COMException when querying WMI

[kapad]

Tools category

Harden Windows Security Module

Does Your System Meet The Requirements?

• Yes, I acknowledge that I've read the requirements and my system meets them. 👍

Is your Windows Installation Genuine?

• Yes, I acknowledge that the installation media of the Windows OS I used the tool on was downloaded from the official Microsoft website and I didn't tamper or modify it. 💯

Did You Read The Frequently Asked Questions?

• Yes, I've referred to the FAQs and my issue is not covered/explained in there.

Please Explain The Bug

The Harden Windows Security Module crashed and the error message requested I copy the log of the script and report it.

Error Details

MethodInvocationException: Exception calling "Run" with "1" argument(s): ""


ErrorRecord                 : Exception calling "Run" with "1" argument(s): ""
WasThrownFromThrowStatement : False
TargetSite                  : Void CheckActionPreference(System.Management.Automation.Language.FunctionContext,
                              System.Exception)
Message                     : Exception calling "Run" with "1" argument(s): ""
Data                        : {[System.Management.Automation.Interpreter.InterpretedFrameInfo,
                              System.Management.Automation.Interpreter.InterpretedFrameInfo[]]}
InnerException              : System.Runtime.InteropServices.COMException (0x800706BE)
                                 at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
                                 at System.Linq.Enumerable.CastIterator[TResult](IEnumerable source)+MoveNext()
                                 at HardenWindowsSecurity.MDM.<>c__DisplayClass1_1.<GetAsync>b__0()
                                 at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread
                              threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object
                              state)
                              --- End of stack trace from previous location ---
                                 at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread
                              threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object
                              state)
                                 at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread
                              threadPoolThread)
                              --- End of stack trace from previous location ---
                                 at HardenWindowsSecurity.MDM.GetAsync()
                                 at HardenWindowsSecurity.MDM.Get()
                                 at HardenWindowsSecurity.MDMClassProcessor.Process()
                                 at HardenWindowsSecurity.Initializer.Initialize(String VerbosePreference, Boolean
                              IsConfirmationDuringRunTime)
                                 at
                              HardenWindowsSecurity.GUIMain.NavigationVM.<>c__DisplayClass4_0.<ConfirmView>b__10()
                                 at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread
                              threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object
                              state)
                              --- End of stack trace from previous location ---
                                 at System.Threading.ExecutionContext.RunFromThreadPoolDispatchLoop(Thread
                              threadPoolThread, ExecutionContext executionContext, ContextCallback callback, Object
                              state)
                                 at System.Threading.Tasks.Task.ExecuteWithThreadLocal(Task& currentTaskSlot, Thread
                              threadPoolThread)
                              --- End of stack trace from previous location ---
                                 at HardenWindowsSecurity.GUIMain.NavigationVM.<>c__DisplayClass4_0.<<ConfirmView>b__7>
                              d.MoveNext()
                              --- End of stack trace from previous location ---
                                 at System.Threading.Tasks.Task.<>c.<ThrowAsync>b__128_0(Object state)
                                 at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
                              Object args, Int32 numArgs)
                                 at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate
                              callback, Object args, Int32 numArgs, Delegate catchHandler)
                                 at System.Windows.Threading.DispatcherOperation.InvokeImpl()
                                 at MS.Internal.CulturePreservingExecutionContext.CallbackWrapper(Object obj)
                                 at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext,
                              ContextCallback callback, Object state)
                              --- End of stack trace from previous location ---
                                 at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext,
                              ContextCallback callback, Object state)
                                 at
                              MS.Internal.CulturePreservingExecutionContext.Run(CulturePreservingExecutionContext
                              executionContext, ContextCallback callback, Object state)
                                 at System.Windows.Threading.DispatcherOperation.Invoke()
                                 at System.Windows.Threading.Dispatcher.ProcessQueue()
                                 at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr hwnd, Int32 msg, IntPtr
                              wParam, IntPtr lParam, Boolean& handled)
                                 at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam,
                              Boolean& handled)
                                 at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
                              Object args, Int32 numArgs)
                                 at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate
                              callback, Object args, Int32 numArgs, Delegate catchHandler)
                                 at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(DispatcherPriority priority,
                              TimeSpan timeout, Delegate method, Object args, Int32 numArgs)
                                 at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr hwnd, Int32 msg, IntPtr wParam,
                              IntPtr lParam)
                                 at MS.Win32.UnsafeNativeMethods.DispatchMessage(MSG& msg)
                                 at System.Windows.Threading.Dispatcher.PushFrameImpl(DispatcherFrame frame)
                                 at System.Windows.Application.RunDispatcher(Object ignore)
                                 at System.Windows.Application.RunInternal(Window window)
                                 at CallSite.Target(Closure, CallSite, Application, Window)
HelpLink                    :
Source                      : System.Management.Automation
HResult                     : -2146233087
StackTrace                  :    at
                              System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext
                              funcContext, Exception exception)
                                 at
                              System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame
                              frame)
                                 at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(Interp
                              retedFrame frame)
                                 at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(Interp
                              retedFrame frame)

MyCommand             :
BoundParameters       : {}
UnboundArguments      : {}
ScriptLineNumber      : 325
OffsetInLine          : 17
HistoryId             : 2
ScriptName            : C:\Users\dev\Documents\PowerShell\Modules\Harden-Windows-Security-Module\0.7.0\Core\Protect-Win
                        dowsSecurity.psm1
Line                  :                 [System.Void]
                        [HardenWindowsSecurity.GUIMain]::app.Run([HardenWindowsSecurity.GUIMain]::mainGUIWindow)

Statement             : [System.Void]
                        [HardenWindowsSecurity.GUIMain]::app.Run([HardenWindowsSecurity.GUIMain]::mainGUIWindow)
PositionMessage       : At C:\Users\dev\Documents\PowerShell\Modules\Harden-Windows-Security-Module\0.7.0\Core\Protect-
                        WindowsSecurity.psm1:325 char:17
                        + …             [System.Void] [HardenWindowsSecurity.GUIMain]::app.Run([H …
                        +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PSScriptRoot          : C:\Users\dev\Documents\PowerShell\Modules\Harden-Windows-Security-Module\0.7.0\Core
PSCommandPath         : C:\Users\dev\Documents\PowerShell\Modules\Harden-Windows-Security-Module\0.7.0\Core\Protect-Win
                        dowsSecurity.psm1
InvocationName        :
PipelineLength        : 0
PipelinePosition      : 0
ExpectingInput        : False
CommandOrigin         : Internal
DisplayScriptPosition :

[HotCakeX]

The error message is suggesting there was a problem querying system information for compliance check, it's related to WMI/CIM operations. Do you see it every time you run the module?

[HotCakeX]

Just to double check, are you sure your system meets the requirements? Such as not having any 3rd party antivirus or security solution that could interfere with the Microsoft Defender or the module's operations? Or maybe you had one installed but then removed it and its leftovers are causing problem?

This is a COMException that doesn't normally happen.

[kapad]

Just to double check, are you sure your system meets the requirements?

As far as I can tell, yes.

The current state of my system is,

• Clean Windows install from a recovery USB.
  • I am using a SurfacePro 6 which is running Windows 11 Pro.
• Ran https://github.com/Raphire/Win11Debloat to debloat the system to just the essentials that I need.
• Installed a password manager (keepassxc), PowerToys, and Sysinternal tools.
• Installed Windows.PowerShell, Windows.Terminal, Google.Chrome, and, Mozilla.Firefox
• Ran the Harden-Windows-Security and am right now trying to ensure that my system is "secure enough" to be used as a home server.

Is there any Microsoft or 3rd party application that you want me to check for specifically?

Note: I successfully ran the script several times. I've run into the above issue just once. Re-launching to script and running it again worked, and I wasn't able to reproduce the issue.

[HotCakeX]

Thanks, so in all my tests i use the non-modified OS on a supported hardware to make sure everything works and runs normally, allows me to catch any unexpected bugs too before releasing an update.

3rd party scripts or debloaters are considered OS modifications that I can't test for because they can cause unexpected behaviors or modifications that are not recommended. So the only bugs i can fix are ones that are reproducible on normal OS installation.

I'm planning to add features to the module soon that will allow removing features, apps, telemetry etc. but all according to recommended methods to make sure nothing will be broken.

You can go one step further than the module's features and use App Control policies on your system using the AppControl Manager app: https://github.com/HotCakeX/Harden-Windows-Security/wiki/AppControl-Manager

Documentation: https://github.com/HotCakeX/Harden-Windows-Security/wiki/Introduction