AppControl Manager v.1.7.0.0

[HotCakeX]

What's New

Important

How To Install: Copy and Paste this command in an elevated PowerShell. (Technical explanation available here)

(irm 'https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/Harden-Windows-Security.ps1')+'AppControl'|iex

Navigation

• New Sidebar: Added a sidebar on the right side of the app, hosting multiple useful features for improved accessibility and functionality.

• Search Bar Relocation: Moved the search bar to the center of the title bar for a more consistent experience with other Windows apps.

• Enhanced Search: Improved search functionality to support spaces after keywords for more accurate results.

• Resizable Navigation: Made the main navigation on the left side resizable with a draggable area for better customization.

• Breadcrumb Navigation: Introduced a breadcrumb bar that displays the current path and allows easy navigation to previous pages, similar to Windows Settings.

• Title Bar Enhancements: Added the app logo and app title to the title bar. The title is responsive and adapts to window width changes.

• Menu & Back Button Relocation: Moved the menu and back buttons to the title bar to make better use of available space.

• Sidebar Toggle Button: Added a button to the title bar to quickly open and close the sidebar. Its icon and text is dynamic based on the sidebar state.

• Navigation Bug Fix: Fixed an issue where the main navigation would become unresponsive to width changes if you switched the navigation style from "left" to "top" and back to "left" in the settings.

• Navigation Logic Improvements: Substantially improved the internal logic for the main navigation.

• Menu Selection Fix: Resolved an issue where navigating back to Settings or one of the footer pages using the back button wouldn't update the menu's selected item properly.

• Improved Menu Flyout in the System Information page -> Improved MenuFlyout #452

Sidebar

The AppControl Manager features a versatile Sidebar designed to streamline user interactions and enhance productivity. With the Sidebar, you can select a base policy path once and seamlessly reuse it throughout the app, eliminating the need to repeatedly browse for the file.

Pages within AppControl Manager that require an XML policy file automatically recognize when a path has been selected in the Sidebar. As you navigate to these pages, subtle indicators appear, prompting you to open the Sidebar and quickly access the pre-selected file path.

The Sidebar also includes a toggle switch that, when enabled, automatically assigns newly created base policy paths to the Sidebar. This feature further accelerates workflow and minimizes manual input.

By default, the Sidebar displays the XML policy path specified in the App settings, ensuring immediate access to the main policy you work with.

Dedicated document page

Deny Policy Creation

Use AppControl Manager to create Deny App Control policies. Keep in mind that App Control is inherently a whitelisting feature so anything that is not allowed by a policy is already automatically blocked.

All Deny policies have Base policy types as other types such as Supplemental cannot have Deny rules in them.

All Deny policies have 2 allow all rules so that anything not denied by them will be allowed. This is mandatory for the policy to work. This also allows Deny policies to be deployed side by side with other policies, because for a file to be allowed, it must be allowed by all deployed policies. Read more about side-by-side deployment here.

Continue reading here

Local File Scan

• Improved the local file scan feature to handle files with corrupt Opus data more effectively.

• Gracefully handles files with tampered certificates and hash mismatches by creating hash-based rules for them. Previously, such files would trigger an error, but they are now processed smoothly. When encountered during scans, these files are logged accordingly.

• Improved the local file scan feature to manage inaccessible, unavailable, and non-existent files, including OS drives, kernel-protected drives, files in use by other processes, and volatile or temporary files that no longer exist during the scan phase. Each of these files is logged with a clear reason for being skipped.

• Substantially enhanced file enumeration logic with more efficient, multi-threaded algorithms. For example, the entire OS drive containing millions of files can now be enumerated in a significantly shorter period of time. Use the Scalability gauge in Supplemental or Deny policy creation pages to control the number of threads used for file scans. Together, they allow you to create a policy for the entire OS drive in just a few minutes.

Other Changes

• The AppControl Manager can now be updated when installed on Windows Sandbox or when you try to use a custom MSIX file as update source on it.

• Adding, removing and setting rule options in the "Configure Policy Rule Options" page are now asynchronous and responsive. Also removed the text box that shows the selected XML policy path. The browse button's behavior is now consistent with the rest of the UI. You will see the selected file path after you use the browse button as a flyout with a clear button.

• Added depth and subtle shadows to the "Allow New Apps" page borders to make the currently active section more obvious.

Technical Changes

• Switched to file-scoped namespace declarations.

• Implemented new code style enforcements.

• Changed folder structures to match namespaces.

---

• This PR will address the following feature requests:

  • AppControl Manager Feature Request: The ability to create Deny rules #454

• It will also address the following discussions' requests

  • AppControl Manager: What is the best way to add a new 'deny' entry to a base policy? #439
  • AppControl Manager: Some options such as 'Managed installer' missing; could this be added as an option for base policies? #437

Note

As mentioned at the top, please refer to this page for installation instructions.