Skip to main content

SQ14153

Detected Windows executable files that opt out of dependency isolation while including a manifest that specifies how dependency loading should be performed.

priorityCI/CD statusseverityeffortSAFE levelSAFE assessment
passhighhighNonehardening: warning
Reason: dependency isolation problems

About the issueโ€‹

Isolated Applications and Side-by-Side Assemblies are a solution to lessen the impact of dependency version conflicts. When an application depends on a common operating system component with multiple incompatible versions, it must reference the correct one. This type of isolation provides a mechanism for versioned applications and dependencies to run simultaneously without conflicts. The operating system is informed of the correct dependency versions to load through an application manifest. It can be found within application resources or supplied as a standalone file. Using such a manifest implies that the application is isolation-aware. However, it was detected that the application was compiled to opt out of dependency isolation while also including a manifest resource. This was likely an oversight during application upgrade to include isolation capabilities.

How to resolve the issueโ€‹

  • In Microsoft VisualStudio, you can enable isolation by passing the option /ALLOWISOLATION to the linker.

Incidence statisticsโ€‹

ReversingLabs periodically collects and analyzes the contents of popular software package repositories for threat research purposes. Analysis results are used to calculate incidence statistics for issues (policy violations) that Spectra Assure can detect in software packages.

This section is updated when new data becomes available.

Total amount of packages analyzed

  • RubyGems: 183K
  • Nuget: 644K
  • PyPi: 628K
  • NPM: 3.72M
Statistics are not collected for the SQ14153 policy at this time, or not applicable to this type of issue.