[Bug]: Blacklist is not working

[cippzurichnetgroup]

The problem

The blacklist config is distributed via Intune and the programs are also visible in the registry. but are still updated

What version of WAU has the issue?

2.1.0

What version of Windows are you using (ex. Windows 11 22H2)?

Windwos 11 24h2

What version of winget are you using?

v1.9.25200

Log information

#    09.01.2025 - CHECK FOR APP UPDATES (System context - Connected user)
#################################################################
15:53:14 - WAU Policies management Enabled.
15:53:14 - Notification Level: Full. Notification Language: Deutsch
15:53:14 - Checking internet connection...
15:53:14 - Connected !
15:53:14 - Checking prerequisites...
15:53:15 - -> WinGet is up to date: v1.9.25200
15:53:15 - Prerequisites checked. OK
15:53:15 - WAU current version: 2.1.0
15:53:15 - WAU AutoUpdate is Enabled.
15:53:15 - WAU is up to date.
15:53:15 - WAU uses Black List config
15:53:15 - -> Successsfully loaded default excluded apps list.
15:53:15 - Checking application updates on Winget Repository...
-> Available update : Lenovo Dock Manager version 1.5.1.8. Current version : 1.5.1.8. Available version : 1.5.2.2.
-> Available update : Google Chrome. Current version : 131.0.6778.205. Available version : 131.0.6778.265.
-> Available update : TeamViewer. Current version : 15.60.3. Available version : 15.61.4.
15:53:17 - Updating Lenovo Dock Manager version 1.5.1.8 from 1.5.1.8 to 1.5.2.2...
15:53:23 - ##########   WINGET UPGRADE PROCESS STARTS FOR APPLICATION ID 'Lenovo.DockManager'   ##########
15:53:23 - -> Running: Winget upgrade --id Lenovo.DockManager -e --accept-package-agreements --accept-source-agreements -s winget -h


  ████████▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒  1024 KB / 3.39 MB
  █████████████████▒▒▒▒▒▒▒▒▒▒▒▒▒  2.00 MB / 3.39 MB
  ██████████████████████████▒▒▒▒  3.00 MB / 3.39 MB
  ██████████████████████████████  3.39 MB / 3.39 MB
Found Lenovo Dock Manager [Lenovo.DockManager] Version 1.5.2.2
This application is licensed to you by its owner.
Microsoft is not responsible for, nor does it grant any licenses to, third-party packages.
Downloading https://download.lenovo.com/consumer/options/dockManagersetup_1.5.2.2.exe


  ██████████████████████████████  4.75 MB / 4.75 MB
Successfully verified installer hash
Starting package install...

Successfully installed
15:53:39 - ##########   WINGET UPGRADE PROCESS FINISHED FOR APPLICATION ID 'Lenovo.DockManager'   ##########
15:53:39 - Lenovo Dock Manager version 1.5.1.8 updated to 1.5.2.2 !
15:53:43 - Google Chrome : Skipped upgrade because it is *wildcard* in the excluded app list
15:53:43 - TeamViewer : Skipped upgrade because it is *wildcard* in the excluded app list
15:53:43 - 1 apps updated ! No more update.
15:53:46 - User logged on, get a list of installed Winget apps in System context...
15:53:47 - Starting WAU in User context...
#################################################################
#    09.01.2025 - CHECK FOR APP UPDATES (User context)
#################################################################
15:53:47 - WAU Policies management Enabled.
15:53:47 - Notification Level: Full. Notification Language: Deutsch
15:53:47 - Checking internet connection...
15:53:47 - Connected !
15:53:48 - WAU uses Black List config
15:53:48 - -> Successsfully loaded default excluded apps list.
15:53:48 - Checking application updates on Winget Repository...
15:53:49 - No new update.
15:53:49 - End of process!

Additional information

No response

[KnifMelti]

No bug.
Check that your LISTPATH is set to GPO:
https://github.com/Romanitho/Winget-AutoUpdate?tab=readme-ov-file#advanced-installation

[cippzurichnetgroup]

Thanks this works, but then the default excluded apps are ignored?

[KnifMelti]

Yes, now it's up to you.

[jakubj-kuba]

Hi Guys,

Thank you for your contributions on this project. I have read up a lot and tried to solve the blacklist issue but unable to prevent some applications from updating. I tried to use the AppID as shown in the winget list command then tried some other variations and WAU is still trying to process them, here is my setup and some of the logs:

WAU_ListPath is set to GPO and here is the string in policy

When WAU executes it's reading it (note I did have just the first two lines above, I thought maybe it needed quotes or wild cards or something because the exact appID still have the application processing.

Later on you can see processing the excluded app...

Here is the GPO:

Any thoughts how to get the exclude list to work I can assist to run more tests if needed.

Cheers,
Jakub

[KnifMelti]

Devolutions.RemoteDesktopManager and Wazuh.WazuhAgent are the correct ones.

Your first entries in the log file starts with (and is missing other things along the run):

#################################################################
#    21/01/2025 - CHECK FOR APP UPDATES (User Context)
#################################################################

It should be:

#################################################################
#    21/01/2025 - CHECK FOR APP UPDATES (System context - Connected user)
#################################################################

Is this really a current version of Romanitho WAU and not a fork? - ah you're running it directly as a user...
And it says Bypass system list in user context is Enabled, try disable that... - otherwise as a user running it will skip the list you're defined!

[KnifMelti]

This solution is not made for manually running the script.
It should run via SYSTEM from the Task Scheduler, thereby checking installations in SYSTEM context and filter them out when it comes to the part that checks installations in User context.
With Bypass system list in user context is Enabled you're telling WAU to disregard your black-/whitelist and then because you only run the User part (starting manually) it finds those applications and disregards your blacklist, as you commanded.
You can add a Start Menu shortcut in the installation that you can trigger the Task with... STARTMENUSHORTCUT=1

[mabubakarbajwa]

I have a question to the blacklist via Intune. My command is like this:
%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -file "Winget-Install.ps1" -AppIDs "Romanitho.Winget-AutoUpdate --scope machine --override \"/qn RUN_WAU=YES USERCONTEXT=1 LISTPATH=C:\blacklist\

I wanna use the local file excluded_apps.txt placed under path C:\blacklist. Can anyone tell me what will the correct way to write the file path in LISTPATH switch?

Updates log :

`20:06:10 - New log file created
#################################################################

26.01.2025 - CHECK FOR APP UPDATES (System context - Connected user)

#################################################################
20:06:13 - Notification Level: Full. Notification Language: Deutsch
20:06:13 - Checking internet connection...
20:06:13 - Connected !
20:06:13 - Checking prerequisites...
20:06:14 - -> WinGet is up to date: v1.9.25200
20:06:14 - Prerequisites checked. OK
20:06:14 - WAU current version: 2.1.0
20:06:14 - WAU AutoUpdate is Enabled.
20:06:14 - WAU Available version: 2.2.0
20:06:21 - Downloading the GitHub Repository version 2.2.0
20:06:22 - Updating WAU...
20:06:44 - WAU Update completed. Rerunning WAU...
#################################################################

26.01.2025 - CHECK FOR APP UPDATES (System context - Connected user)

#################################################################
20:06:48 - Notification Level: Full. Notification Language: Deutsch
20:06:48 - Checking internet connection...
20:06:48 - Connected !
20:06:48 - Checking prerequisites...
20:06:49 - -> WinGet is up to date: v1.9.25200
20:06:49 - Prerequisites checked. OK
20:06:49 - WAU current version: 2.2.0
20:06:49 - WAU AutoUpdate is Enabled.
20:06:49 - WAU is up to date.
20:06:49 - WAU uses External Lists from: C:\blacklist
20:06:49 - Couldn't reach/find/compare/copy from C:\blacklist...
20:06:49 - Critical: White/Black List doesn't exist, exiting...
`

[KnifMelti]

Can't replicate, OK here (installing MSI with your LISTPATH=C:\blacklist\) - notice in the log the ending \ is stripped:

But, the --override to Winget-Install.ps1 seems a little odd \"/qn RUN_WAU=YES USERCONTEXT=1 LISTPATH=C:\blacklist\
Check HKEY_LOCAL_MACHINE\SOFTWARE\Romanitho\Winget-AutoUpdate - WAU_ListPath for the actual string

[KnifMelti]

Can't replicate, OK here (installing MSI with your LISTPATH=C:\blacklist\) - notice in the log the ending \ is stripped:

Also tried via Winget-Install.ps1 in SYSTEM context: powershell.exe -NoProfile -ExecutionPolicy bypass -File C:\ProgramData\Winget-Install.ps1 -AppIDs "Romanitho.Winget-AutoUpdate --scope machine --override \"/qn RUN_WAU=YES USERCONTEXT=1 LISTPATH=C:\blacklist\ with your string exactly.
No errors and correct result.

[mabubakarbajwa]

I am pretty sure I tried with LISTPATH=C:\blacklist without "" at the end and it was not working.
I just tried it without "" and it worked!

Also checked registery previously, it was same as yours C:\blacklist\ and it was not working. Now the value is C:\blacklist without "" and it works fine.
Thanks for highlighting.