Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WDACConfig module v0.2.9 #175

Merged
merged 23 commits into from
Jan 2, 2024
Merged

WDACConfig module v0.2.9 #175

merged 23 commits into from
Jan 2, 2024

Conversation

HotCakeX
Copy link
Owner

@HotCakeX HotCakeX commented Dec 30, 2023
edited
Loading

What's Changed

  1. New feature: the ability to download the latest version of the SignTool.exe from official Microsoft servers. If the path for SignTool.exe was not specified in any of the relevant cmdlets, if it wasn't detected automatically on the system, or if it did not exist in the user configurations file, you will be offered this option automatically.
  2. New feature: the ability to generate certificates for signing WDAC policies. You no longer need to install Windows Server to generate a certificate for yourself, now you can use the new cmdlet Build-WDACCertificate to automate the entire process in just few seconds. The certificate's private 🗝 will be securely stored on the system using Virtualization based Security 🔐.
  3. The WDACConfig module is almost completely self-sufficient and can handle all of the tasks required for Windows Defender Application Control management in an environment on its own. You can manage your computer's security without leaving the PowerShell window. Also, many of the module's features can be used non-interactively or in headless mode, meaning you can pre-configure the parameters and use the features at scale without the need for individual user inputs.
  4. New feature: the capability to create a deny policy based on a directory path with wildcard(s): New-DenyWDACConfig -PathWildCards. This unveils many new opportunities. One of them is deploying a deny policy that blocks anything from executing in the Downloads directory, so if you inadvertently download a malware that is programmed to autorun after downloading then it will fail because nothing will be executed in the Downloads directory. You will have to manually transfer a trustworthy file to another location and then execute it. Of course, you can diversify and use this special policy with other kinds of policies on the system. You can also use this kind of policy with guidelines from my other repository that is for Privacy, Anonymity and Compartmentalization, by creating wildcard block rules for directory paths that contain files that are only intended to run in their assigned Windows Sandboxes and shouldn't be permitted to run on the host.

@HotCakeX
New feature: Added automatic SignTool.exe download
d53d245 
The SignTool.exe can now be downloaded from the official Microsoft server if user doesn't have it.
@HotCakeX
Added a new shared resource: Compare-SecureString
7229d31
@HotCakeX
Added check for duplicate Common names on the system
4b2d823
@HotCakeX
Added authorization for running updater from new cmdlet
d1359e1
@HotCakeX
Created a new cmdlet: Build-WDACCertificate
79db845 
This is used for generating self signed certificates

Now the WDACConfig module is completely self-sufficient and can handle all of the tasks related to Windows Defender Application Control management in an environment  on its own.
@HotCakeX HotCakeX added the Enhancement 💯 New feature or request label Dec 30, 2023
@HotCakeX HotCakeX self-assigned this Dec 30, 2023
@HotCakeX
Merge branch 'main' into WDACConfig-module-v.0.2.9
0c9da32
@HotCakeX
Signature update
929fe81
@HotCakeX
Added dash (-) to the allowed chars in policy name
8aed22a
@HotCakeX
Added max length validation for policy names
ad31b18
@HotCakeX
Enabled service modification to run in async mode
ec6ba40
@HotCakeX
Added wildcard blocking to New-DenyWDACConfig
9eece9e
@HotCakeX
Improved verbose messages for Update-self
dd5a1ba
@HotCakeX
Improved some messages in verbose and error stream
4e0aa14
@HotCakeX
Added auto Cert CN assignment to Get-SignTool
7dc1aa3 
For user configurations
@HotCakeX
Added a message at the end of Build-WDACCertificate
0f3b5ad
@HotCakeX
Improved the Get-CommonWDACConfig cmdlet
413a7b4 
improved how the user configs are processed and what type of output is returned for empty values.
@HotCakeX
Improved user config handling
03c2922
@HotCakeX
Improved error messages and user config handling
a37ab1a
@HotCakeX
removing trailing white space
012d1e7
@HotCakeX
Improved cmdlets' help sections
7d3523a
@HotCakeX
Improved Method1 in Build-WDACCertificate
d54a5e0
@HotCakeX
version increase
01aa8ff
@HotCakeX
Merge branch 'main' into WDACConfig-module-v.0.2.9
513e2ad
@HotCakeX HotCakeX merged commit 0ef09e4 into main Jan 2, 2024
2 checks passed
@HotCakeX HotCakeX deleted the WDACConfig-module-v.0.2.9 branch January 2, 2024 09:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@HotCakeX HotCakeX

Labels
Enhancement 💯 New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@HotCakeX