog name>
<blog URL>

I was fairly sure I had not requested any changes to my admin email in the middle of the night. Could someone have hacked three of my blogs, hosted with three different providers, including one important blog (obviously not this one) protected by several additional security measures?

Furthermore, why was the pending change not shown in the user profile? Unconfirmed email changes should look like this:
WordPress pending email change

Finally, as far as I understand, these emails would be sent to the new admin email address, not the old one, making a hack even more unlikely.

As it turns out, it was a bug in Jetpack. WordFence has more details.

How to add a URL to the Java Exception Site List file

On one of our computers, the Security Tab in the Java Control Panel sometimes looks like this:
Java Control PanelAs you can see, the part required to manage the exception site list is missing/not accessible. I have no idea why (reinstalling Java did not help).

However, you can also add exceptions by directly editing the exception.sites file. Under Win 7, it is normally found in the C:\Users\*YOUR USERNAME*\AppData\LocalLow\Sun\Java\Deployment\security directory. Simply add a new line for each URL (e.g. https://stupdidbank.example.com), save the file, then restart the browser.

See this page or the official Java documentation for further information.