Allowing untrusted fonts for campaigns

The Windows operating system offers the ability to block untrusted font files. The Nexthink software agent uses an open-source font family optimized for computer screens to render campaign text.

Previewing campaigns from the web interface always uses the correct font. If you suspect campaigns are not always rendered using the official font family:

Connect to a device.
Open the local log file in the %ProgramData%\Nexthink\Logs\User folder, labeled something like nxtray*.log where the * represents a combination of the user SID and a sequence of numbers.
Search for lines containing QML FontLoader: Cannot load font: or something similar.

Here is an extract of a log file:

[2023-04-13 17:56:51.160][ 7736][10028][W][`anonymous-namespace'::qtMessageHandler] [Qt] qrc:/qml/Constants.qml:157:39: QML FontLoader: Cannot load font: "qrc:/NotoSans-Regular.ttf"
[2023-04-13 17:56:51.160][ 7736][10028][W][`anonymous-namespace'::qtMessageHandler] [Qt] qrc:/qml/Constants.qml:153:39: QML FontLoader: Cannot load font: "qrc:/NotoSansSC-Regular.otf"
[2023-04-13 17:56:51.160][ 7736][10028][W][`anonymous-namespace'::qtMessageHandler] [Qt] qrc:/qml/Constants.qml:149:39: QML FontLoader: Cannot load font: "qrc:/NotoSansJP-Regular.otf"

To allow the nxtray.exe process to load untrusted fonts:

Add a registry key on all devices in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options and name it nxtray.exe.
In Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nxtray.exe add a new QWORD (64-bit) value named MitigationOptions with the hexadecimal value of 2000000000000.
Restart Windows to apply the changes.

Last updated 5 months ago