Does the web application always have the same name? If so, you could go to Defense+ -> Computer Security Policy and add the application, then assign it the Installer or Updater policy.
Ok. Here is what I did, but still not sure if it will work (need to test the config): Using your advice, I did add the exe to the Computer Security Policy, however the app is a one-click install (see the ClickOnce info below). When an 'update' occurs with a One Click .NET app, the entire application is reinstalled in the AppData folder named with an arbitrary GUID that changes at each update. Therefore, there is no ONE single application file and path that can be added to the policy to allow it passed Defense+.
Here is what I am contemplating now... With all the above said, it seems that the only thing I can thing of is allowing the entire install path folder through D+. I have not tried to see if there is a way to add a user folder path in D+. This is not best practice, however it is better than turning off D+.
1. Is the * dynamic? Meaning; If I add the above path with the *wildcard, will every application or file I install in that path FROM NOW ON, be in the Computer Security Policy? The reason I ask is that when I add this path in the Trusted Files of the standalone CIS and click Apply, it actually adds all CURRENT files from that directory... NOT anything that I add after
I apply that security policy.
2. I added this path as an Installer/Updater (and might change it to a custom policy):
This was allowed on the CESM Console, but again, unsure if it allows everything added to the .\2.0\ folder from now on.
I will reply after testing.
Chiron, Nope. This app is not signed. This particular app wasn't developed in-house here. We have developed a few .Net apps and because of this issue, we are probably going to digitally sign them all from now on. That would make it easy, though. I guess there is hope for the future.
I am going to add a request to the Comodo - Wishlist... to integrate into IE Trusted Sites or simply a setting that would allow allow apps to run if running from particular websites.
ClickOnce web-based deployment info:http://msdn.microsoft.com/en-us/library/bb756885.aspx