|
1 | 1 | --- |
2 | 2 | title: Modern apps or application packages are reported as vulnerable |
3 | | -description: Provides resolutions for the issue in which modern apps or application packages are reported by vulnerability scanning. |
4 | | -ms.date: 12/26/2023 |
| 3 | +description: Provides resolutions for the issue in which modern apps or application packages are reported by vulnerability scanning due to multiple versions. |
| 4 | +ms.date: 10/21/2024 |
5 | 5 | manager: dcscontentpm |
6 | 6 | audience: itpro |
7 | 7 | ms.topic: troubleshooting |
8 | 8 | ms.reviewer: kaushika, kimberj |
9 | 9 | ms.custom: sap:Windows Desktop and Shell Experience\Modern, Inbox and Microsoft Store Apps, csstroubleshoot |
10 | 10 | --- |
11 | | -# Modern apps or application packages are reported as vulnerable |
| 11 | +# Modern apps or application packages are reported as vulnerable due to multiple versions |
12 | 12 |
|
13 | | -This article provides resolutions for the issue in which modern apps or application packages are reported by vulnerability scanning. |
| 13 | +This article provides troubleshooting suggestions when there are multiple versions of a modern app or application package on a computer. The app might be reported as vulnerable by system vulnerability scanning and can't be resolved by updating to the latest version. |
14 | 14 |
|
15 | | -_Original KB number:_ 5011324 |
| 15 | +*Original KB number:* 5011324 |
16 | 16 |
|
17 | | -Some modern apps or application packages are reported as vulnerable by system vulnerability scanning, and can't be resolved by updating to the latest version. |
| 17 | +## Symptoms |
18 | 18 |
|
19 | | -## Multiple app folders in the system |
| 19 | +In recent Windows versions, several parts of the shell have been moved to modern apps. Those apps are introduced as *.msix* or *.appx* files and need to be registered per user each time a user signs in to Windows for the first time or after an app update. |
20 | 20 |
|
21 | | -If there are multiple user profiles in the system, apps installed per users may create multiple app folders because of different versions. The folders are in the *C:\\Program Files\\WindowsApps* hidden folder. |
| 21 | +Those modern apps might be **SystemApps** (such as **StartMenuExperienceHost** and **ShellExperienceHost**) introduced within Windows Cumulative Updates or **WindowsApps** updated through Windows Update connecting to Windows Store endpoints. |
22 | 22 |
|
23 | | -## Multiple app versions in the system |
| 23 | +Because of this inherent design, you might encounter one of the following issues: |
| 24 | + |
| 25 | +### Multiple app folders in the system |
| 26 | + |
| 27 | +If there are multiple user profiles in the system, apps installed per user might create multiple app folders because of the different versions. The folders are in the *C:\\Program Files\\WindowsApps* hidden folder. |
| 28 | + |
| 29 | +### Multiple app versions in the system |
24 | 30 |
|
25 | 31 | Consider the following scenarios: |
26 | 32 |
|
27 | | -- Several users are signed in at the same time and Microsoft Store is enabled. One user is using the app during a Microsoft Store background update. |
28 | | -- Some users don't sign in frequently and Microsoft Store is disabled. The system administrator updates the app manually. |
| 33 | +- Several users are signed in at the same time, and Microsoft Store is enabled. One user is using the app during a Microsoft Store background update. |
| 34 | +- Some users don't sign in frequently, and Microsoft Store is disabled. The system administrator updates the app manually. |
29 | 35 |
|
30 | | -In these scenarios, there are multiple versions of the app per users in the system, which doesn't affect users. However, the app or application package is reported as vulnerable if the app isn't updated for all users. |
| 36 | +In these scenarios, there are multiple versions of the app per user in the system, which doesn't affect users. However, the app is reported as vulnerable if the app isn't updated for all users. |
31 | 37 |
|
32 | 38 | ## Update the app for all users or remove the old packages |
33 | 39 |
|
34 | 40 | To resolve this issue, use one or more of the following methods: |
35 | 41 |
|
36 | | -- Ensure that the app is updated for all users in the system. |
37 | | -- Remove the old packages (`.appx`) by using one of the following cmdlets: |
38 | | - - The Deployment Image Servicing and Management (DISM) cmdlet [Remove-AppxProvisionedPackage](/powershell/module/dism/remove-appxprovisionedpackage): |
| 42 | +### Method 1: Ensure that the app is updated for all users in the system by reconnecting to the machine with user profiles |
| 43 | + |
| 44 | +1. Identify the user profiles in which the old Appx version package is installed by using the Appx cmdlet [Get-AppxPackage](/powershell/module/appx/get-appxpackage) from an elevated PowerShell window: |
| 45 | + |
| 46 | + ```powershell |
| 47 | + Get-AppxPackage <Application Name> -AllUsers |
| 48 | + ``` |
| 49 | + |
| 50 | +2. Reconnect to the machine with the identified user. |
| 51 | + |
| 52 | +### Method 2: Remove the old packages (*.appx*) |
| 53 | + |
| 54 | +1. Identify the user profiles in which the Appx package is installed with the Appx cmdlet [Get-AppxPackage](/powershell/module/appx/get-appxpackage) from an elevated PowerShell prompt: |
| 55 | + |
| 56 | + ```powershell |
| 57 | + Get-AppxPackage <Application Name> -AllUsers |
| 58 | + ``` |
| 59 | + |
| 60 | +2. Identify if the app is provisioned. To get a list of all provisioned apps, use [Get-AppxProvisionedPackage](/powershell/module/dism/get-appxprovisionedpackage): |
| 61 | + |
| 62 | + ```powershell |
| 63 | + Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName |
| 64 | + ``` |
| 65 | + |
| 66 | +3. Remove the Appx package for all users in the system: |
| 67 | + |
| 68 | + ```powershell |
| 69 | + Get-AppxPackage <Application Name> -AllUsers | Remove-AppxPackage -AllUsers |
| 70 | + ``` |
39 | 71 |
|
40 | | - ```powershell |
41 | | - Remove-AppxProvisionedPackage -PackageName <Application Name> |
42 | | - ``` |
| 72 | + > [!NOTE] |
| 73 | + > For more information and usage examples regarding the management of Appx packages via PowerShell cmdlets, see the following articles. |
| 74 | + > |
| 75 | + > - [Get-AppxPackage](/powershell/module/appx/get-appxpackage) |
| 76 | + > - [Get-AppxProvisionedPackage (DISM)](/powershell/module/dism/get-appxprovisionedpackage) |
| 77 | + > - [Remove-AppxPackage (Appx)](/powershell/module/appx/remove-appxpackage) |
| 78 | + > - [Remove-AppxProvisionedPackage](/powershell/module/dism/remove-appxprovisionedpackage) |
43 | 79 |
|
44 | | - - The Appx cmdlets ([Get-AppxPackage](/powershell/module/appx/get-appxpackage) and [Remove-AppxPackage](/powershell/module/appx/remove-appxpackage)): |
| 80 | +### Method 3: Delete the user profiles pointing to the old version of the app |
45 | 81 |
|
46 | | - ```powershell |
47 | | - Get-AppxPackage <Application Name> -AllUsers | Remove-AppxPackage -Allusers |
48 | | - ``` |
| 82 | +To do so, see the following articles: |
49 | 83 |
|
50 | | -- Delete the user profiles pointing to the old version of the app. |
| 84 | +- [Delete a user profile in Windows](../../windows-server/user-profiles-and-logon/delete-user-profile.md) |
| 85 | +- [Using Group Policy/CSP](/windows/client-management/mdm/policy-csp-admx-userprofiles#cleanupprofiles) |
51 | 86 |
|
52 | | -To confirm that the app is updated for all users and the old packages are removed, scan again or check the *C:\\Program Files\\WindowsApps* folder. If you don't have the permission to check the folder, create a copy in another location and check inside. |
| 87 | +To confirm that the App is updated for all users and the old packages are removed, scan again or check the *C:\\Program Files\\WindowsApps* folder. If you don't have permission to check the folder, create a copy in another location and check inside. |
0 commit comments