Applocker readiness

Dear KNIME Experts,
we use Microsoft Windows Applocker for “Application Allow Listing”:
AppLocker - Windows Security | Microsoft Learn

…since it is the Top2 NSA recommended security measures against Ransomware:
#StopRansomware Guide | CISA

KNIME does not come applocker compliant out of the box since it extracts at least 3 DLL files to users Appdata directory where they get blocked.

We tackled 2 of them successfully on our own by copying them to KNIME installation directory: localfile_1_0_0.dll + SNAPPYJAVA.DLL
Copied to %programfiles%\knime\

The last one we don’t get fixed since KNIME extracts the same jna.dll evertime new on startup:


We know this extact problem from other “Eclipse Applications” like KNIME
java - Windows AppLocker Path Wildcards for Files and Folders - Stack Overflow

…but the measures we know do not work here since KNIMEs integrated java runtime does not honor the following settings: Overview (JNA API) ( Loading from the system may be disabled by jna.nosys=true , and unpacking from the jar file may be disabled by jna.nounpack=true

Could you please help us to disable this “extracting and loading DLL from users directory” behaviour and get KNIME Applocker ready?

Any help appreciated :slight_smile:
Best regards