From 4e41f63bbce1f2639c113ac8ec114b339dd7e022 Mon Sep 17 00:00:00 2001 From: Violet Hansen Date: Fri, 20 Dec 2024 18:18:52 +0200 Subject: [PATCH] New AppControl Manager docs for wiki New AppControl Manager docs for wiki --- .../AppControl Manager/AppControl Manager.md | 2 ++ .../AppControl Manager/Create Deny Policy.md | 30 +++++++++++++++++++ Wiki posts/AppControl Manager/Sidebar.md | 11 +++++++ Wiki posts/Home Index.md | 23 ++------------ 4 files changed, 45 insertions(+), 21 deletions(-) create mode 100644 Wiki posts/AppControl Manager/Create Deny Policy.md create mode 100644 Wiki posts/AppControl Manager/Sidebar.md diff --git a/Wiki posts/AppControl Manager/AppControl Manager.md b/Wiki posts/AppControl Manager/AppControl Manager.md index 8d5913478..4930afc56 100644 --- a/Wiki posts/AppControl Manager/AppControl Manager.md +++ b/Wiki posts/AppControl Manager/AppControl Manager.md @@ -81,11 +81,13 @@ Please feel free to open a discussion if you have any questions about the build - AppControl Manager Menu Item [Build New Certificate](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Build-New-Certificate) - AppControl Manager Menu Item [Create Policy From Event Logs](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Create-Policy-From-Event-Logs) - AppControl Manager Menu Item [Create Policy From MDE Advanced Hunting](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Create-Policy-From-MDE-Advanced-Hunting) +- AppControl Manager Menu Item [Create Deny Policy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Create-Deny-App-Control-Policy) - AppControl Manager Menu Item [Merge App Control Policies](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Merge-App-Control-Policies) - AppControl Manager Menu Item [Deploy App Control Policy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Deploy-App-Control-Policy) - AppControl Manager Menu Item [Get Code Integrity Hashes](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Get-Code-Integrity-Hashes) - AppControl Manager Menu Item [Get Secure Policy Settings](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Get-Secure-Policy-Settings) - AppControl Manager Menu Item [Update](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Update) +- AppControl Manager Menu Item [Sidebar](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Sidebar) *More features will come very quickly in the near future.* diff --git a/Wiki posts/AppControl Manager/Create Deny Policy.md b/Wiki posts/AppControl Manager/Create Deny Policy.md new file mode 100644 index 000000000..d599fd677 --- /dev/null +++ b/Wiki posts/AppControl Manager/Create Deny Policy.md @@ -0,0 +1,30 @@ +# Create Deny Policy + +Use [AppControl Manager](https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager) to create Deny App Control policies. Keep in mind that App Control is inherently a whitelisting feature so anything that is not allowed by a policy is already automatically blocked. + +All Deny policies have *Base* policy types as other types such as Supplemental cannot have Deny rules in them. + +All Deny policies have 2 allow all rules so that anything not denied by them will be allowed. This is mandatory for the policy to work. This also allows Deny policies to be deployed side by side with other policies, because for a file to be allowed, it must be allowed by all deployed policies. [Read more about side-by-side deployment here](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/deploy-multiple-appcontrol-policies). + +
+ +## Create a Deny Policy by Files or Folders Scan + +With AppControl Manager, you can easily create a Deny base policy by scanning files or folders. + +### Configuration Details + +* **Browse For Files**: Use this button to browse for files on the system. Multiple files can be added at once. + +* **Browse for Folders**: Use this button to browse for folders on the system. Multiple folders can be added at once. + +* **Policy Name**: Enter a name for the Deny policy. You will be able to use this name to detect it after deployment in the **System Information** section of the AppControl Manager. + +* **Scalability**: Use this gauge to set the number of concurrent threads for the scan. By default, 2 threads are used. Increasing this number will speed up the scan but will also consume more system resources. + +* **Select Scan Level**: You can choose from different scan levels. [Refer to this page for all the information about them.](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Rule-Levels-Comparison-and-Guide) + +> [!TIP]\ +> Use the ***View Detected File Details*** section to view highly detailed results of the files and folder scans. + +
diff --git a/Wiki posts/AppControl Manager/Sidebar.md b/Wiki posts/AppControl Manager/Sidebar.md new file mode 100644 index 000000000..c08f42971 --- /dev/null +++ b/Wiki posts/AppControl Manager/Sidebar.md @@ -0,0 +1,11 @@ +# Sidebar + +The [AppControl Manager](https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager) features a versatile Sidebar designed to streamline user interactions and enhance productivity. With the Sidebar, you can select a base policy path once and seamlessly reuse it throughout the app, eliminating the need to repeatedly browse for the file. + +Pages within AppControl Manager that require an XML policy file automatically recognize when a path has been selected in the Sidebar. As you navigate to these pages, subtle indicators appear, prompting you to open the Sidebar and quickly access the pre-selected file path. + +The Sidebar also includes a toggle switch that, when enabled, automatically assigns newly created base policy paths to the Sidebar. This feature further accelerates workflow and minimizes manual input. + +By default, the Sidebar displays the XML policy path specified in the App settings, ensuring immediate access to the main policy you work with. + +
diff --git a/Wiki posts/Home Index.md b/Wiki posts/Home Index.md index 2532bd6f8..834381a93 100644 --- a/Wiki posts/Home Index.md +++ b/Wiki posts/Home Index.md @@ -17,11 +17,13 @@ - AppControl Manager Menu Item [Build New Certificate](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Build-New-Certificate) - AppControl Manager Menu Item [Create Policy From Event Logs](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Create-Policy-From-Event-Logs) - AppControl Manager Menu Item [Create Policy From MDE Advanced Hunting](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Create-Policy-From-MDE-Advanced-Hunting) +- AppControl Manager Menu Item [Create Deny Policy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Create-Deny-App-Control-Policy) - AppControl Manager Menu Item [Merge App Control Policies](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Merge-App-Control-Policies) - AppControl Manager Menu Item [Deploy App Control Policy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Deploy-App-Control-Policy) - AppControl Manager Menu Item [Get Code Integrity Hashes](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Get-Code-Integrity-Hashes) - AppControl Manager Menu Item [Get Secure Policy Settings](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Get-Secure-Policy-Settings) - AppControl Manager Menu Item [Update](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Update) +- AppControl Manager Menu Item [Sidebar](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Sidebar)
@@ -49,27 +51,6 @@
-## [WDACConfig Module Main](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig) - -- [New-WDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New-WDACConfig) -- [New-SupplementalWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New-SupplementalWDACConfig) -- [Remove-WDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Remove-WDACConfig) -- [Edit-WDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Edit-WDACConfig) -- [Edit-SignedWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Edit-SignedWDACConfig) -- [Deploy-SignedWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Deploy-SignedWDACConfig) -- [Confirm-WDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Confirm-WDACConfig) -- [New-DenyWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New-DenyWDACConfig) -- [Set-CommonWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Set-CommonWDACConfig) -- [New-KernelModeWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New%E2%80%90KernelModeWDACConfig) -- [Get-CommonWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Get-CommonWDACConfig) -- [Remove-CommonWDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Remove-CommonWDACConfig) -- [Assert-WDACConfigIntegrity](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Assert-WDACConfigIntegrity) -- [Test-CiPolicy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Test-CiPolicy) -- [Get-CiFileHashes](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Get-CiFileHashes) -- [Get-CIPolicySetting](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Get-CIPolicySetting) - -
- ## [Miscellaneous](#-miscellaneous) - [Create Bootable USB flash drive with no 3rd party tools](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Create-Bootable-USB-flash-drive-with-no-3rd-party-tools)