diff --git a/.github/ISSUE_TEMPLATE/Bug_Report.yaml b/.github/ISSUE_TEMPLATE/Bug_Report.yaml index 938086a4a..db7e19ec5 100644 --- a/.github/ISSUE_TEMPLATE/Bug_Report.yaml +++ b/.github/ISSUE_TEMPLATE/Bug_Report.yaml @@ -16,7 +16,6 @@ body: description: Which Category/Tool Does This Bug Belong To? options: - Harden Windows Security Module - - WDACConfig Module - AppControl Manager app validations: required: true @@ -24,7 +23,7 @@ body: id: Requirements attributes: label: Does Your System Meet The Requirements? - description: Depending on which tool your bug belongs to, please make sure you have read their requirements and meet them [Harden Windows Security Requirements](https://github.com/HotCakeX/Harden-Windows-Security#requirements-), [WDACConfig Requirements](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#requirements) + description: Depending on which tool your bug belongs to, please make sure you have read their requirements and meet them [Harden Windows Security Requirements](https://github.com/HotCakeX/Harden-Windows-Security#requirements-), [AppControl Manager](https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager) options: - label: Yes, I acknowledge that I've read the requirements and my system meets them. 👍 required: true diff --git a/WDACConfig/Utilities/WellKnown Roots Correlation.csv b/AppControl Manager/Excluded Code/WellKnown Roots Correlation.csv similarity index 100% rename from WDACConfig/Utilities/WellKnown Roots Correlation.csv rename to AppControl Manager/Excluded Code/WellKnown Roots Correlation.csv diff --git a/WDACConfig/Utilities/Hashes.csv b/WDACConfig/Utilities/Hashes.csv deleted file mode 100644 index 9749f43c2..000000000 --- a/WDACConfig/Utilities/Hashes.csv +++ /dev/null @@ -1,127 +0,0 @@ -"RelativePath","FileName","FileHash" -".NETAssembliesToLoad.txt",".NETAssembliesToLoad.txt","E6C32EF634D7288434F693AA0D4DE78068524F28C755412D81FAC3973F96AC82C636569FFA999F75EC2109F20961DE6B9EDBDC5A0325519B7D907CE16DCF116B" -"WDACConfig.psd1","WDACConfig.psd1","A3C1CC3B3C3B34686718F039346D920F4085B4014F08192F35A4B77AA6C080158FC8D59CE9A7170C054697ECDF67C3A7C5860C7CC209B2990B27985E76E2389F" -"WDACConfig.psm1","WDACConfig.psm1","16B41F5A4D704593D1F834C27D21138B7AF20EE76DDA050BAD04266422CAD333B6584C558E4304A32C4EE08BB54B9B005BEA12900F471F5D8517EF10B1E2F517" -"Core\Assert-WDACConfigIntegrity.psm1","Assert-WDACConfigIntegrity.psm1","02A11FE01CB4599FBD77A01589B7B716EA5C5301F6BEEB59ACB1CC3CF582876F75624CAF1CB8E979919E62D3C87612DDD2DE511C44EF6F37FCECA16BFE8705CC" -"Core\Build-WDACCertificate.psm1","Build-WDACCertificate.psm1","E88E5DDCFD11353B15190AE4B810E5F3BF07BADA469E0E068661FEE260894641A5769CABFB25D10D7988682644F05702D17AC2D7F439D4C419099863C61335B8" -"Core\Confirm-WDACConfig.psm1","Confirm-WDACConfig.psm1","5370AC726BA397E677996088640837FA3B334794B0AB37DFBF4F530E2CB568652EB0643B8E72A9D448020D87F4C9C886B9FB137C1CA5573C0C7AC90DFC8D84B9" -"Core\Deploy-SignedWDACConfig.psm1","Deploy-SignedWDACConfig.psm1","4EB4515618031CE96AD01D401A1C2DB2DA793D12DF4E9AF353C74E8D0C6A2F52B2345B02E28C3909A1CB142474D2D34DA5D0764F465E7AEA5898FB4D0E43317E" -"Core\Edit-SignedWDACConfig.psm1","Edit-SignedWDACConfig.psm1","D7259E2EAB39DA4E2CFA8626736B478E27444A84B414F89F4E042CB1432E801E78AE3AFF3B598FD7E4374B8A44349D5781120B5A62577ED36037A78523050CEE" -"Core\Edit-WDACConfig.psm1","Edit-WDACConfig.psm1","272C430F3B41395CC2ED1F9F98AA2F42CB04F20A39439A38F48F68868A5F9AF2D7CCED20534444C405C5EF3DD0FE3801CF618E2E20842E4C49A562EC675D6F04" -"Core\Get-CiFileHashes.psm1","Get-CiFileHashes.psm1","5EBEB6EC9CAD2DA2D06EF5BEE01B81A4F3A9210F134D23B93B7A561D04A5FC0910F18A637806C4B0ED3090B0B5310716B2E3A7DE797BD2CB6185E193132A735E" -"Core\Get-CIPolicySetting.psm1","Get-CIPolicySetting.psm1","FC9E9C022513A348FE1F4304E754130A63AA8311DBA9A4575D4D383BC8A3646B8DF3C4F544ACFCFDE4DACB9DA9B69C96AF5E1F425CD3F020ED4A259F8636E3FC" -"Core\Get-CommonWDACConfig.psm1","Get-CommonWDACConfig.psm1","04E1F447F1BA23DF70E218D16058FE93506925E95D12510EB8DA7EFC9B3F74997C76EB510766C9287996F085A5837F5FEACEB7D7C9013EAF46E0655057E8CBE6" -"Core\Invoke-WDACSimulation.psm1","Invoke-WDACSimulation.psm1","5DBE7116CA923462D540006833377A80E548F85A72288CA16B88F4026BF2821EDFF5EA4C81055D43BA48153BD1197EFCE0E49923DC908B056CFD4A8045FF4049" -"Core\New-DenyWDACConfig.psm1","New-DenyWDACConfig.psm1","6AB261EB5CBDCFE9F690F7F65C3D09D686042D145C6B351A4EF02D73A5588847C420B8B8AA5D67D109E3F4D1208E48FAB651EFB967D341F250EF3109021E81F9" -"Core\New-KernelModeWDACConfig.psm1","New-KernelModeWDACConfig.psm1","61F200C217C66454CF0A261D75CCC56357F58C7D736A859F34D583CAE92D83866BA336602D56F164D86F7B6893A14E78F6F531A5E0B8BE4A59EC064AA4B0C4C0" -"Core\New-SupplementalWDACConfig.psm1","New-SupplementalWDACConfig.psm1","4AE3A7DA015E8A4D41BC060A61B5729FE0A1A1EA5B7409ED0D127F83A4EBDAAA586EB15D4F9C843171966E1501C0FA288E3715A0959B0BEB0BB9E7FBD245A169" -"Core\New-WDACConfig.psm1","New-WDACConfig.psm1","B2E00DC36B4E9ED156AB1790F77726939A1E7AB710FEFB8772F71927350B2BC7374D50B60F6AB180AC3AD1E74B0531FC76C39D747B3BE782A20705043BA0266D" -"Core\Remove-CommonWDACConfig.psm1","Remove-CommonWDACConfig.psm1","56D0D122E1FD2D9EC8AFD4BF8ADF9D9FE6D88B482C452B1D44BBE14747BF2A0540A5E6E7D7F4595DD6F5876852A45B83DAC280F7A9847653E2C89F5891754333" -"Core\Remove-WDACConfig.psm1","Remove-WDACConfig.psm1","E760A5345DD2C00CE5CF80D1C71FB9A8E54F4B057EC26B95F1372182848BCBB8A02F78BA34A6C57519235C88589DFBAF0E3DFB8713B55CDD5EC368F99A756F5B" -"Core\Set-CommonWDACConfig.psm1","Set-CommonWDACConfig.psm1","D6A1853B414DC8F7BFEDFD38DB22D162B32617FC6554D6F7968E513E5157D60FA191D9749DF20FB913685C25F3FF08E91DD989FFBCE9C4125D43D7DB7FDF850C" -"Core\Test-CiPolicy.psm1","Test-CiPolicy.psm1","CA29D08054EB2AB4347A3B7FDA593E9681C992F9AD309E1B98A726736967A822E318A3484B31319C0D6E3936032F194A6D683942CE764FB59B84E2EA0B7FB079" -"Public\MockConfigCIBootstrap.psm1","MockConfigCIBootstrap.psm1","DE8231BA6C5F3F6C2546FE2441AF440767AB351E544B721ED770E3C7E35F40408C8987F3695F4D32C5F4B1EF2F45B9FA54AD10C1CEACF06E695DA395A193A16F" -"Public\PSCustomObjectArrayToHashtableArray.psm1","PSCustomObjectArrayToHashtableArray.psm1","DE2B991E67278273C8431E428A49D517003CB786E9F15FADF0264462D234BDD45C19B80171139647791D1C8A68B8CAE9F8CE998C69154EE281D77786BA278794" -"Public\Write-ColorfulText.psm1","Write-ColorfulText.psm1","1BBB212E2E2F179A4B52FE30CF9D025F0EDE9000E8F4AC418FC8FB7B77834DB6F123C9D1CD13082EF8CEB2391A83485F17772DE94B74DD01EAA7B4F6CB408FB2" -"Public\Write-FinalOutput.psm1","Write-FinalOutput.psm1","A42114346920BDC4D567D8923F362D145659B6919B5F50CA4A88DEF961A6528A34AB89A076862F1DF8BBD46E5835BDE156E2EF8819A0DBB7637DC71F2666CEEB" -"Shared\Get-KernelModeDrivers.psm1","Get-KernelModeDrivers.psm1","64A62A94BB5595912D2AD59B900660C0554BD5DA2058880D44547D0EB67EBF11E5C63B9163090CF547DE87BA1B4602275406EADFC8181D8E6DACE01FD8FCC441" -"Shared\Get-KernelModeDriversAudit.psm1","Get-KernelModeDriversAudit.psm1","B58FDB7613DA624C961AEB3C459C64D0B97BB72B864A8AAE49DB34DC3024A8F802442F6976B360D108C040BB3F1EE5637184843480115EC92F54FB1C47984EF3" -"Shared\Receive-CodeIntegrityLogs.psm1","Receive-CodeIntegrityLogs.psm1","A0526AB1C5867D4A1F1FD6CFDFDE53558BB742B8DA9F5BA80105DF89727E13DEB3466AACD2CFC7AA6C1DC07651FB9E2F8B77C86E02BE4F83C2FF5874C6668F3E" -"Shared\Select-LogProperties.psm1","Select-LogProperties.psm1","699A7913CA43F3C84C6D6487DCEECAA65D799A1A71FD6DE9E70D2D37A0F406C8CDDA81E0E6ECF88303FDFE6C9034033F2205D8C67B7A4D7667ABE733AB632702" -"Shared\Set-LogPropertiesVisibility.psm1","Set-LogPropertiesVisibility.psm1","3FD27FACC66BCA254B433221002F8879434810155A72BE8F49DA78EA5C9A6A052D080081245BAB6FA04E04349E1D53A204A4F0333D4422A989B0C83B09AF82DF" -"Shared\Test-ECCSignedFiles.psm1","Test-ECCSignedFiles.psm1","C0BDA01B0A776A60A6824E57BB4B4E6B538C3A0EB10AB5A83210D5371FB4F2C3EBB76B2C5291590C17B57B9A5B678513B7610B11E540DE682A923FE1633742BD" -"Shared\Test-KernelProtectedFiles.psm1","Test-KernelProtectedFiles.psm1","AEAEF37410C83784945E1806201FD8CEF857464B92B6B1FFF31D30191C6173A57EEBA04BD185B87C0AEE6D9749287576278266FBB305DE403BD27FF9FC5F7AC8" -"XMLOps\New-Macros.psm1","New-Macros.psm1","5EFD293DCECD7CA29915C2F60CBC844B933CF8082357E507D53366F0CDA71F54E5DA810FDE52FA3011E082035EF97FA4D8BF1A8754109A293F20598C2A278541" -"C#\ArgumentCompleters\ArgumentCompleterAttribute.cs","ArgumentCompleterAttribute.cs","927A9129E19683C0C031AA53C4A13A5E30F19C1D982FA737A7CE6697757CA8D958179F1A238BAB8684A8DC842BCD5BB6BB99327D07C1AE51B867480C5C238B35" -"C#\ArgumentCompleters\BasePolicyNamez.cs","BasePolicyNamez.cs","D9E4FEE538B984CC337458B229638FD266B608E0C64DD5AD0735C1E0179E46FA8A3ECE3F2EAA1BE044B57B4EFF65DB7B69B540F81661014754F293CB3D899A19" -"C#\Shared Logics\AllCertificatesGrabber.cs","AllCertificatesGrabber.cs","4E575541198BBFA482EDCD5469E8DF12D3AB9ACBBB7B8CC2D3BDCE2B608DDDCFFDE6055F78200506056209C66D85750D1A71CD0492B97F5849A2BE2DE6856531" -"C#\Shared Logics\CertCNz.cs","CertCNz.cs","C0A6933F7D76BA0901A0D8E2BC1DFA97C111B2DE13E404566576F23DE44EF95DB20BFBEE88045DC8310D9EFF4F8347400D581AAFBB39B657544EC0EBD05DC361" -"C#\Shared Logics\CertificateHelper.cs","CertificateHelper.cs","28C7627373D7C0006C97AE215ACE53A2279D64E6E7B39C3103FE16958A6A55DFD0E847E594FD511A235CCD452458A944BC2947AD2C336B4B57EA3A2E3CEAA165" -"C#\Shared Logics\CheckPolicyDeploymentStatus.cs","CheckPolicyDeploymentStatus.cs","AF9185985BEBA92E11C6E8FC0F8CB8185F72EC0DC16619CB8E422226AC28D70152EC26FD4D89A672AFFB41283C3E2311F299423B9E9141614D965338D12C4E91" -"C#\Shared Logics\CiPolicyUtility.cs","CiPolicyUtility.cs","7E3E50F658A6F25922E09C4307B92F98A9B4F338ACFD6F1F6ADA7A7DCC39EE827A27DCF171609FF3A967EBA23D941660E29311637AA23000D468EB3DBC4E87EF" -"C#\Shared Logics\CiToolHelper.cs","CiToolHelper.cs","D8EFBD0105967DB2608ED614426374148BA48CF45360C2E893EB6CF90731A8DF183A63CE9D083946E6EF195CF77077A1DA5C0DD19777D76E7C52E494C53B8710" -"C#\Shared Logics\CodeIntegrityInfo.cs","CodeIntegrityInfo.cs","7C2D4520436DF3D5C2F605F800F539FB28152216975C5950A6BBAAE883D8CA3EE60137B30AAF097B63DDDFAA320BB3065F47F76840BD04DC979B98E56C8D370E" -"C#\Shared Logics\ConfigureISGServices.cs","ConfigureISGServices.cs","9346BBFD21F313D67CEDD92F574BBE7F2E47A818036E8978C308A5F01892718EB053554BD9F30DE245430872EBA57B8AA83EB562E1F54F46132D387A6ACC690C" -"C#\Shared Logics\Crypt32CertCN.cs","Crypt32CertCN.cs","34331FCB065277AB1A7131D967303AC4107A51DB3C4253133E559CB2AF7C19F01F68151C91C9ACABB9E496280BF42AE638740315E83F75E3331797E6BE891366" -"C#\Shared Logics\DeviceGuardInfo.cs","DeviceGuardInfo.cs","6E13AD95B78365061ACE867FDF73EE1A07C1534E8CD5FB0D2ADE80362810512C777FAAE7E0FA5EF03FF52D311D2D5914F9036C338F12B49281B87EDF2CE4C1E2" -"C#\Shared Logics\DirectorySelector.cs","DirectorySelector.cs","6CF74319FE092069F285902C27269FD42BC88E1BF14AFD16E3163EE4778120BC27B6F0A0844E2D3C132710C0A05F5182B4488B374F53E30F860FBB025045790F" -"C#\Shared Logics\DriveLetterMapper.cs","DriveLetterMapper.cs","769B1173576BB118810F1C3E80A57229714497C89D3B574265417209F652B65422385E78F0DA2EFD098431305117983F8C63848825BDF3D3799D6985C5831899" -"C#\Shared Logics\EditGUIDs.cs","EditGUIDs.cs","25046E665E1864A1B208EDF78F9C540E3AF84BF8DEADC5BDD594DE2B70ABEF3318A39D41F8EEFDC6093F47AB46A687C6A02145BEA701422C0CBEFEBBAC2B4F79" -"C#\Shared Logics\EventLogUtility.cs","EventLogUtility.cs","7A186F7BD615225F4A074649D9C721EEA9252202894957471199625E85F61980A71771A207CB7B0748F99E293D135442BC55100E996212E713023A94009E72AE" -"C#\Shared Logics\FileDirectoryPathComparer.cs","FileDirectoryPathComparer.cs","70393FF77AF424E6CBFF7C1E0F044097C885B887141B2FE5586E504234FC346CFBE9F813324DED8022EC268DE5191C8A87245CC4A9652EF603BE6A76A1193365" -"C#\Shared Logics\FileSystemPicker.cs","FileSystemPicker.cs","8E0912C4100E8911DE8922D81FC2062E769E874D239629970CEAEBBE42C664F17161AC0288EBB5301475CB3BAAF02C6C9302CEC9E9975C65D8B87B903A073A7D" -"C#\Shared Logics\GetExtendedFileAttrib.cs","GetExtendedFileAttrib.cs","80C337ADC5FEA01701BC855C9E3EA7F5ACD8CC28EE89AD3196C96A949BE5ABC0AF6559B82D069679C487A8A8F121BC08D11DAD696731B0F490B9C1501CE227E0" -"C#\Shared Logics\GetFilesFast.cs","GetFilesFast.cs","EBD2E71033A34E6A28EEA2485CE04C88E02F2E2551FD0E290B97B71747E57A62AB4165558B1044605783EDBC03D2B7257C3752459B6C5FD3E15D73FB44A4B34F" -"C#\Shared Logics\GetOpusData.cs","GetOpusData.cs","D28DE719079B96152631B37AC07F2C8951E1917EB65532401FBF8B034DD397A3B20B3096B0A8F8198A997FC2BFAB3C5D46EB8E42C5A0A9EAB7F0D39613D0C5EC" -"C#\Shared Logics\Initializer.cs","Initializer.cs","B1324B100FB8AEF6BA849DB17E34366F064B8E2BF07C5D6CA1CC1ECCC58B2C9A77C5B350ADB7B50D031FCC5796C2B05A9F7D56B329797F6020A91E6B0EEFF8B2" -"C#\Shared Logics\MeowOpener.cs","MeowOpener.cs","C3A3133FE8AF875CB22F685E34392736EDCD016BEE198C203CB1E0355B75744A781A77FAC592BCE8D1C89328E72D02707702F594A38DF6A66064FD5907497BE2" -"C#\Shared Logics\MoveUserModeToKernelMode.cs","MoveUserModeToKernelMode.cs","99F1005744465BD7B5B939A39DE6170654A99F26306A5C33C9CE2E5557AEC88D86B7E6C232C453C668D310AAEC05085BC554338CD0E2B0C43802E499DE2D65CB" -"C#\Shared Logics\PageHashCalc.cs","PageHashCalc.cs","5F3D472E9D257D1E2A51A1E944453D8D33125339C6BD23B3B7B461CB9A68EF68A478419A1940C2A687DCCB6ACD7EACD8123BA64A318C589AB61302F16FBF7A6F" -"C#\Shared Logics\PolicyFileSigningStatusDetection.cs","PolicyFileSigningStatusDetection.cs","75EA8A3B375E3737FA0B975BEE7A031B1A2542672162292F4ADA8272986F011470A06CFF1B3B1A5AEE4680C497A1F6F5C46F5B3F8EFD1130766B6FB32955F30F" -"C#\Shared Logics\PolicyMerger.cs","PolicyMerger.cs","0A97EE4D53B607E6041C9ED6B6EAE10675D7F796D9FBB8439EE5AE55885FF30306785F1433502D69E80BEF111195399B9F8FBCB91B0E7968179247AD70C52C62" -"C#\Shared Logics\PolicyToCIPConverter.cs","PolicyToCIPConverter.cs","EE82DF5A74EB2FF943FC8AB126B693A1D0A9A609BB98B34DED9CE1E7BC98DD99C9F6B5493038C301728A656A69148F9C60DE49C6392D77DF8714D2DB1E4B88FE" -"C#\Shared Logics\PowerShellExecutor.cs","PowerShellExecutor.cs","06CF44AE0EEBFB61ED00F70D3CEB42EAEC75B86EB00868AF0122BB76C8ABDA7A04D52FE28166B0E5095621B5E127D5B0DD3B5AD27AFAF47EEBD8C1A8B8D708D8" -"C#\Shared Logics\RemoveSupplementalSigners.cs","RemoveSupplementalSigners.cs","A41B31564158DA491B1248BD21DE7BB3D1404A06F41260D04DFEA30DAC2CD23B9CAF8AFCE0178137E50354E2A3323338BAB10946C080FF4FF7A9D8DE82ECC0CE" -"C#\Shared Logics\ScanLevelz.cs","ScanLevelz.cs","263B7DD2D3ED75D04D797EDB4936F31C36E0E71467E00696C05B9E8F1C2E6FFE7D166FA1605CE5CFC1B0CAD03F834E38D2770B307819CD2081547FDE96DA0108" -"C#\Shared Logics\SecureStringComparer.cs","SecureStringComparer.cs","3FE4DD0A2B3067B0DF49D68D8D96F2694EB7C125F19CD3B884B0D3FA32A6BEBB7E7BE99E689F643F4BD5793CD4F78AAE920FEA0D37E0B22A4ED873BDF6391FA2" -"C#\Shared Logics\SignToolHelper.cs","SignToolHelper.cs","B4B0FFDA675704367B7BD7237F79A04D50B5181F5ED6FA614454BDBA7FE9FF28FA9561C4F14680D244C67F7A491FE1616FEC42B663F4C59DA85C8683BEB2D0F0" -"C#\Shared Logics\SnapBackGuarantee.cs","SnapBackGuarantee.cs","4C28B954142B4C4359A83AC3B2B5B70987E678C60A02E826A921E38FE2F2FD9A3D362A7CA13638D2DAB8EFBA7EC7F3624FEA1085D5503F1B9F17919C8AE2708D" -"C#\Shared Logics\StagingArea.cs","StagingArea.cs","CE96269B1A64CF1B18F47800A921E9964D9FB874C767129128251C6D295345612C4D69090A76333E3B9F476C43FCF97A4D1F98574532EEFA5E3A8296D42B0BB6" -"C#\Shared Logics\SupplementalForSelf.cs","SupplementalForSelf.cs","98EF852BD40B7F35581DB612A1CD055DA1ACA3B6ACB2964CE41483EF3E945851D427BF895630E4B720DD59C6246C04196882D66207DAAC0EB04D9B240902BC35" -"C#\Shared Logics\VersionIncrementer.cs","VersionIncrementer.cs","3D81C7BF799527542E25E64F31AA092096982C2B8685C5A2958C6B37DB8360FC945488E4F74545088C497088A6A0D53B0301E83F667D068B5B3787706B2A42E1" -"C#\Shared Logics\WldpQuerySecurityPolicy.cs","WldpQuerySecurityPolicy.cs","C59ECC72230FE759175B8FCBFD61FF426832026F8CD7B6C057C8CAC7DD0207102ED0F71FB7B2CC3D007199237F34E8AE906E83A31F34CF7EF682BD73A5F17146" -"C#\Shared Logics\XmlFilePathExtractor.cs","XmlFilePathExtractor.cs","27F1DA7CD86112CCA9E05FA5F658D80B04089B32F306BAE84698706778237F01214C3C45E4B0F277AAE03B822F095306CADBACB864277D19F50948DBCF5CE835" -"Resources\WDAC Policies\DefaultWindows_Enforced_Kernel.xml","DefaultWindows_Enforced_Kernel.xml","846663A7B0CAD90A2305F3C3322D6C2CFA6277B7E4B083CB478FF409DB29A7D0D71318845B884518B8D2F87B66A5EA327D4EB2D39A9707D1EE41B0237812FFD6" -"Resources\WDAC Policies\DefaultWindows_Enforced_Kernel_NoFlights.xml","DefaultWindows_Enforced_Kernel_NoFlights.xml","7E4BC35A3F0840C8F3921FB260CE84660DC3CAACB7850A1AEF13AFC48B0E069D27562C5632444926BF60B44A0E0FF522D0215F1F7DD5E1A7E51A45E86AB7F44C" -"Resources\WDAC Policies-Archived\DefaultWindows_Enforced_Kernel.xml","DefaultWindows_Enforced_Kernel.xml","BDC7B623386570F383B4A113BF06C7FF6A5A4271AFE572B5D68EEBC161CD650B62E70636527DFBEF09A8F95E66899CEEC424AA22CD00BBEF6D7888759D812F8D" -"Resources\WDAC Policies-Archived\DefaultWindows_Enforced_Kernel_NoFlights.xml","DefaultWindows_Enforced_Kernel_NoFlights.xml","D02BCCFA3C35E179A634AFCDE04259C43F8FBD619A4D0D2F7BAC1A8A9FBC58D3EBC7EE89B1B2EC6B3C17BD6EC38ADB501B271AEA3037B980D10EAB9AFA3B8308" -"Resources\WDAC Policies-Archived\Readme.md","Readme.md","66F9B622C333505E782F1AF1509BFBDABF1AD5167042064593FEEA5245D6CFAFE60DBDA5231D600D4157BC424E49F77D33302CE77B79D1D30CA8E29ECFDB31F1" -"C#\Shared Logics\Logging\Logger.cs","Logger.cs","E4BD45274BD7694F802F3763FD85A9F57F5E0F640A3DA93DBD2F413C6D79B5A40083114DB8ABC702209A5C5F4FCF09A9725C687D2CB78053E6A78EB532DDF94E" -"C#\Shared Logics\Logging\LoggerInitializer.cs","LoggerInitializer.cs","578BED33DB8660CD483D47E859DE2C0C06EEAC76683F09EB1120BE845258CFCB434D5A699717FCF172C9234C4266AA4A1620E1F301C5F6BDD2F2C1F1DC2B0A62" -"C#\Shared Logics\Main Cmdlets\AssertWDACConfigIntegrity.cs","AssertWDACConfigIntegrity.cs","939114329DF729ABCBFB5D415CA23CDEC5692DF29F49D1246943C3D538B0476B51C333FC4F59C646E64E37897DBF74CC3850EFAE45706EB5ED86F48171B78F6C" -"C#\Shared Logics\Main Cmdlets\BasePolicyCreator.cs","BasePolicyCreator.cs","A972EA8A47806A1EC3BB072481FB931C10D9FFB211218A53ACDDD5352F6954C562FE6A8F95E2A57C9BA122DBE68AD1E5972B22C47ACA00DB7E13629012085A31" -"C#\Shared Logics\Main Cmdlets\GetCiFileHashes.cs","GetCiFileHashes.cs","00289303FCC91BDAF131EAEE4D9F0CB1995687115EA341E5FCF0854D9E7E62BA3F5818CD5202CE7126E4253336E50623506FDB40947EAD60B3911EE57BB50BD2" -"C#\Shared Logics\Main Cmdlets\GetCIPolicySetting.cs","GetCIPolicySetting.cs","55657785110CAB08330F0B68B5C3BC40C580C468AF45F52049E2F47D881FBDECB558ACD8AFEA71BAC317C08D5219901EABE8DA6F84290E2BC9137A6EA01B333F" -"C#\Shared Logics\Main Cmdlets\InvokeWDACSimulation.cs","InvokeWDACSimulation.cs","D75871D39F0910C2D4F4AED6587532B310A946281BC5AD8E61CAA4D886FBC68FABD9704087A322D75B52ADC43C2170C198278A8CC077908BE3C203FC390D0925" -"C#\Shared Logics\Main Cmdlets\SetCiRuleOptions.cs","SetCiRuleOptions.cs","78A6691EBDC9203281FC0046CB6E5A5931A155D0E2456C0BBE8ACC11978614CF9BFB303912B28DA744B519B43765601908DF6682B5D0FB2F3B2D03045E69D37F" -"C#\Shared Logics\Main Cmdlets\TestCiPolicy.cs","TestCiPolicy.cs","2F7E09E0F19E49AC6D461D4144186FD3E48EC2B1A7E13A824E52D24C40A6BEEEB781B647C28BE3D4584CBEDFA1F90B5B2545CBDAE74950BB5FCEF8D9D7CDB796" -"C#\Shared Logics\Main Cmdlets\UserConfiguration.cs","UserConfiguration.cs","C67B03C643AB2908A283B947A83C4657684F109B38D13D0C9E69DAB7ACA776258B9239368C9B983BB6557B7DFFFE87BC4BAFB61EE85D5CE40D23D864AC229A2A" -"C#\Shared Logics\Types And Definitions\AuthenticodePageHashes.cs","AuthenticodePageHashes.cs","20F0F29D49094EDCE1F19E0FB1616A995D60A71ACAC3F4B3C02E2CF210EA18AA114B0320A90AC0CDEF55AA29E2C1E7423F241389A822E6E70F0BA2004D8990F7" -"C#\Shared Logics\Types And Definitions\CertificateDetailsCreator.cs","CertificateDetailsCreator.cs","AE5EA36F90B9A52650ABA7B6FF66F33FC5CB4211F9227C37144845B11B868AA818EC7BA4A0DB3D7D0075D16D4F59C78CB9B038DE4560A2BB045A8A67EE7B0873" -"C#\Shared Logics\Types And Definitions\CertificateSignerCreator.cs","CertificateSignerCreator.cs","60B551672F3BA4EB73C41CE5D14C388006CAE835F46C0110148E51CEDEF736229C04899DFDAAFA97442777CEA73B04455667C8FB2C106D65DF30D896A15FEB91" -"C#\Shared Logics\Types And Definitions\ChainElement.cs","ChainElement.cs","84C9563941AE8BF0477CE04AD512B05BD33E48C55CEEB5EDE31F590991E47E1A49698AE739301D7FA6BE079DFA9E6BEE1E0810423505F6D2F327882C324B7E7F" -"C#\Shared Logics\Types And Definitions\ChainPackage.cs","ChainPackage.cs","27E20438EE2CD6F9BB6B8A79774FC634A343430A728FF37C13CDB069991B54A0B92CB31F1070DEA6F7602F6CE17EA24ABB0562AA99FF42396DDA20B4F74D881D" -"C#\Shared Logics\Types And Definitions\CodeIntegrityPolicy.cs","CodeIntegrityPolicy.cs","0B77E1BF8B068942D020AED7A04EE49795A09AE904F5E9FDF200EB08C5853789F2FFFDEED533710C5C5CA4ECE9A1020BC8983E5A399A275839B3A3ABB61E37D8" -"C#\Shared Logics\Types And Definitions\FileBasedInfoPackage.cs","FileBasedInfoPackage.cs","12B0229B63CBE004DA0616E369CBC66DE49C49EB6B921333B25B655257922C0171E20AFEE5B14FFFF5BF1C42E6B4DEEBE1D4E7120754C64BF7934E3F091CDEF2" -"C#\Shared Logics\Types And Definitions\FilePublisherSignerCreator.cs","FilePublisherSignerCreator.cs","3453E2825F32E3574D6326B48B961D9A12805648F6529DC4208C3231EA4ACE8CC9E7D83A0525EB46611F97F297CDD6819444A92F3B36996BFC4B7E6F685B82EA" -"C#\Shared Logics\Types And Definitions\HashCreator.cs","HashCreator.cs","790FAF0942CD645687608546004497AECABFC2AA3DA827C738337A2AE95075208A87FD591D173B37BEAE8AB6EE676BD4A8B6655B0059276DB375713566014BD0" -"C#\Shared Logics\Types And Definitions\OpusSigner.cs","OpusSigner.cs","18752EFF4D6D734D8FEF2F9A5763481F509497561C5ACD9C3088CCB1EDA043A41369F17EF6BAFDBD9E9714F76CBEBB69E82797D0FF63736E51A5EFB147492895" -"C#\Shared Logics\Types And Definitions\PolicyHashObj.cs","PolicyHashObj.cs","D9DDB2225BB4F205633C532E5191799488A879DE0B9F40B78729590F864164A782C2E16419508728CF7362475E6CA64AA62618180A1CFB588E1EE0E347DCE2C8" -"C#\Shared Logics\Types And Definitions\PublisherSignerCreator.cs","PublisherSignerCreator.cs","C4B16013F1315B54F3D3032B89222A7F74A387332321E2EE4602A01D85CB71750145BCB9940B4009CA3601E341F9D909166AD7CABE844551FA8F3AFF77274D9E" -"C#\Shared Logics\Types And Definitions\Signer.cs","Signer.cs","2D44FF70EF03752DE368609BE6EFA667DCC9D4A1AC27819670AFDD2E491C7EFA93017AE748A5D412580F258AAFD18D012B1A40167EFA7D85CE8E98CE3849DD4B" -"C#\Shared Logics\Types And Definitions\SimulationInput.cs","SimulationInput.cs","AA72A34E17098D68FA580462D874B15EFDAE1E767D1A3773AB1C051A708B2F2F8BEDE86C6969D4689F32F640797B19C8B6CC83C17DA28AC9CF47ADFB92B89246" -"C#\Shared Logics\Types And Definitions\SimulationOutput.cs","SimulationOutput.cs","8B690467AB853F65CCB5D4066D313C3A13DF064D8235A49F8F5D856F9CCFD2CC9A792671F9A72018B6E513C13681C4D5EA9A7118B406E3B9E1714190D12EC6CB" -"C#\Shared Logics\Types And Definitions\UpdateCheckResponse.cs","UpdateCheckResponse.cs","101C382198A6A34139180DBA44836F118D8A2BE6D52040E7E6F23F1AD6AB70334F285219DE4740C985F6F26C36D61B658D8945E646C81BBFBDE1B5C6899F2EC2" -"C#\Shared Logics\Types And Definitions\WinTrust.cs","WinTrust.cs","C1C27E1294F2BB1AF89992A4B8EBBB2C9121253FC8E4B769CE3020B36695BF6A7231A8807EED5E8A5A7C07ED87B6E395C9D6DB0993250F7185A946349DE76BE0" -"C#\Shared Logics\Variables\CILogIntel.cs","CILogIntel.cs","3E74487685EF2274E5536251C9C420CFD0E42931C7B4AB8E97A66D0A2232CD3B936EFEB774BD25DCD52785D768A4975F29366EA1ECB3559BC5D8116E45CC1C47" -"C#\Shared Logics\Variables\GlobalVars.cs","GlobalVars.cs","0723DA8272A3CA6E109FC9D3BB41CADE18504C4A8AD75D079ACCAF24257923DC7F645D32E6402BAC595D96CFF7ED36F604D7D91835E7A66944DD39F7CAE0720C" -"C#\Shared Logics\WDAC Simulation\Arbitrator.cs","Arbitrator.cs","FC421E779F4C08F597358CA805E3D7D00A62A726773B7BE69614AF15252E396CB1218473861617AA8A9F1739234D93F54FB1D9D1F080E5752147C4F28C69965D" -"C#\Shared Logics\WDAC Simulation\GetCertificateDetails.cs","GetCertificateDetails.cs","2D5BDF67A60E7F77F59C2782DD6AAC6104E544CA7DE1DFB2F7475E6B2E397DCA4720172518AF29B6127C5ACEE5C7397CCCBCCB0DCD56873938A42DE28C286642" -"C#\Shared Logics\WDAC Simulation\GetFileRuleOutput.cs","GetFileRuleOutput.cs","317C4E465D3E8222DA51087B60C598C8900C231C3A50ACB0A32B76D249F8AA33D16E9662419DEADA29615D3408AE8375A0E6879FDE6922E46959D5A94F329DA1" -"C#\Shared Logics\WDAC Simulation\GetSignerInfo.cs","GetSignerInfo.cs","87AE8BA4DF39E0C28643A3C40D4408BFE78565B73EF8D96C296F6D11F964BB2EAC61E55278D9A4B93EA4171CA0AE143CE2C003888A2F56351C271648B2FCC0AC" -"C#\Shared Logics\XMLOps\ClearCiPolicySemantic.cs","ClearCiPolicySemantic.cs","9CDCFE70996701F65808422EA56A932D3C6BC24B28EC9867CBE4D04B1B9B35E610A9DAB14D850D74E3AD8EC9ADB40F7D77C8D3693B37DBDC913A529067791C89" -"C#\Shared Logics\XMLOps\CloseEmptyXmlNodesSemantic.cs","CloseEmptyXmlNodesSemantic.cs","0194BFA2CE8540F6B19DD967107279CDFCDDE55696C738102484F3EAD2CFB88AFCABCF8ADB42E3064CDC6B8C999AFD9605C371DF1297162E83E023655BD65D47" -"C#\Shared Logics\XMLOps\Macros.cs","Macros.cs","08CD23FBD304B4B668A7DACAE3C165D07E362721989FFDE6C9FEE65F46994DB1B8BD8FCBA8AD9B20F24B3C226CC5E1684B3F1203FBA97C64D3C2FA071AE6CD48" -"C#\Shared Logics\XMLOps\MergeSignersSemantic.cs","MergeSignersSemantic.cs","08E91763C70F9D20501E93D43248DD82E3A9498C89EC0842F1B82803B637FFE96116745B286CF5695E8AFA3EFC4216DF5FBD8F9404F57EAB1B1F8AC2FBB6A951" -"C#\Shared Logics\XMLOps\NewCertificateSignerRules.cs","NewCertificateSignerRules.cs","9D80433C5848EC4166BA422165CFE8D6F327AF5F417DF7BA4995591FB5B6E3556223DCAB0EC2813159B1448AA08C8DE12F6AF54E39B07124D5BB3D2D87995C71" -"C#\Shared Logics\XMLOps\NewFilePublisherLevelRules.cs","NewFilePublisherLevelRules.cs","96511FFC14EA3E205D888A5ADA0FA4D186D3D3F0459C9C7DB0CC90FED8DC88A0F591A00723D77BA284E5E6A733ABFEF1A356479951B8CD086C37A88392D7086D" -"C#\Shared Logics\XMLOps\NewHashLevelRules.cs","NewHashLevelRules.cs","CF50641D9FF7387AC2AF16E4ED56E70DD6628583039E6BBCA5B67EDE2459F099C090D1592074DED240F90277C29295193D44295B709030D00A5CE1477993A570" -"C#\Shared Logics\XMLOps\NewPFNLevelRules.cs","NewPFNLevelRules.cs","1800102658B50D6F71E832B27EBD78D278CD248C8D8F728FB43800A561DBEF4CD5972181752A335C9406BCF64BC316C50406885A74DD2807FA8B6E3484F0914F" -"C#\Shared Logics\XMLOps\NewPublisherLevelRules.cs","NewPublisherLevelRules.cs","B96DEFE92BCE950FF5CC692C8D6A8AFD11189DBC1533A091AB803AA887C98EF49C61544CE9BC8805575966717E42C6D3B4898117CF2CDEF43298B80E3C2C43AC" -"C#\Shared Logics\XMLOps\RemoveAllowElementsSemantic.cs","RemoveAllowElementsSemantic.cs","7E751A1E5D96957836B9D7CABD97665D5A81C929F86DB4872FA55AA1F60CE40ED919A56236A2245471E8C3424E6D2FF937A94EDA16851039E36093A2953E601B" -"C#\Shared Logics\XMLOps\RemoveDuplicateFileAttribSemantic.cs","RemoveDuplicateFileAttribSemantic.cs","EA7457347521808663D25A7AF5144FDB54B437A6D580F96193FD6820F9CF63005E48CA730CFA23573A7F1C850422137545FB7E020594D9A9954CC12F143AE87E" -"C#\Shared Logics\XMLOps\RemoveUnreferencedFileRuleRefs.cs","RemoveUnreferencedFileRuleRefs.cs","F81FA9C9F2C3251A67CDD9EC8374C8C4CFA5289C1727B90E4CB1381C5D04804F5E69D88DC853D1E5905D65336F8D17B71E92416F3AB5C54D72D3B12B95EC00D0" -"C#\Shared Logics\XMLOps\SetCiPolicyInfo.cs","SetCiPolicyInfo.cs","EAB6AAFDE8BE454A57A6DCB3638C2CC80F7FDBB3C244BD57FB87CE3F3DCB09B41451C527333BF73E38EF8AB60EC61F0314C11D79F1981ADB004BA9FF6EE129A5" -"C#\Shared Logics\XMLOps\SignerAndHashBuilder.cs","SignerAndHashBuilder.cs","15B481D5F8E0757C36915ECE0B9FAF3CA93D4FEC085FCCEE41701E0011B4BD020875C83474E3EAA987B6C14ECB94D9F2B9DCEF281A6AED5B3239645D505A7C69" -"C#\Shared Logics\XMLOps\UpdateHvciOptions.cs","UpdateHvciOptions.cs","6EF7C4576AA63DBD11FFEBA1A21843D9785426345FA408C78C98C3CA28EC978BE1229220CBB2E2BE031C1B4C97AAD6DDB255423ACF68626DFE6D6305070C4513" -"C#\Shared Logics\XMLOps\XMLOps.cs","XMLOps.cs","E832F463B2330BBC0AED30E0214A2144B35CF8C4F41AF5EC5BD3BC0393FC5EE1DA2955D275ECF7B9DF022126F58F0439ADD6ACC2C18DA616DFECAD9896F7B5F9" diff --git a/WDACConfig/WDACConfig Module Files/Core/New-DenyWDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/Core/New-DenyWDACConfig.psm1 deleted file mode 100644 index 981401239..000000000 --- a/WDACConfig/WDACConfig Module Files/Core/New-DenyWDACConfig.psm1 +++ /dev/null @@ -1,294 +0,0 @@ -Function New-DenyWDACConfig { - [CmdletBinding( - DefaultParameterSetName = 'Drivers', - PositionalBinding = $false, - SupportsShouldProcess = $true, - ConfirmImpact = 'High' - )] - Param( - [Alias('D')][Parameter(Mandatory = $false, ParameterSetName = 'Drivers')][switch]$Drivers, - [Alias('P')][parameter(mandatory = $false, ParameterSetName = 'Installed AppXPackages')][switch]$InstalledAppXPackages, - [Alias('W')][Parameter(Mandatory = $false, ParameterSetName = 'Folder Path With WildCards')][switch]$PathWildCards, - - [parameter(Mandatory = $true, ParameterSetName = 'Installed AppXPackages', ValueFromPipelineByPropertyName = $true)] - [System.String]$PackageName, - - [ValidateCount(1, 232)] - [ValidatePattern('^[a-zA-Z0-9 \-]+$', ErrorMessage = 'The policy name can only contain alphanumeric, space and dash (-) characters.')] - [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)] - [System.String]$PolicyName, - - [ArgumentCompleter([WDACConfig.ArgCompleter.FolderPickerWithWildcard])] - [ValidatePattern('\*', ErrorMessage = 'You did not supply a path that contains wildcard character (*) .')] - [parameter(Mandatory = $true, ParameterSetName = 'Folder Path With WildCards', ValueFromPipelineByPropertyName = $true)] - [System.IO.DirectoryInfo]$FolderPath, - - [ArgumentCompleter([WDACConfig.ArgCompleter.FolderPicker])] - [ValidateScript({ [System.IO.Directory]::Exists($_) }, ErrorMessage = 'One of the paths you selected is not a valid folder path.')] - [Parameter(Mandatory = $false, ParameterSetName = 'Drivers')] - [System.IO.DirectoryInfo[]]$ScanLocations, - - [Parameter(Mandatory = $false)][switch]$Deploy, - [Parameter(Mandatory = $false, ParameterSetName = 'Installed AppXPackages')][switch]$Force, - [Parameter(Mandatory = $false, ParameterSetName = 'Folder Path With WildCards')][switch]$EmbeddedVerboseOutput - ) - Begin { - [WDACConfig.LoggerInitializer]::Initialize($VerbosePreference, $DebugPreference, $Host) - - [System.IO.DirectoryInfo]$StagingArea = [WDACConfig.StagingArea]::NewStagingArea('New-DenyWDACConfig') - - # Detecting if Confirm switch is used to bypass the confirmation prompts - if ($Force -and -Not $Confirm) { - $ConfirmPreference = 'None' - } - - [System.IO.FileInfo]$FinalDenyPolicyPath = Join-Path -Path $StagingArea -ChildPath "DenyPolicy $PolicyName.xml" - [System.IO.FileInfo]$FinalDenyPolicyCIPPath = Join-Path -Path $StagingArea -ChildPath "DenyPolicy $PolicyName.cip" - - # Due to the ACLs of the Windows directory, we make a copy of the AllowAll template policy in the Staging Area and then use it - [System.IO.FileInfo]$AllowAllPolicyPath = Join-Path -Path $StagingArea -ChildPath 'AllowAllPolicy.xml' - Copy-Item -Path 'C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml' -Destination $AllowAllPolicyPath -Force - - [System.IO.FileInfo]$TempPolicyPath = Join-Path -Path $StagingArea -ChildPath 'DenyPolicy Temp.xml' - - # Flag indicating the final files should not be copied to the main user config directory - [System.Boolean]$NoCopy = $false - } - process { - Try { - # Create Deny base policy for Driver files - if ($Drivers) { - - # The total number of the main steps for the progress bar to render - $TotalSteps = $Deploy ? 4us : 3us - $CurrentStep = 0us - - $CurrentStep++ - Write-Progress -Id 23 -Activity 'Processing user selected Folders' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.Logger]::Write('Looping through each user-selected folder paths, scanning them, creating a temp policy file based on them') - powershell.exe -NoProfile -Command { - - # Prep the environment as a workaround for the ConfigCI bug - if ([System.IO.Directory]::Exists('C:\Program Files\Windows Defender\Offline')) { - [System.String]$RandomGUID = [System.Guid]::NewGuid().ToString() - New-CIPolicy -UserPEs -ScanPath 'C:\Program Files\Windows Defender\Offline' -Level hash -FilePath ".\$RandomGUID.xml" -NoShadowCopy -PathToCatroot 'C:\Program Files\Windows Defender\Offline' -WarningAction SilentlyContinue - Remove-Item -LiteralPath ".\$RandomGUID.xml" -Force - } - - [System.Collections.ArrayList]$DriverFilesObject = @() - - # loop through each user-selected folder paths - foreach ($ScanLocation in $args[0]) { - - # DriverFile object holds the full details of all of the scanned drivers - This scan is greedy, meaning it stores as much information as it can find - # about each driver file, any available info about digital signature, hash, FileName, Internal Name etc. of each driver is saved and nothing is left out - $DriverFilesObject += Get-SystemDriver -ScanPath $ScanLocation -UserPEs - } - - [System.Collections.Hashtable]$PolicyMakerHashTable = @{ - FilePath = $args[1] - DriverFiles = $DriverFilesObject - Level = 'WHQLFilePublisher' - Fallback = 'None' - MultiplePolicyFormat = $true - UserWriteablePaths = $true - Deny = $true - AllowFileNameFallbacks = $true - } - # Creating a base policy using the DriverFile object and specifying which detail about each driver should be used in the policy file - New-CIPolicy @PolicyMakerHashTable - - } -args $ScanLocations, $TempPolicyPath - - $CurrentStep++ - Write-Progress -Id 23 -Activity 'Merging the policies' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - # Merging AllowAll default policy with our Deny temp policy - [WDACConfig.Logger]::Write('Merging AllowAll default template policy with our Deny temp policy') - $null = Merge-CIPolicy -PolicyPaths $AllowAllPolicyPath, $TempPolicyPath -OutputFilePath $FinalDenyPolicyPath - - $CurrentStep++ - Write-Progress -Id 23 -Activity 'Configuring the base policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.Logger]::Write('Assigning a name and resetting the policy ID') - $null = [WDACConfig.SetCiPolicyInfo]::Set($FinalDenyPolicyPath, $true, $PolicyName, $null, $null) - - [WDACConfig.SetCiPolicyInfo]::Set($FinalDenyPolicyPath, ([version]'1.0.0.0')) - - [WDACConfig.CiRuleOptions]::Set($FinalDenyPolicyPath, [WDACConfig.CiRuleOptions+PolicyTemplate]::Base, $null, $null, $null, $null, $null, $null, $null, $null, $null) - - [WDACConfig.Logger]::Write('Converting the policy XML to .CIP') - $null = ConvertFrom-CIPolicy -XmlFilePath $FinalDenyPolicyPath -BinaryFilePath $FinalDenyPolicyCIPPath - - if ($Deploy) { - $CurrentStep++ - Write-Progress -Id 23 -Activity 'Deploying the base policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.CiToolHelper]::UpdatePolicy($FinalDenyPolicyCIPPath) - - Write-ColorfulTextWDACConfig -Color Pink -InputText "A Deny Base policy with the name '$PolicyName' has been deployed." - } - Write-Progress -Id 23 -Activity 'Complete.' -Completed - } - - # Creating Deny rule for Appx Packages - if ($InstalledAppXPackages) { - - try { - # The total number of the main steps for the progress bar to render - $TotalSteps = $Deploy ? 3us : 2us - $CurrentStep = 0us - - $CurrentStep++ - Write-Progress -Id 24 -Activity 'Getting the Appx package' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - # Backing up PS Formatting Styles - [System.Collections.Hashtable]$OriginalStyle = @{} - $PSStyle.Formatting | Get-Member -MemberType Property | ForEach-Object -Process { - $OriginalStyle[$_.Name] = $PSStyle.Formatting.$($_.Name) - } - - # Change the color for the list items to plum - $PSStyle.Formatting.FormatAccent = "$($PSStyle.Foreground.FromRGB(221,160,221))" - - [WDACConfig.Logger]::Write('Displaying the installed Appx packages based on the supplied name') - Get-AppxPackage -Name $PackageName | Select-Object -Property Name, Publisher, version, PackageFamilyName, PackageFullName, InstallLocation, Dependencies, SignatureKind, Status - - # Prompt for confirmation before proceeding - if ($PSCmdlet.ShouldProcess('', 'Select No to cancel and choose another name', 'Is this the intended results based on your Installed Appx packages?')) { - - $CurrentStep++ - Write-Progress -Id 24 -Activity 'Creating the base policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.Logger]::Write('Creating a temporary Deny policy for the supplied Appx package name') - powershell.exe -NoProfile -Command { - # Get all the packages based on the supplied name - [Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage[]]$Package = Get-AppxPackage -Name $args[0] - - $Rules = @() - - # Create rules for each package - foreach ($Item in $Package) { - $Rules += New-CIPolicyRule -Deny -Package $Item - } - - # Generate the supplemental policy xml file - New-CIPolicy -MultiplePolicyFormat -FilePath $args[1] -Rules $Rules - } -args $PackageName, $TempPolicyPath - - # Merging AllowAll default policy with our Deny temp policy - [WDACConfig.Logger]::Write('Merging AllowAll default template policy with our AppX Deny temp policy') - $null = Merge-CIPolicy -PolicyPaths $AllowAllPolicyPath, $TempPolicyPath -OutputFilePath $FinalDenyPolicyPath - - [WDACConfig.Logger]::Write('Assigning a name and resetting the policy ID') - $null = [WDACConfig.SetCiPolicyInfo]::Set($FinalDenyPolicyPath, $true, $PolicyName, $null, $null) - - [WDACConfig.SetCiPolicyInfo]::Set($FinalDenyPolicyPath, ([version]'1.0.0.0')) - - [WDACConfig.CiRuleOptions]::Set($FinalDenyPolicyPath, [WDACConfig.CiRuleOptions+PolicyTemplate]::Base, $null, $null, $null, $null, $null, $null, $null, $null, $null) - - [WDACConfig.Logger]::Write('Converting the policy XML to .CIP') - $null = ConvertFrom-CIPolicy -XmlFilePath $FinalDenyPolicyPath -BinaryFilePath $FinalDenyPolicyCIPPath - - if ($Deploy) { - $CurrentStep++ - Write-Progress -Id 24 -Activity 'Deploying the base policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.CiToolHelper]::UpdatePolicy($FinalDenyPolicyCIPPath) - - Write-ColorfulTextWDACConfig -Color Pink -InputText "A Deny Base policy with the name '$PolicyName' has been deployed." - } - } - else { - $NoCopy = $true - } - } - finally { - # Restore PS Formatting Styles - $OriginalStyle.Keys | ForEach-Object -Process { - $PSStyle.Formatting.$_ = $OriginalStyle[$_] - } - Write-Progress -Id 24 -Activity 'Complete.' -Completed - } - } - - # Create Deny base policy for a folder with wildcards - if ($PathWildCards) { - - # The total number of the main steps for the progress bar to render - $TotalSteps = $Deploy ? 3us : 2us - $CurrentStep = 0us - - $CurrentStep++ - Write-Progress -Id 29 -Activity 'Creating the wildcard deny policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - # Using Windows PowerShell to handle serialized data since PowerShell core throws an error - [WDACConfig.Logger]::Write('Creating the deny policy file') - powershell.exe -NoProfile -Command { - $RulesWildCards = New-CIPolicyRule -Deny -FilePathRule $args[0] - New-CIPolicy -MultiplePolicyFormat -FilePath $args[1] -Rules $RulesWildCards - } -args $FolderPath, $TempPolicyPath - - # Merging AllowAll default policy with our Deny temp policy - [WDACConfig.Logger]::Write('Merging AllowAll default template policy with our Wildcard Deny temp policy') - $null = Merge-CIPolicy -PolicyPaths $AllowAllPolicyPath, $TempPolicyPath -OutputFilePath $FinalDenyPolicyPath - - $CurrentStep++ - Write-Progress -Id 29 -Activity 'Configuring the wildcard deny policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.Logger]::Write('Assigning a name and resetting the policy ID') - $null = [WDACConfig.SetCiPolicyInfo]::Set($FinalDenyPolicyPath, $true, $PolicyName, $null, $null) - - [WDACConfig.SetCiPolicyInfo]::Set($FinalDenyPolicyPath, ([version]'1.0.0.0')) - - [WDACConfig.CiRuleOptions]::Set($FinalDenyPolicyPath, [WDACConfig.CiRuleOptions+PolicyTemplate]::Base, $null, $null, $null, $null, $null, $null, $null, $null, $null) - - [WDACConfig.Logger]::Write('Converting the policy XML to .CIP') - $null = ConvertFrom-CIPolicy -XmlFilePath $FinalDenyPolicyPath -BinaryFilePath $FinalDenyPolicyCIPPath - - if ($Deploy) { - $CurrentStep++ - Write-Progress -Id 29 -Activity 'Deploying the base policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.CiToolHelper]::UpdatePolicy($FinalDenyPolicyCIPPath) - - if ($EmbeddedVerboseOutput) { - [WDACConfig.Logger]::Write("A Deny Base policy with the name '$PolicyName' has been deployed.") - } - else { - Write-ColorfulTextWDACConfig -Color Pink -InputText "A Deny Base policy with the name '$PolicyName' has been deployed." - } - } - Write-Progress -Id 29 -Activity 'Complete.' -Completed - } - } - Catch { - $NoCopy = $true - Throw $_ - } - finally { - # If the cmdlet is not running in embedded mode - if (-NOT $EmbeddedVerboseOutput) { - # If there was no error - if (!$NoCopy) { - # Display the output - if ($Deploy) { - Write-FinalOutput -Paths $FinalDenyPolicyPath - } - else { - Write-FinalOutput -Paths $FinalDenyPolicyPath, $FinalDenyPolicyCIPPath - } - } - } - - # Copy the final policy files to the user config directory - if (!$NoCopy) { - Copy-Item -Path ($Deploy ? $FinalDenyPolicyPath : $FinalDenyPolicyPath, $FinalDenyPolicyCIPPath) -Destination ([WDACConfig.GlobalVars]::UserConfigDir) -Force - } - if (![WDACConfig.GlobalVars]::DebugPreference) { - Remove-Item -Path $StagingArea -Recurse -Force - } - } - } -} \ No newline at end of file diff --git a/WDACConfig/WDACConfig Module Files/Core/New-SupplementalWDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/Core/New-SupplementalWDACConfig.psm1 deleted file mode 100644 index b37f75969..000000000 --- a/WDACConfig/WDACConfig Module Files/Core/New-SupplementalWDACConfig.psm1 +++ /dev/null @@ -1,201 +0,0 @@ -Function New-SupplementalWDACConfig { - [CmdletBinding( - DefaultParameterSetName = 'Folder Path With WildCards', - PositionalBinding = $false, - SupportsShouldProcess = $true, - ConfirmImpact = 'High' - )] - Param( - [Alias('W')][Parameter(Mandatory = $false, ParameterSetName = 'Folder Path With WildCards')][switch]$PathWildCards, - [Alias('P')][parameter(mandatory = $false, ParameterSetName = 'Installed AppXPackages')][switch]$InstalledAppXPackages, - [parameter(Mandatory = $true, ParameterSetName = 'Installed AppXPackages')][System.String]$PackageName, - [ArgumentCompleter([WDACConfig.ArgCompleter.FolderPickerWithWildcard])] - [ValidatePattern('\*', ErrorMessage = 'You did not supply a path that contains wildcard character (*) .')] - [parameter(Mandatory = $true, ParameterSetName = 'Folder Path With WildCards', ValueFromPipelineByPropertyName = $true)] - [System.IO.DirectoryInfo]$FolderPath, - - [ValidateCount(1, 232)] - [ValidatePattern('^[a-zA-Z0-9 \-]+$', ErrorMessage = 'The policy name can only contain alphanumeric, space and dash (-) characters.')] - [parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)] - [System.String]$SuppPolicyName, - - [ArgumentCompleter([WDACConfig.ArgCompleter.XmlFilePathsPicker])] - [ValidateScript({ [WDACConfig.CiPolicyTest]::TestCiPolicy($_, $null) })] - [parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)] - [System.IO.FileInfo]$PolicyPath, - - [parameter(Mandatory = $false)][switch]$Deploy, - [Parameter(Mandatory = $false, ParameterSetName = 'Installed AppXPackages')][switch]$Force - ) - Begin { - [WDACConfig.LoggerInitializer]::Initialize($VerbosePreference, $DebugPreference, $Host) - - [System.IO.DirectoryInfo]$StagingArea = [WDACConfig.StagingArea]::NewStagingArea('New-SupplementalWDACConfig') - - # Ensure when user selects the -Deploy parameter, the base policy is not signed - if ($Deploy) { - if ([WDACConfig.PolicyFileSigningStatusDetection]::Check($PolicyPath) -eq [WDACConfig.PolicyFileSigningStatusDetection+SigningStatus]::Signed) { - Throw 'You are using -Deploy parameter and the selected base policy is Signed. Please use Deploy-SignedWDACConfig to deploy it.' - } - # Send $true to set it as valid if no errors were thrown before - $true - } - - # Detecting if Confirm switch is used to bypass the confirmation prompts - if ($Force -and -Not $Confirm) { - $ConfirmPreference = 'None' - } - - # Defining path for the final Supplemental policy XML and CIP files - used by the entire Cmdlet - [System.IO.FileInfo]$FinalSupplementalPath = Join-Path -Path $StagingArea -ChildPath "SupplementalPolicy $SuppPolicyName.xml" - [System.IO.FileInfo]$FinalSupplementalCIPPath = Join-Path -Path $StagingArea -ChildPath "SupplementalPolicy $SuppPolicyName.cip" - - # Flag indicating the final files should not be copied to the main user config directory - [System.Boolean]$NoCopy = $false - } - - process { - - try { - if ($PSBoundParameters['PathWildCards']) { - - # The total number of the main steps for the progress bar to render - $TotalSteps = $Deploy ? 2us : 1us - $CurrentStep = 0us - - $CurrentStep++ - Write-Progress -Id 20 -Activity 'Creating the Supplemental policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - # Using Windows PowerShell to handle serialized data since PowerShell core throws an error - [WDACConfig.Logger]::Write('Creating the Supplemental policy file') - powershell.exe -NoProfile -Command { - $RulesWildCards = New-CIPolicyRule -FilePathRule $args[0] - New-CIPolicy -MultiplePolicyFormat -FilePath "$($args[2])\SupplementalPolicy $($args[1]).xml" -Rules $RulesWildCards - } -args $FolderPath, $SuppPolicyName, $StagingArea - - [WDACConfig.Logger]::Write('Changing the policy type from base to Supplemental, assigning its name and resetting its policy ID') - $null = [WDACConfig.SetCiPolicyInfo]::Set($FinalSupplementalPath, $true, "$SuppPolicyName - $(Get-Date -Format 'MM-dd-yyyy')", $null, $PolicyPath) - - [WDACConfig.SetCiPolicyInfo]::Set($FinalSupplementalPath, ([version]'1.0.0.0')) - - [WDACConfig.CiRuleOptions]::Set($FinalSupplementalPath, [WDACConfig.CiRuleOptions+PolicyTemplate]::Supplemental, $null, $null, $null, $null, $null, $null, $null, $null, $null) - - [WDACConfig.Logger]::Write('Converting the Supplemental policy XML file to a CIP file') - $null = ConvertFrom-CIPolicy -XmlFilePath $FinalSupplementalPath -BinaryFilePath $FinalSupplementalCIPPath - - if ($Deploy) { - $CurrentStep++ - Write-Progress -Id 20 -Activity 'Deploying the Supplemental policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.CiToolHelper]::UpdatePolicy($FinalSupplementalCIPPath) - Write-ColorfulTextWDACConfig -Color Pink -InputText "A Supplemental policy with the name '$SuppPolicyName' has been deployed." - } - Write-Progress -Id 20 -Activity 'Complete.' -Completed - } - if ($PSBoundParameters['InstalledAppXPackages']) { - try { - # The total number of the main steps for the progress bar to render - $TotalSteps = $Deploy ? 3us : 2us - $CurrentStep = 0us - - $CurrentStep++ - Write-Progress -Id 21 -Activity 'Getting the Appx package' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - # Backing up PS Formatting Styles - [System.Collections.Hashtable]$OriginalStyle = @{} - $PSStyle.Formatting | Get-Member -MemberType Property | ForEach-Object -Process { - $OriginalStyle[$_.Name] = $PSStyle.Formatting.$($_.Name) - } - - # Change the color for the list items to plum - $PSStyle.Formatting.FormatAccent = "$($PSStyle.Foreground.FromRGB(221,160,221))" - - [WDACConfig.Logger]::Write('Displaying the installed Appx packages based on the supplied name') - Get-AppxPackage -Name $PackageName | Select-Object -Property Name, Publisher, version, PackageFamilyName, PackageFullName, InstallLocation, Dependencies, SignatureKind, Status - - # Prompt for confirmation before proceeding - if ($PSCmdlet.ShouldProcess('', 'Select No to cancel and choose another name', 'Is this the intended results based on your Installed Appx packages?')) { - - $CurrentStep++ - Write-Progress -Id 21 -Activity 'Creating the Supplemental policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.Logger]::Write('Creating a policy for the supplied Appx package name and its dependencies (if any)') - powershell.exe -NoProfile -Command { - # Get all the packages based on the supplied name - [Microsoft.Windows.Appx.PackageManager.Commands.AppxPackage[]]$Package = Get-AppxPackage -Name $args[0] - - # Get package dependencies if any - $PackageDependencies = $Package.Dependencies - - $Rules = @() - - # Create rules for each package - foreach ($Item in $Package) { - $Rules += New-CIPolicyRule -Package $Item - } - - # Create rules for each package dependency, if any - if ($PackageDependencies) { - foreach ($Item in $PackageDependencies) { - $Rules += New-CIPolicyRule -Package $Item - } - } - - # Generate the supplemental policy xml file - New-CIPolicy -MultiplePolicyFormat -FilePath "$($args[2])\SupplementalPolicy $($args[1]).xml" -Rules $Rules - } -args $PackageName, $SuppPolicyName, $StagingArea - - [WDACConfig.Logger]::Write('Converting the policy type from base to Supplemental, assigning its name and resetting its policy ID') - $null = [WDACConfig.SetCiPolicyInfo]::Set($FinalSupplementalPath, $true, "$SuppPolicyName - $(Get-Date -Format 'MM-dd-yyyy')", $null, $PolicyPath) - - [WDACConfig.SetCiPolicyInfo]::Set($FinalSupplementalPath, ([version]'1.0.0.0')) - - [WDACConfig.CiRuleOptions]::Set($FinalSupplementalPath, [WDACConfig.CiRuleOptions+PolicyTemplate]::Supplemental, $null, $null, $null, $null, $null, $null, $null, $null, $null) - - [WDACConfig.Logger]::Write('Converting the Supplemental policy XML file to a CIP file') - $null = ConvertFrom-CIPolicy -XmlFilePath $FinalSupplementalPath -BinaryFilePath $FinalSupplementalCIPPath - - if ($Deploy) { - $CurrentStep++ - Write-Progress -Id 21 -Activity 'Deploying the Supplemental policy' -Status "Step $CurrentStep/$TotalSteps" -PercentComplete ($CurrentStep / $TotalSteps * 100) - - [WDACConfig.CiToolHelper]::UpdatePolicy($FinalSupplementalCIPPath) - Write-ColorfulTextWDACConfig -Color Pink -InputText "A Supplemental policy with the name '$SuppPolicyName' has been deployed." - } - } - else { - $NoCopy = $true - } - } - finally { - # Restore PS Formatting Styles - $OriginalStyle.Keys | ForEach-Object -Process { - $PSStyle.Formatting.$_ = $OriginalStyle[$_] - } - Write-Progress -Id 21 -Activity 'Complete.' -Completed - } - } - } - Catch { - $NoCopy = $true - Throw $_ - } - finally { - # Display the output - if ($Deploy) { - Write-FinalOutput -Paths $FinalSupplementalPath - } - else { - Write-FinalOutput -Paths $FinalSupplementalPath, $FinalSupplementalCIPPath - } - - # Copy the final files to the user config directory - if (!$NoCopy) { - Copy-Item -Path ($Deploy ? $FinalSupplementalPath : $FinalSupplementalPath, $FinalSupplementalCIPPath) -Destination ([WDACConfig.GlobalVars]::UserConfigDir) -Force - } - if (![WDACConfig.GlobalVars]::DebugPreference) { - Remove-Item -Path $StagingArea -Recurse -Force - } - } - } -} \ No newline at end of file diff --git a/WDACConfig/WDACConfig Module Files/Shared/New-Macros.psm1 b/WDACConfig/WDACConfig Module Files/Shared/New-Macros.psm1 deleted file mode 100644 index 89460fd70..000000000 --- a/WDACConfig/WDACConfig Module Files/Shared/New-Macros.psm1 +++ /dev/null @@ -1,127 +0,0 @@ -Function New-Macros { - <# - .SYNOPSIS - Creates Macros in the CI policy XML and adds them as multi-valued AppIDs to each element in the node - .PARAMETER XmlFilePath - The path to the XML file containing the CI policy - .PARAMETER InputObject - This should be a hashtable that contains directory paths and audit logs - .INPUTS - System.Collections.Hashtable - System.IO.FileInfo - .OUTPUTS - System.Void - #> - [CmdletBinding()] - Param ( - [Parameter(Mandatory = $true)][System.IO.FileInfo]$XmlFilePath, - [Parameter(Mandatory = $true)][System.Collections.Hashtable]$InputObject - ) - Begin { - - $Macros = New-Object -TypeName 'System.Collections.Generic.HashSet[System.String]' - - # If user selected directory paths to be passed to this function - if ($null -ne $InputObject['SelectedDirectoryPaths'] -and $InputObject['SelectedDirectoryPaths'].count -gt 0) { - - # loop over each exe in all directories - foreach ($Exe in ([WDACConfig.FileUtility]::GetFilesFast($InputObject['SelectedDirectoryPaths'], $null, '.exe'))) { - - # Get the Extended File Info of the current exe file - [WDACConfig.ExFileInfo]$ExFileInfo = [WDACConfig.ExFileInfo]::GetExtendedFileInfo($Exe) - - # make sure the OriginalFileName is not null for the current exe - if ($null -ne $ExFileInfo.OriginalFileName) { - # Send the OriginalFileName to the Macros HashSet - [System.Void]$Macros.Add($ExFileInfo.OriginalFileName) - } - else { - [WDACConfig.Logger]::Write("New-Macros: OriginalFileName property is empty for the file: $($Exe.FullName)") - } - } - } - - # If audit logs were passed to this function - if ($null -ne $InputObject['SelectedAuditLogs'] -and $InputObject['SelectedAuditLogs'].count -gt 0) { - - # Add the OriginalFileName value of all of the executable files that exist or don't exist on the disk from audit logs to the Macros HashSet - foreach ($Item in $InputObject['SelectedAuditLogs']) { - if ((([System.IO.FileInfo]$Item.'File Name').Extension -eq '.exe') -and (-NOT ([System.String]::IsNullOrWhiteSpace($Item.OriginalFileName)))) { - [System.Void]$Macros.Add($Item.OriginalFileName) - } - } - } - - # Break from the begin block if there is no macros (aka OriginalFileNames) to add to the policy - if ($Macros.Count -eq 0) { return } - - # Load the XML file - [System.Xml.XmlDocument]$Xml = Get-Content -Path $XmlFilePath - - # Define the namespace manager - [System.Xml.XmlNamespaceManager]$Ns = New-Object -TypeName System.Xml.XmlNamespaceManager -ArgumentList $Xml.NameTable - $Ns.AddNamespace('ns', 'urn:schemas-microsoft-com:sipolicy') - - # Find the Macros node - $MacrosNode = $Xml.SelectSingleNode('//ns:Macros', $Ns) - - # Check if Macros node doesn't exist - if (($null -eq $MacrosNode ) -and ($MacrosNode -isnot [System.Xml.XmlElement])) { - # Create the Macros node - [System.Xml.XmlElement]$MacrosNode = $Xml.CreateElement('Macros', $Xml.DocumentElement.NamespaceURI) - [System.Void]$Xml.DocumentElement.AppendChild($MacrosNode) - } - - # Create a hashtable to store the mapping of Macro IDs to their values - [System.Collections.Hashtable]$MacroAppIDMapping = @{} - - # Ensuring that the MacroIDs are unique - comes handy when merging multiple Macros from different policies into one - foreach ($Macro in $Macros) { - $RandomizedGUID = [System.Guid]::NewGuid().ToString().Replace('-', '') - $MacroAppIDMapping["AppID.$RandomizedGUID"] = $Macro - } - - # To store the AppIDs array as a single string - $AppIDsArray = New-Object -TypeName 'System.Text.StringBuilder' - } - Process { - - if ($Macros.Count -eq 0) { return } - - foreach ($Macro in $MacroAppIDMapping.Keys) { - - # Create new Macro node - [System.Xml.XmlElement]$NewMacroNode = $Xml.CreateElement('Macro', $MacrosNode.NamespaceURI) - # It is important for the ID to be "Id" and not "ID" like the rest of the elements to be valid against the Schema - $NewMacroNode.SetAttribute('Id', $Macro) - $NewMacroNode.SetAttribute('Value', $MacroAppIDMapping[$Macro]) - # Add the new node to the Macros node - [System.Void]$MacrosNode.AppendChild($NewMacroNode) - - [System.Void]$AppIDsArray.Append("`$($Macro)") - } - - # Update AppIDs for elements between and - $FileRulesNode = $Xml.SelectSingleNode('//ns:FileRules', $Ns) - if ($FileRulesNode) { - # Make sure to exclude the .exe files from the AppIDs because only AddIns such as DLLs should have the AppIDs applied to them. - # AppIDs applied to .exe files make them unrunnable and trigger blocked event. - # Also exclude .sys files since driver load can only be done by secure kernel - $FileRulesToModify = foreach ($Node in $FileRulesNode.ChildNodes) { - if (($Node.Name -in 'Allow', 'Deny', 'FileAttrib', 'FileRule') -and ($Node.FriendlyName -notmatch '.*\.(exe|sys).*')) { - $Node - } - } - - foreach ($Rule in $FileRulesToModify) { - $Rule.SetAttribute('AppIDs', $AppIDsArray.ToString()) - } - } - } - End { - if ($Macros.Count -eq 0) { return } - - $Xml.Save($XmlFilePath) - } -} -Export-ModuleMember -Function 'New-Macros' \ No newline at end of file diff --git a/WDACConfig/WDACConfig Module Files/WDACConfig.psd1 b/WDACConfig/WDACConfig Module Files/WDACConfig.psd1 deleted file mode 100644 index cf568dc3a..000000000 --- a/WDACConfig/WDACConfig Module Files/WDACConfig.psd1 +++ /dev/null @@ -1,34 +0,0 @@ -@{ - RootModule = 'WDACConfig.psm1' - ModuleVersion = '0.5.1' - CompatiblePSEditions = @('Core') - GUID = '79920947-efb5-48c1-a567-5b02ebe74793' - Author = 'HotCakeX' - CompanyName = 'SpyNetGirl' - Copyright = '(c) 2023-2024' - PowerShellVersion = '7.4.4' - CmdletsToExport = @() - VariablesToExport = '*' - AliasesToExport = @() - HelpInfoURI = 'https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager' - Description = @' - -🟢This module has been Evolved into the AppControl Manager application which is a modern GUI-based MSIX-packaged open-source Windows application. Check it out here: https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager - -🩷 AppControl Manager is very high performance and offers a lot of new features and improvements. It includes every feature that WDACConfig module had plus so much more. - -'@ - NestedModules = @('Core\New-SupplementalWDACConfig.psm1', 'Core\New-DenyWDACConfig.psm1', 'Core\New-KernelModeWDACConfig.psm1', 'Core\Test-CiPolicy.psm1') - - FunctionsToExport = @('New-SupplementalWDACConfig', 'New-DenyWDACConfig', 'New-KernelModeWDACConfig', 'Test-CiPolicy') - - PrivateData = @{ - PSData = @{ - Tags = @('WDAC', 'Windows-Defender-Application-Control', 'Windows', 'Security', 'Microsoft', 'Application-Control', 'App-Control-for-Business', 'Application-Whitelisting', 'BYOVD') - LicenseUri = 'https://github.com/HotCakeX/Harden-Windows-Security/blob/main/LICENSE' - ProjectUri = 'https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager' - IconUri = 'https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/WDACConfig/icon.png' - ReleaseNotes = 'https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager' - } - } -} \ No newline at end of file diff --git a/WDACConfig/WDACConfig Module Files/WDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/WDACConfig.psm1 deleted file mode 100644 index e69de29bb..000000000 diff --git a/WDACConfig/version.txt b/WDACConfig/version.txt deleted file mode 100644 index 79a2734bb..000000000 --- a/WDACConfig/version.txt +++ /dev/null @@ -1 +0,0 @@ -0.5.0 \ No newline at end of file diff --git a/Wiki posts/WDACConfig Module Main/Edit-SignedWDACConfig.md b/Wiki posts/WDACConfig Module Main/Edit-SignedWDACConfig.md deleted file mode 100644 index ff5aa6f39..000000000 --- a/Wiki posts/WDACConfig Module Main/Edit-SignedWDACConfig.md +++ /dev/null @@ -1,586 +0,0 @@ -# Edit-SignedWDACConfig available parameters - -## Edit-SignedWDACConfig -AllowNewApps - -## Syntax - -```powershell -Edit-SignedWDACConfig - [-AllowNewApps] - -SuppPolicyName - [-BoostedSecurity] - [-PolicyPath ] - [-CertPath ] - [-CertCN ] - [-LogSize ] - [-NoScript] - [-NoUserPEs] - [-SpecificFileNameLevel ] - [-Level ] - [-Fallbacks ] - [-SignToolPath ] - [] -``` - -## Description - -While a Signed App Control for Business policy is already deployed on the system, rebootlessly turns on Audit mode in it, which will allow you to install a new app that was otherwise getting blocked. - -After installation, you will be able to browse for the path(s) of the installed app(s) for scanning, which is optional. - -Any file outside of the paths you select that was executed or run during the audit mode phase and was detected in the audit logs, will be displayed to you in a nice GUI (Graphical User Interface) so you will be able to see detailed information about them and decide whether to include them in the Supplemental policy or not. - -This parameter can also be used for apps that are already installed on the system. - -A new supplemental policy will be created, it will be signed and deployed on the system. The base policy that was initially set to Audit mode will also revert back to enforced mode. The entire process happens without the need for reboot. If something like a power outage occurs during the audit mode phase, on the next reboot, the enforced mode base policy will be automatically deployed. - -> [!NOTE]\ -> This parameter can also detect and create allow rules for Kernel protected files, such as the executables of games installed using Xbox app. Make sure you run the game while the base policy is deployed in Audit mode so that it can capture those executables. - -## Parameters - -### -SuppPolicyName - -Add a descriptive name for the Supplemental policy. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -BoostedSecurity - -Implements Sandboxing-like restrictions around the program's dependencies. - -> [!TIP]\ -> When using this mode, it's recommended to only target one program at a time. E.g., don't use this method for creating a supplemental policy for Adobe Photoshop and Steam client at the same time, because they will be put in the same supplemental policy and the dependency sandboxing will be ineffective. -> -> This mode requires the main executable(s) of the programs that need access to the dependencies (such as DLLs) to have the `OriginalFileName` property. Most of the time they do. Use the `-Verbose` parameter to see when they don't. - -
-Boosted security dependencies in WDAC policies
- -
- -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -CertPath - -Path to the certificate `.cer` file. Press TAB to open the file picker GUI and browse for a `.cer` file. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -CertCN - -Common name of the certificate - Supports argument completion so you don't have to manually enter the Certificate's CN, just make sure the `-CertPath` is specified and the certificate is installed in the personal store of the user certificates, then press TAB to auto complete the name. You can however enter it manually if you want to. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -PolicyPath - -Browse for the xml file of the Base policy this Supplemental policy is going to expand. Supports tab completion by showing only `.xml` files with **Base Policy** Type. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -SignToolPath - -Press TAB to open the file picker GUI and browse for SignTool.exe - -> [!IMPORTANT]\ -> Refer [to this section](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#the-logic-behind-the--signtoolpath-parameter-in-the-module) for more info - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Levels - -Offers the same official [Levels](https://learn.microsoft.com/en-us/powershell/module/configci/new-cipolicy#-level) for scanning event logs and the specified directory path(s). - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | `WHQLFilePublisher` | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Fallbacks - -Offers the same official [Fallbacks](https://learn.microsoft.com/en-us/powershell/module/configci/new-cipolicy#-fallback) for scanning event logs and the specified directory path(s). - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)[]| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | `FilePublisher`,`Hash` | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -LogSize - -Specifies the log size for ***Microsoft-Windows-CodeIntegrity/Operational*** events. The values must be in the form of ``. e.g., 2MB, 10MB, 1GB, 1TB. The minimum accepted value is 1MB which is the default. - -
- -| Type: |[UInt64](https://learn.microsoft.com/en-us/dotnet/api/system.uint64)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -SpecificFileNameLevel - -[More info available on Microsoft Learn](https://learn.microsoft.com/en-us/powershell/module/configci/new-cipolicy#-specificfilenamelevel) - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Accepted values: | `OriginalFileName`, `InternalName`, `FileDescription`, `ProductName`, `PackageFamilyName`, `FilePath` | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -NoUserPEs - -By default, the module includes user PEs in the scan. When you use this switch parameter, they won't be included. [More info available on Microsoft Learn](https://learn.microsoft.com/en-us/powershell/module/configci/new-cipolicy#-userpes) - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -NoScript - -[More info available on Microsoft Learn](https://learn.microsoft.com/en-us/powershell/module/configci/new-cipolicy#-noscript) - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -horizontal super thin rainbow RGB line - -
- -## Edit-SignedWDACConfig -MergeSupplementalPolicies - -## Syntax - -```powershell -Edit-SignedWDACConfig - [-MergeSupplementalPolicies] - -SuppPolicyName - -SuppPolicyPaths - [-PolicyPath ] - [-KeepOldSupplementalPolicies] - [-CertPath ] - [-CertCN ] - [-SignToolPath ] - [] -``` - -## Description - -Merge multiple deployed **Signed** Supplemental policies into 1 and deploy it, remove the individual ones, all happening automatically. - -## Parameters - -### -SuppPolicyName - -Choose a descriptive name for the Supplemental policy that is going to be the merge of multiple policies. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -SuppPolicyPaths - -Path to the Supplemental policies xml files. Supports argument tab completion by showing only Supplemental policy types. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)[]| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -CertPath - -Path to the certificate `.cer` file. Press TAB to open the file picker GUI and browse for a `.cer` file. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -CertCN - -Common name of the certificate - Supports argument completion so you don't have to manually enter the Certificate's CN, just make sure the `-CertPath` is specified and the certificate is installed in the personal store of the user certificates, then press TAB to auto complete the name. You can however enter it manually if you want to. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -PolicyPath - -Browse for the xml file of the Base policy this Supplemental policy is going to expand. Supports tab completion by showing only `.xml` files with **Base Policy** Type. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -SignToolPath - -Press TAB to open the file picker GUI and browse for SignTool.exe - -> [!IMPORTANT]\ -> Refer [to this section](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#the-logic-behind-the--signtoolpath-parameter-in-the-module) for more info - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -KeepOldSupplementalPolicies - -Indicates that the module will not remove the old Supplemental policy xml files after creating and deploying the new merged one. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -horizontal super thin rainbow RGB line - -
- -## Edit-SignedWDACConfig -UpdateBasePolicy - -## Syntax - -```powershell -Edit-SignedWDACConfig - [-UpdateBasePolicy] - -CurrentBasePolicyName - -NewBasePolicyType - [-CertPath ] - [-CertCN ] - [-SignToolPath ] - [-RequireEVSigners] - [] -``` - -## Description - -It can rebootlessly change the type or rule options of the deployed signed base policy. The deployed Supplemental policies will stay intact and continue to work with the new Base policy. - -> [!NOTE]\ -> When switching from a more permissive base policy type to a more restrictive one, make sure your Supplemental policies will continue to work. E.g., if your current base policy type is *AllowMicrosoft* and the one you are switching to is *DefaultWindows*, there *might* be files that will get blocked as a result of this switch. -> -> That's simply because they were allowed by the more permissive *AllowMicrosoft* policy type so they didn't trigger audit logs (in case the supplemental policy was created based on audit logs) thus weren't needed to be included in the Supplemental policy. You will need to update those Supplemental policies if that happens by deleting and recreating them, no immediate reboot required. - -## Parameters - -### -CurrentBasePolicyName - -The name of the currently deployed base policy. It supports tab completion so just press tab to autofill it. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -NewBasePolicyType - -The new type of the base policy to deploy. It supports tab completion so just press tab to autofill it. Supports all 3 main Base policy types. - -> [!NOTE]\ -> If the selected policy type is `DefaultWindows` and the detected PowerShell is not installed through Microsoft Store, the module will scan the PowerShell files and add them to the `DefaultWindows` base policy as allowed files so you will be able to continue using the module after deploying the policy. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Accepted values: | `AllowMicrosoft`, `DefaultWindows`, `SignedAndReputable` | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -CertPath - -Path to the certificate `.cer` file. Press TAB to open the file picker GUI and browse for a `.cer` file. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -CertCN - -Common name of the certificate - Supports argument completion so you don't have to manually enter the Certificate's CN, just make sure the `-CertPath` is specified and the certificate is installed in the personal store of the user certificates, then press TAB to auto complete the name. You can however enter it manually if you want to. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -SignToolPath - -Press TAB to open the file picker GUI and browse for SignTool.exe - -> [!IMPORTANT]\ -> Refer [to this section](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#the-logic-behind-the--signtoolpath-parameter-in-the-module) for more info - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -RequireEVSigners - -Indicates that the created/deployed policy will have [Require EV Signers](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/appcontrol-wizard-create-base-policy#advanced-policy-rules-description) policy rule option. - -* In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All Windows 10 and later, or Windows 11 drivers will meet this requirement. - -
- -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
diff --git a/Wiki posts/WDACConfig Module Main/New-DenyWDACConfig.md b/Wiki posts/WDACConfig Module Main/New-DenyWDACConfig.md deleted file mode 100644 index 4258d0b6f..000000000 --- a/Wiki posts/WDACConfig Module Main/New-DenyWDACConfig.md +++ /dev/null @@ -1,258 +0,0 @@ -# New-DenyWDACConfig available parameters - -## New-DenyWDACConfig -Drivers - -## Syntax - -```powershell -New-DenyWDACConfig - [-Drivers] - -PolicyName - [-ScanLocations ] - [-Deploy] - [-Confirm] - [] -``` - -## Description - -Creates a Deny base policy by scanning a directory, this parameter uses [DriverFile objects](https://learn.microsoft.com/en-us/powershell/module/configci/get-systemdriver) so it's best suitable for driver files. The base policy will have 2 allow all rules, meaning it can be deployed as a standalone base policy, side-by-side any other Base/Supplemental policies. - -> [!NOTE]\ -> The scan uses **WHQLFilePublisher** level without any fallbacks, and includes both usermode and kernel mode drivers. - -## Parameters - -### -PolicyName - -Add a descriptive name for the Deny base policy. Accepts only alphanumeric and space characters. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -ScanLocations - -Accepts one or more comma separated folder paths. Supports argument completion, when you press tab, folder picker GUI will open allowing you to easily select a folder, you can then add a comma `,` and press tab again to select another folder path or paste a folder path manually, works both ways. - -
- -| Type: |[DirectoryInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.directoryinfo)[]| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Deploy - -Indicates that the module will automatically deploy the Deny base policy after creation. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -horizontal super thin rainbow RGB line - -
- -## New-DenyWDACConfig -InstalledAppXPackages - -## Syntax - -```powershell -New-DenyWDACConfig - [-InstalledAppXPackages] - -PackageName - -PolicyName - [-Deploy] - [-Force] - [-Confirm] - [] -``` - -## Description - -Creates a Deny base policy for one or more installed Windows Apps (Appx) based on their PFN (Package Family Name). The base policy will have 2 allow all rules, meaning it can be deployed as a standalone base policy, side-by-side any other Base/Supplemental policies. - -## Parameters - -### -PackageName - -Enter the [package name](https://learn.microsoft.com/en-us/powershell/module/appx/get-appxpackage) of an installed app. Supports wildcard `*` character. e.g, `*Edge*` or `"*Microsoft*"`. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | True | - -
- -
- -### -PolicyName - -Add a descriptive name for the Deny base policy. Accepts only alphanumeric and space characters. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Deploy - -Indicates that the module will automatically deploy the Deny base policy after creation. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Force - -Indicates that the cmdlet won't ask for confirmation and will proceed with creating the deny policy. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -horizontal super thin rainbow RGB line - -
- -## New-DenyWDACConfig -PathWildCards - -![New-DenyWDACConfig -PathWildCards demo](https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Wiki%20APNGs/New-DenyWDACConfig/New-DenyWDACConfig%20-PathWildCards.apng) - -## Syntax - -```powershell -New-DenyWDACConfig - [-PathWildCards] - -PolicyName - -FolderPath - [-Deploy] - [-Confirm] - [] -``` - -## Description - -Creates a Deny standalone base policy for a folder using wildcards. The base policy created by this parameter can be deployed side by side any other base/supplemental policy. - -> [!NOTE]\ -> This feature is also used internally by [the Harden Windows Security Module](https://github.com/HotCakeX/Harden-Windows-Security?tab=readme-ov-file#downloads-defense-measures-). - -## Parameters - -### -PolicyName - -Add a descriptive name for the Deny base policy. Accepts only alphanumeric and space characters. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -FolderPath - -A folder path that includes at least one wildcard `*` character. Press TAB to open the folder picker GUI. Once you selected a folder, you will see the path will have `\*` at the end of it. You can modify the selected path by adding/removing wildcards `*` to it before proceeding. - -
- -| Type: |[DirectoryInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.directoryinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | True | - -
- -
- -### -Deploy - -Indicates that the module will automatically deploy the Deny base policy after creation. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
diff --git a/Wiki posts/WDACConfig Module Main/New-KernelModeWDACConfig.md b/Wiki posts/WDACConfig Module Main/New-KernelModeWDACConfig.md deleted file mode 100644 index a078d91fa..000000000 --- a/Wiki posts/WDACConfig Module Main/New-KernelModeWDACConfig.md +++ /dev/null @@ -1,112 +0,0 @@ -# New-KernelModeWDACConfig available parameters - -## Syntax - -```powershell -New-KernelModeWDACConfig - -Mode - [-Deploy] - [-EVSigners] - [-Base ] - [] -``` - -## Description - -This cmdlet generates a Kernel-mode App Control policy derived from the Default Windows template policy. [You can learn more about that procedure in here.](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection) - -Initially, you need to use the `-Mode Prep` parameter to deploy the base policy in Audit mode, then restart your system. After restarting, event logs are produced for Kernel-mode drivers that are running but would otherwise be blocked if the policy was not deployed in Audit mode. - -Subsequently, you need to use the `-Mode AuditAndEnforce` parameter to generate the final base policy. This parameter will: - -1. Scan all of the event logs that were produced after deploying the audit mode policy on the system -2. Generate a supplemental policy for the drivers detected in event logs -3. Merge the supplemental policy with the Strict Kernel-mode base policy -4. Deploy it as a single base policy, rebootlessly. - -> [!IMPORTANT]\ -> All Kernel-mode drivers are scanned with [WHQLFilePublisher](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/select-types-of-rules-to-create#table-2-app-control-for-business-policy---file-rule-levels) level, so they will not necessitate a policy update when they are updated. - -
- -## Parameters - -### -Mode - -Specifies the mode of operation. The acceptable values for this parameter are: `Prep` and `AuditAndEnforce`. - -* Prep: Deploys the Strict Kernel-mode App Control policy in Audit mode, preparing the system for an Audit. - -* AuditAndEnforce: Audits the system using event logs for any blocked drivers, generates the final Strict Kernel-mode App Control policy. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Deploy - -Indicates that the policy will be deployed. If you want to deploy the final strict kernel-mode base policy Signed, do not use this parameter, Instead just create the policy and then use the [Deploy-SignedWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Deploy-SignedWDACConfig) cmdlet to deploy it. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -EVSigners - -Uses EVSigners policy rule option. If you want to use this parameter, make sure you use it for both `Prep` and `AuditAndEnforce` modes. [Read more about EV Signers](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Notes#policies-with-requiredev-signers-rule-option) - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Base - -The base policy to be used. The acceptable values for this parameter are: `Default` and `NoFlightRoots`. - - -> [!NOTE]\ -> The **NoFlightRoots** value signifies that the Strict Kernel-mode App Control policy will not be deployed with flight root certificates, disallowing you to use insider builds of the OS in the Dev and Canary channels. Insider builds in the Beta and Release Preview channels are signed with production root certificates and will not be affected. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | `Default` | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
diff --git a/Wiki posts/WDACConfig Module Main/New-SupplementalWDACConfig.md b/Wiki posts/WDACConfig Module Main/New-SupplementalWDACConfig.md deleted file mode 100644 index a87c63493..000000000 --- a/Wiki posts/WDACConfig Module Main/New-SupplementalWDACConfig.md +++ /dev/null @@ -1,351 +0,0 @@ -# New-SupplementalWDACConfig available parameters - -## New-SupplementalWDACConfig -PathWildCards - - -## Syntax - -```powershell -New-SupplementalWDACConfig - [-PathWildCards] - -FolderPath - -SuppPolicyName - [-PolicyPath ] - [-Deploy] - [-Confirm] - [] -``` - -## Description - -Creates a Supplemental policy that allows a folder path that includes one or more wildcard `*` character in it. - -## Parameters - -### -FolderPath - -A folder path that includes at least one wildcard `*` character. Press TAB to open the folder picker GUI. Once you selected a folder, you will see the path will have `\*` at the end of it. You can modify the selected path by adding/removing wildcards `*` to it before proceeding. - -
- -| Type: |[DirectoryInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.directoryinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | True | - -
- -
- -### -SuppPolicyName - -Add a descriptive name for the Supplemental policy. Accepts only alphanumeric and space characters. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -PolicyPath - -Browse for the xml file of the Base policy this Supplemental policy is going to expand. -Supports GUI file picker that only shows XML files, press TAB after the parameter to launch it. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Deploy - -Indicates that the module will automatically deploy the Supplemental policy after creation. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### The outputs of the parameter are - -* ***SupplementalPolicy``.xml*** -* ***{GUID}.cip*** - -
- -horizontal super thin rainbow RGB line - -
- -## New-SupplementalWDACConfig -InstalledAppXPackages - -## Syntax - -```powershell -New-SupplementalWDACConfig - [-InstalledAppXPackages] - -PackageName - -SuppPolicyName - [-PolicyPath ] - [-Deploy] - [-Force] - [-Confirm] - [] -``` - -## Description - -Creates a Supplemental policy based on the package name of an installed app. More information at [Microsoft Learn](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/manage-packaged-apps-with-appcontrol) - -## Parameters - -### -PackageName - -Enter the [package name](https://learn.microsoft.com/en-us/powershell/module/appx/get-appxpackage) of an installed app. Supports wildcard `*` character. e.g., `*Edge*` or `"*Microsoft*"`. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | True | - -
- -
- -### -SuppPolicyName - -Add a descriptive name for the Supplemental policy. Accepts only alphanumeric and space characters. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -PolicyPath - -Browse for the xml file of the Base policy this Supplemental policy is going to expand. -Supports GUI file picker that only shows XML files, press TAB after the parameter to launch it. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Deploy - -Indicates that the module will automatically deploy the Supplemental policy after creation. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Force - -Indicates that the cmdlet won't ask for confirmation and will proceed with creating the Supplemental policy. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### The outputs of the parameter are - -* ***SupplementalPolicy``.xml*** -* ***{GUID}.cip*** - -
- -horizontal super thin rainbow RGB line - -
- -## New-SupplementalWDACConfig -Certificates - -## Syntax - -```powershell - New-SupplementalWDACConfig - [-Certificates] - -CertificatePaths - -SuppPolicyName - [-PolicyPath ] - [-Deploy] - [-SigningScenario ] - [] -``` - -## Description - -Creates a Supplemental policy based on the certificate paths. - -* If you select a root CA certificate, it will generate Signer rules based on RootCertificate level which contains TBS Hash only. - -* If you select a non-root CA certificate such as Leaf Certificate or Intermediate certificate, it will generate Signer rules based on LeafCertificate level, that means it will contain TBS Hash as well as the subject name of the selected certificate. - -## Parameters - -### -CertificatePaths - -Browse for the certificate file(s) that you want to use to create the Supplemental policy. Supports file picker GUI by showing only .cer files. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)[]| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | True | - -
- -
- -### -SuppPolicyName - -Add a descriptive name for the Supplemental policy. Accepts only alphanumeric and space characters. - -
- -| Type: |[String](https://learn.microsoft.com/en-us/dotnet/api/system.string)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -PolicyPath - -Browse for the xml file of the Base policy this Supplemental policy is going to expand. -Supports GUI file picker that only shows XML files, press TAB after the parameter to launch it. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| [Automatic:](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig#about-automatic-parameters) | True | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -Deploy - -Indicates that the module will automatically deploy the Supplemental policy after creation. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -SigningScenario - -You can choose one of the following options: "UserMode", "KernelMode" -The certificate will be added to the policy based on the selected scenario. - -
- -| Type: |[SwitchParameter](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.switchparameter)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | `UserMode` | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
diff --git a/Wiki posts/WDACConfig Module Main/Test-CiPolicy.md b/Wiki posts/WDACConfig Module Main/Test-CiPolicy.md deleted file mode 100644 index b9b97a3b1..000000000 --- a/Wiki posts/WDACConfig Module Main/Test-CiPolicy.md +++ /dev/null @@ -1,60 +0,0 @@ -# Test-CiPolicy available parameters - -## Syntax - -```powershell -Test-CiPolicy - -XmlFile - -CipFile - [] -``` - -## Description - -Tests a Code Integrity (App Control) Policy XML file against the Schema file located at: - -```powershell -$Env:SystemDrive\Windows\schemas\CodeIntegrity\cipolicy.xsd -``` - -It returns a boolean value indicating whether the XML file is valid or not. - -It can also be used to display the signer certificates used to sign a `.CIP` binary file. - -## Parameters - -### -XmlFile - -The Code Integrity Policy XML file to test. Supports file picker GUI. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
- -### -CipFile - -The binary Code Integrity Policy file to test for signers. Supports file picker GUI. - -
- -| Type: |[FileInfo](https://learn.microsoft.com/en-us/dotnet/api/system.io.fileinfo)| -| :-------------: | :-------------: | -| Position: | Named | -| Default value: | None | -| Required: | False | -| Accept pipeline input: | False | -| Accept wildcard characters: | False | - -
- -
diff --git a/Wiki posts/WDACConfig Module Main/WDACConfig.md b/Wiki posts/WDACConfig Module Main/WDACConfig.md index ffed1ccd6..a8caaa69f 100644 --- a/Wiki posts/WDACConfig Module Main/WDACConfig.md +++ b/Wiki posts/WDACConfig Module Main/WDACConfig.md @@ -21,15 +21,3 @@ horizontal super thin rainbow RGB line
- -## WDACConfig Module's Table of Content [Deprecated] - -| Cmdlet Guide | Usage | PowerShell Console Help | -| :---: | :---: | :---: | -| [New-SupplementalWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New-SupplementalWDACConfig) | To create and deploy Supplemental policies | `Get-Help New-SupplementalWDACConfig` | -| [Edit-SignedWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Edit-SignedWDACConfig) | To edit deployed signed App Control policies | `Get-Help Edit-SignedWDACConfig` | -| [New-DenyWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New-DenyWDACConfig) | To create a deny mode App Control policy | `Get-Help New-DenyWDACConfig` | -| [New-KernelModeWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New%E2%80%90KernelModeWDACConfig) | To create a Strict Kernel mode App Control policy for [total BYOVD protection](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection) | `Get-Help New-KernelModeWDACConfig` | -| [Test-CiPolicy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Test-CiPolicy) | Tests a Code Integrity (App Control) Policy XML file against the Schema and shows the signers in a signed `.CIP` files | `Get-Help Test-CiPolicy` | - -