Following new, stricter Windows Defender Application Control (WDAC) policies in our organization we ran into a permissions issue with DLL files that are generated by Blue Prism when running/debugging processes or objects with code stages (or dependencies with code stages).

Regarding the .dll files; they aren't pre-compiled files that a custom code stage is trying to run. I believe they are the compiled versions of code stages themselves. The code stages could be our own but could also come from the DX (e.g., utilities like Collection Manipulation). Because the files are generated on-the-fly I don't have concrete examples, but they're placed in C:\Users\<username>\AppData\Local\Temp\

You can produce the .dll files in that folder by debugging a process/object that invokes a code stage (or a dependency with a code stage). Once the debugging starts, the .dll file along with some other files are generated in the folder.

Those files are currently not signed and don't contain basic properties like Product Name and Publisher, which are frequently used by anti-virus software as well as (in my case) policy enforcement.

It would be great if Blue Prism could automatically sign the DLL files it generates so that security systems such as WDAC can be set up to trust them. Currently, we are unable to run processes without creating an exception in our security policy, which should never be the case.