We're trying to roll out jamovi 2.7.33.0 (x64) Desktop in a locked-down, centrally managed Windows enterprise environment (Windows 11 Enterprise, Microsoft Intune, standard non-admin users, Microsoft Defender with Attack Surface Reduction enabled). The cloud version is not an option for us, so it has to run locally. We've tried several approaches and each one fails in a different way — hoping someone has a working enterprise deployment method.
What we've tried:
MSIX package – installs to C:\Program Files\WindowsApps\, but standard users have no access to that folder, so the app won't launch. Error: "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions." pointing at
...\WindowsApps\JamoviProject.…amovi...
EXE (.exe) installer, packaged as a Win32 app – installs cleanly to C:\Program Files\, but the application still fails to start.
Manual install directly on a technician's laptop – also fails to launch.
Portable executable repackaged – we copy jamovi to C:\jamovi\ and create a shortcut. Deployment succeeds, but when launching the .exe the app hangs on a white screen.
Defender / ASR findings:
An Attack Surface Reduction rule ("Block executable files from running unless they meet a prevalence, age, or trusted-list criterion") blocked RuntimeBroker.exe, related item C:\jamovi\bin\jamovi.exe. We added an ASR exclusion for C:\jamovi.
After that, the jamovi engine crashes. Application Error (Event ID 1000): faulting application jamovi-engine.exe version 0.0.0.0, faulting module ucrtbase.dll version 10.0.26100.8521, exception code 0xc0000409.
Launching jamovi-engine.exe manually returns: "Fatal error: unable to open the base package" — and there's no log indicating where it expects the base package to be.
Uninstalling also fails because of the same permission restrictions.
Questions:
- What is the recommended deployment method for jamovi in a managed, non-admin enterprise environment (per-machine install outside of WindowsApps)? Is an MSI or silent per-machine installer available?
- What does "unable to open the base package" mean, and which path/permissions does the engine need to find it?
- Are there known issues with Defender / ASR / exploit protection and the jamovi engine, and what exclusions or settings do you recommend?
- Has anyone successfully deployed jamovi via Intune to standard users? Any guidance would be hugely appreciated.