From 6d71b7317e02cb1503062d1167163aef58c0df11 Mon Sep 17 00:00:00 2001 From: Violet Date: Thu, 7 Dec 2023 07:46:50 -0930 Subject: [PATCH] Converted a scriptblock to function --- .../Core/Edit-SignedWDACConfig.psm1 | 4 ++-- .../Core/Edit-WDACConfig.psm1 | 4 ++-- .../Core/New-WDACConfig.psm1 | 6 +++--- .../Resources/Resources.ps1 | 15 ++++++++++----- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/WDACConfig/WDACConfig Module Files/Core/Edit-SignedWDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/Core/Edit-SignedWDACConfig.psm1 index 33e0bca2c..f7fffd632 100644 --- a/WDACConfig/WDACConfig Module Files/Core/Edit-SignedWDACConfig.psm1 +++ b/WDACConfig/WDACConfig Module Files/Core/Edit-SignedWDACConfig.psm1 @@ -878,8 +878,8 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item } if ($UpdateBasePolicy) { - # First get the Microsoft recommended driver block rules - Invoke-Command -ScriptBlock $GetBlockRulesSCRIPTBLOCK | Out-Null + # First get the Microsoft recommended block rules + Get-BlockRulesMeta | Out-Null switch ($NewBasePolicyType) { 'AllowMicrosoft_Plus_Block_Rules' { diff --git a/WDACConfig/WDACConfig Module Files/Core/Edit-WDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/Core/Edit-WDACConfig.psm1 index c64c01949..5bb0ebd32 100644 --- a/WDACConfig/WDACConfig Module Files/Core/Edit-WDACConfig.psm1 +++ b/WDACConfig/WDACConfig Module Files/Core/Edit-WDACConfig.psm1 @@ -750,8 +750,8 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item } if ($UpdateBasePolicy) { - # First get the Microsoft recommended driver block rules - Invoke-Command -ScriptBlock $GetBlockRulesSCRIPTBLOCK | Out-Null + # First get the Microsoft recommended block rules + Get-BlockRulesMeta | Out-Null switch ($NewBasePolicyType) { 'AllowMicrosoft_Plus_Block_Rules' { diff --git a/WDACConfig/WDACConfig Module Files/Core/New-WDACConfig.psm1 b/WDACConfig/WDACConfig Module Files/Core/New-WDACConfig.psm1 index 52fd62d47..e17a5a78c 100644 --- a/WDACConfig/WDACConfig Module Files/Core/New-WDACConfig.psm1 +++ b/WDACConfig/WDACConfig Module Files/Core/New-WDACConfig.psm1 @@ -152,7 +152,7 @@ function New-WDACConfig { param([System.Boolean]$NoCIP) # Get the latest Microsoft recommended block rules - Invoke-Command -ScriptBlock $GetBlockRulesSCRIPTBLOCK | Out-Null + Get-BlockRulesMeta | Out-Null Copy-Item -Path 'C:\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowMicrosoft.xml' -Destination 'AllowMicrosoft.xml' Merge-CIPolicy -PolicyPaths .\AllowMicrosoft.xml, 'Microsoft recommended block rules.xml' -OutputFilePath .\AllowMicrosoftPlusBlockRules.xml | Out-Null [System.String]$PolicyID = Set-CIPolicyIdInfo -FilePath .\AllowMicrosoftPlusBlockRules.xml -PolicyName "Allow Microsoft Plus Block Rules - $(Get-Date -Format 'MM-dd-yyyy')" -ResetPolicyID @@ -185,7 +185,7 @@ function New-WDACConfig { [System.Management.Automation.ScriptBlock]$MakeDefaultWindowsWithBlockRulesSCRIPTBLOCK = { param([System.Boolean]$NoCIP) - Invoke-Command -ScriptBlock $GetBlockRulesSCRIPTBLOCK | Out-Null + Get-BlockRulesMeta | Out-Null Copy-Item -Path 'C:\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Enforced.xml' -Destination 'DefaultWindows_Enforced.xml' [System.Boolean]$global:MergeSignToolPolicy = $false @@ -551,7 +551,7 @@ function New-WDACConfig { # Deploy the latest block rules { $GetBlockRules -and $Deploy } { & $DeployLatestBlockRulesSCRIPTBLOCK; break } # Get the latest block rules - $GetBlockRules { & $GetBlockRulesSCRIPTBLOCK; break } + $GetBlockRules { Get-BlockRulesMeta ; break } # Deploy the latest driver block rules { $GetDriverBlockRules -and $Deploy } { & $DeployLatestDriverBlockRulesSCRIPTBLOCK; break } # Get the latest driver block rules diff --git a/WDACConfig/WDACConfig Module Files/Resources/Resources.ps1 b/WDACConfig/WDACConfig Module Files/Resources/Resources.ps1 index e0748ed51..e9d4555e6 100644 --- a/WDACConfig/WDACConfig Module Files/Resources/Resources.ps1 +++ b/WDACConfig/WDACConfig Module Files/Resources/Resources.ps1 @@ -396,9 +396,15 @@ $RuleRefsContent return $EmptyPolicy } - -# Gets the latest Microsoft Recommended block rules, removes its allow all rules and sets HVCI to strict -[System.Management.Automation.ScriptBlock]$GetBlockRulesSCRIPTBLOCK = { +Function Get-BlockRulesMeta { + <# + .SYNOPSIS + Gets the latest Microsoft Recommended block rules, removes its allow all rules and sets HVCI to strict + .INPUTS + System.Void + .OUTPUTS + PSCustomObject + #> [System.String]$Rules = (Invoke-WebRequest -Uri $MSFTRecommendeBlockRulesURL -ProgressAction SilentlyContinue).Content -replace "(?s).*``````xml(.*)``````.*", '$1' -replace '|', '' $Rules | Out-File '.\Microsoft recommended block rules TEMP.xml' # Removing empty lines from policy file @@ -406,12 +412,11 @@ $RuleRefsContent Remove-Item -Path '.\Microsoft recommended block rules TEMP.xml' -Force Set-RuleOption -FilePath '.\Microsoft recommended block rules.xml' -Option 3 -Delete Set-HVCIOptions -Strict -FilePath '.\Microsoft recommended block rules.xml' - [PSCustomObject]@{ + return [PSCustomObject]@{ PolicyFile = 'Microsoft recommended block rules.xml' } } - function Confirm-CertCN { <# .SYNOPSIS