How To Run an Application Blocked by Java security in Windows
Java is constantly trying to improve security and protect the systems it is installed on. While its use is reducing on computers, it is still necessary for some programs to run Java. That’s why you might see a Java security warning when running such a program. As it isn’t a typical security warning, you may not know what to do when you see it, which is why I wrote this page. This tutorial will show you how to run an application blocked by Java security in Windows.
Java has had something of a bad rap over the past decade or so. Most browsers now block it by default and it is slowly being phased out on the web. Despite that, the programming language is still as ubiquitous as it once was, if not more so. It can still be found everywhere and is still used in development to this day.
Java’s main vulnerability is that it doesn’t automatically update itself like most other programs. It leaves it up to the user to update, potentially leaving a vulnerable program unpatched for weeks or months at a time. It does alert you when an updated version is available but then leaves you to it. It will then be completely up to you to update and manage it.
It isn’t without its own precautions though which is why you may see Java security alerts.
Ever since Java 7, Oracle has implemented a security check within the program to help with security. It will alert you if you use an app that is unsigned, self-signed, not signed by a trusted authority or that are missing permission attributes. This is for our protection but there are occasional false positives.
This isn’t usually a problem if you use mainstream or regularly updated programs but can be a pain if you use custom programs, develop your own or play certain Indie games that still use Java. That’s when you are most likely to see Java security alerts in Windows.
Run an application blocked by Java security in Windows
If you’re running into Java security alerts, there are a few things you can do to work around them. It can be as simple as updating everything to adding a website to the exceptions list, depending on what you’re doing to trigger the alert.
Here are a few ways to stop the Java security alert.
If you suddenly start seeing Java security alerts for no good reason or for something you usually do without alerts, it’s time to update your Java version. Visit the Java website and download the correct version for your computer. Install the update and retest whatever it is you were doing. If that doesn’t work, update your browser, program, application or whatever else you were using to trigger the alert.
Java or program updates are the primary reason Java security will show this alert. One or the other will be out of date and will either not work correctly or not be compatible. A quick update can cure the majority of these alerts.
Check Java security settings
Occasionally, installing Java or a Java update will trigger an elevation in the security level. I have no idea why but I have seen this a few times over the years and is always the second thing I check when troubleshooting Java after checking for updates.
- Open Control Panel and select Java from the list. Select Small Icons in the top right if you don’t see it.
- Select the Security tab in the Java Control Panel.
- Check the security level in the window. Oracle suggest using Very High as the appropriate level. Lower it to High and retest.
If you’re visiting a website that still uses Java and it is triggering the alert, you can add it to the whitelist in the Security tab.
- Select Edit Site List at the bottom of the Security tab.
- Type the URL into the box and select Add.
- Add any other URLs you need to allow.
- Select OK and retest.
You need to use the full URL, so http://… Or https://…. for this to work properly. You only need to do this if it is a website giving you the error. It does nothing for applications throwing the error.
Check the certificate
Finally, if those two steps don’t work, check the certificate of the program or app you’re trying to use. If it isn’t signed or trusted by Java, it will trigger this alert. Ask the vendor for a new certificate or ask them if they know this is an issue. Once you have a trusted certificate you can install it and the alert will go away.