Access to Windows Shortened File Names (SFN) with Waratek Secure 25.1.0 or later
When using any of the filesystem rules (read, write or process forking) with the Waratek Java Agent v25.1.0 or later, the Agent will disable access to any file if the shortened file name (SFN) is used, regardless of the specific configuration of your filesystem rules. If you see the Agent generating a Security Event in your events.log or Portal similar to "msg=on Windows access to files using the automatically generated 8.3 filename is NOT allowed, attempt was made using <filename>", e.g.
<9>1 2025-01-15T10:52:57.368-05:00 thehostname java 3512 - - CEF:0|ARMR|Waratek Agent|25.1.0|Engine|Execute Rule|Very-High|rt=Jan 15 2025 10:52:57.368 -0500 agentName=theagentname procid=3512 securityFeature=filesystem read dvchost=thehostname path=C:\\PROGRA~1\\Java\\JROCKI~1.0\\bin\\somefile act=protect msg=on Windows access to files using the automatically generated 8.3 filename is NOT allowed, attempt was made using C:\\PROGRA~1\\Java\\JROCKI~1.0\\bin\\somefile nodeid=1
...this means the Agent has blocked access to that file.
If you wish to enable access, use the following in the waratek.properties:
com.waratek.AllowWindowsSFN=true
Access is disabled by default as allowing access will allow circumvention of ARMR filesystem rules. For more details, please see https://en.wikipedia.org/wiki/8.3_filename which is a complex Microsoft backward compatibility problem.