Implemented online file reputation verification in the Harden Windows Security moulde #507
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Using Microsoft Defender, queries a file's reputation based on either the Smart App Control or SmartScreen, depending on whichever is in control.
There was a problem hiding this comment.
Copilot reviewed 6 out of 14 changed files in this pull request and generated no comments.
Files not reviewed (8)
- Harden-Windows-Security Module/Harden Windows Security.csproj: Language not supported
- Harden-Windows-Security Module/Main files/Resources/XAML/ASRRules.xaml: Language not supported
- Harden-Windows-Security Module/Main files/Resources/XAML/FileReputation.xaml: Language not supported
- Harden-Windows-Security Module/Main files/Resources/XAML/Main.xaml: Language not supported
- Harden-Windows-Security Module/Main files/Resources/XAML/OptionalFeatures.xaml: Language not supported
- Harden-Windows-Security Module/Main files/Resources/XAML/Protect.xaml: Language not supported
- Harden-Windows-Security Module/Main files/C#/GUI/FileReputation/View.cs: Evaluated as low risk
- Harden-Windows-Security Module/Main files/C#/Others/Initializer.cs: Evaluated as low risk
Comments suppressed due to low confidence (4)
Harden-Windows-Security Module/Main files/C#/Others/FileTrustChecker.cs:12
- The
defenderPathvariable should be checked to ensure that theMpClient.dllfile exists before attempting to load it.
private static readonly string defenderPath = Path.Combine(
Harden-Windows-Security Module/Main files/C#/Others/FileTrustChecker.cs:22
- The
CheckFileTrustmethod should have more comprehensive test coverage to ensure that it handles various scenarios correctly.
internal static FileTrustResult CheckFileTrust(string filePath)
Harden-Windows-Security Module/Main files/C#/GUI/OptionalFeatures/View.cs:35
- The comment should start with a capital letter: 'If admin privileges are not available, return and do not proceed any further'.
// if Admin privileges are not available, return and do not proceed any further
Harden-Windows-Security Module/Main files/C#/GUI/Main/GUI.cs:150
- The _viewCache should be initialized as a dictionary, not an array. Change it to: private readonly Dictionary<string, object> _viewCache = new Dictionary<string, object>();
private readonly Dictionary<string, object> _viewCache = [];
HotCakeX
deleted the
Implemented-file-reputation-check-based-on-Microsoft-Defender-features
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Using Microsoft Defender, queries a file's reputation based on either the Smart App Control or SmartScreen, depending on whichever is in control. It doesn't need Admin privileges. It's in a new dedicated tab available in the GUI. Simply browse for a file and detect its reputation and some other advanced details.
Added description texts to the top of ASR rules, Optional features | Apps and the new tab for file reputations.