Embarcadero has just released RAD Studio Files Permissions Patch, applicable to all versions of RAD Studio 10, 10.1.x and 10.2.x installed using the GetIt web based installer.
The GetIt-based installers (up to but excluding RAD Studio 10.2.3 build 3231, made available in July 2018) copy files under the main application folder, most likely something like C:\Program Files (x86)\Embarcadero\Studio\1x.0\, using read-write or read-write-execute privileges instead of read or read-execute privileges as typical of the C:\Program Files (x86) subfolders.
If you’ve installed any 10.x version using the GetIt-based online installer, we recommend downloading and applying the patch, as it will help prevent unintended modification of your installation files. The executable fils are signed, so they are not affected, but other text and intermediate binary files could be.
This patch consists of a simple tool that scans the folders of your recent RAD Studio installations and updates the file permissions with more limited access, preventing modifications of those files without full administrator access or elevated access to the computer. Alternatively, you can select the application folder and manually tune its permissions for increased security by removing the Modify and Write permissions and setting the files as read only (preserving the execution privilege, if assigned).
For downloads, refer to https://cc.embarcadero.com/item/30850 (broadly available to all registered users).