[Bug]: new-WDACConfig -PolicyType DefaultWindows => Invoke-WebRequest: 404: Not Found

[eraldinho]

Tools category

WDACConfig Module

Does Your System Meet The Requirements?

• Yes, I acknowledge that I've read the requirements and my system meets them. 👍

Is your Windows Installation Genuine?

• Yes, I acknowledge that the installation media of the Windows OS I used the tool on was downloaded from the official Microsoft website and I didn't tamper or modify it. 💯

Did You Read The Frequently Asked Questions?

• Yes, I've referred to the FAQs and my issue is not covered/explained in there.

Please Explain The Bug

It seem's that the URL "https://raw.githubusercontent.com/MicrosoftDocs/windows-itpro-docs/public/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md" is not valid anymore

Error Details

Exception             :
    Type       : Microsoft.PowerShell.Commands.HttpResponseException
    Response   : StatusCode: 404, ReasonPhrase: 'Not Found', Version: 2.0, Content:
System.Net.Http.HttpConnectionResponseContent, Headers:
                 {
                 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                 Strict-Transport-Security: max-age=31536000
                 X-Content-Type-Options: nosniff
                 X-Frame-Options: deny
                 X-XSS-Protection: 1; mode=block
                 x-github-request-id: AC0A:362883:4098D5B:43846B4:67064FE4
                 Accept-Ranges: bytes
                 Date: Wed, 09 Oct 2024 09:41:56 GMT
                 Via: 1.1 varnish
                 x-served-by: cache-fra-etou8220045-FRA
                 X-Cache: MISS
                 x-cache-hits: 0
                 x-timer: S1728466917.690079,VS0,VE149
                 Vary: Authorization,Accept-Encoding,Origin
                 Access-Control-Allow-Origin: *
                 cross-origin-resource-policy: cross-origin
                 x-fastly-request-id: 11ba1f3d7bad4b7527a24b7ce719bc511f9b73b4
                 source-age: 0
                 Content-Type: text/plain; charset=utf-8
                 Expires: Wed, 09 Oct 2024 09:46:56 GMT
                 Content-Length: 14
                 }
    StatusCode : NotFound
    TargetSite :
        Name          : ThrowTerminatingError
        DeclaringType : [System.Management.Automation.MshCommandRuntime]
        MemberType    : Method
        Module        : System.Management.Automation.dll
    Message    : Response status code does not indicate success: 404 (Not Found).
    Source     : System.Management.Automation
    HResult    : -2146233088
    StackTrace :
   at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)
TargetObject          : Method: GET, RequestUri: 'https://raw.githubusercontent.com/MicrosoftDocs/windows-itpro-docs/pu
blic/windows/security/application-security/application-control/windows-defender-application-control/design/applications
-that-can-bypass-wdac.md', Version: 3.0, Content: <null>, Headers:
                        {
                        User-Agent: Mozilla/5.0
                        User-Agent: (Windows NT 10.0; Microsoft Windows 10.0.22621; fr-CH)
                        User-Agent: PowerShell/7.4.5
                        Accept-Encoding: gzip
                        Accept-Encoding: deflate
                        Accept-Encoding: br
                        }
CategoryInfo          : InvalidOperation: (Method: GET, Reques…ept-Encoding: br
                        }:HttpRequestMessage) [Invoke-WebRequest], HttpResponseException
FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
ErrorDetails          : 404: Not Found
InvocationInfo        :
    MyCommand        : Invoke-WebRequest
    ScriptLineNumber : 371
    OffsetInLine     : 70
    HistoryId        : 2
    ScriptName       : C:\Program Files\PowerShell\Modules\WDACConfig\0.4.5\Core\New-WDACConfig.psm1
    Line             : [System.String]$MSFTRecommendedBlockRulesAsString = (Invoke-WebRequest -Uri
([WDACConfig.GlobalVars]::MSFTRecommendedBlockRulesURL) -ProgressAction SilentlyContinue).Content

    Statement        : Invoke-WebRequest -Uri ([WDACConfig.GlobalVars]::MSFTRecommendedBlockRulesURL) -ProgressAction
SilentlyContinue
    PositionMessage  : At C:\Program Files\PowerShell\Modules\WDACConfig\0.4.5\Core\New-WDACConfig.psm1:371 char:70
                       + … AsString = (Invoke-WebRequest -Uri ([WDACConfig.GlobalVars]::MSFTReco …
                       +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    PSScriptRoot     : C:\Program Files\PowerShell\Modules\WDACConfig\0.4.5\Core
    PSCommandPath    : C:\Program Files\PowerShell\Modules\WDACConfig\0.4.5\Core\New-WDACConfig.psm1
    InvocationName   : Invoke-WebRequest
    CommandOrigin    : Internal
ScriptStackTrace      : at Get-BlockRules<Process>, C:\Program
Files\PowerShell\Modules\WDACConfig\0.4.5\Core\New-WDACConfig.psm1: line 371
                        at Build-DefaultWindows, C:\Program
Files\PowerShell\Modules\WDACConfig\0.4.5\Core\New-WDACConfig.psm1: line 310
                        at New-WDACConfig<Process>, C:\Program
Files\PowerShell\Modules\WDACConfig\0.4.5\Core\New-WDACConfig.psm1: line 501
                        at <ScriptBlock>, <No file>: line 1

[HotCakeX]

Hi,
Yes, Microsoft changed their GitHub repo URLs again as part of the name change from "Windows Defender Application Control" to "Application Control for Business". I've made the necessary changes, and they are in this pull request: #345

I'm finishing it up so i'll release the new version in a day or two. Policy creation along with many other features will be available in the GUI too.

[eraldinho]

ok, thanks! :)

[eraldinho]

Do you think a parameter like -setUrlManually could be interresting in this case? We could still use new-WDACConfig even if the update is not available.

[HotCakeX]

Do you think a parameter like -setUrlManually could be interresting in this case? We could still use new-WDACConfig even if the update is not available.

That's a good idea, i can include a section in the settings page so user can enter an override URL for the block rules and it will be saved in the user configurations JSON file and can be reused again without copy and pasting the big URL string every time.

[HotCakeX]

Just released an update that fixed the URLs among many new things
https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/WDACConfigv0.4.6

The reason it took few days to release it was because i was in the middle of developing the new app and had to finalize everything before they could be ready to use since i changed a lot in the update.

The URL changes rarely happen, they just did it after many years because of WDAC to App Control name change.