Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WMIC Deprecation #118

Open
ThioJoe opened this issue Jan 4, 2024 · 11 comments
Open

WMIC Deprecation #118

ThioJoe opened this issue Jan 4, 2024 · 11 comments

Comments

@ThioJoe
Copy link

ThioJoe commented Jan 4, 2024

I was hoping you would consider updating the Windows binaries so that it doesn't use WMIC.exe (Windows Management Instrumentation Command line, and not to be confused with the base "WMI").

WMIC has been deprecated since Windows 10 21H1 and will likely be removed in the future.

Also, wmic.exe is on a list of applications that Microsoft recommends be blocked for security reasons if possible, for those using certain security policies. It says, "Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications." For anyone (including myself) using Windows 11's Smart App Control, which blocks all the files on that list and cannot be overridden, this causes a slight issue.

When WMIC is blocked from running, OpenSpeedTest Server still works, but the GUI window is unable to show the local IP address of the system, so the user would have to figure that out themselves if they don't already know.

Here's what it shows, noting the last line in particular:

OpenSpeedTest-Server : Checking port 3000 status.
OpenSpeedTest-Server : Port 3000 is available.
OpenSpeedTest-Server : Starting...
OpenSpeedTest-Server : Started.
OpenSpeedTest-Server : Failed to get IP Address using port 3000

Also interestingly, the "Start Server" button doesn't change to "Stop Server", but the server is still definitely running and works.

@openspeedtest
Copy link
Owner

OpenSpeedTest-Server is an Electron app that utilizes the "internal-ip" package to ascertain the system's IP address. This "internal-ip" package, in turn, relies on a dependency known as "default-gateway," which employs "wmic."

A discussion regarding this issue is underway within the "default-gateway" repository. A proposed solution using PowerShell has been submitted in the form of a pull request, but it has yet to be merged.

Should "default-gateway" rectify this issue, we can proceed with updating the apps accordingly. However, if the issue persists, we shall address it in the subsequent major release by either forking "internal-ip" and implementing a fix ourselves or opting for an alternative package that functions without "wmic."

To reproduce this issue, we need to enable Smart App Control, correct? I am going to replicate this and explore other options that can be used to fix this issue as soon as possible.

@ThioJoe
Copy link
Author

ThioJoe commented Jan 5, 2024

Ah ok I see. Yea again not a huge deal since the program still works and probably doesn't affect many users, but figured I'd mention it.

To reproduce you wouldn't necessarily need to enable smart app control or Windows Defender Application Control (SAC is basically a special made policy using WDAC). Any method that 'blocks' it from running could work. The thing about Smart App Control is Microsoft decided to make it so you can only enable it immediately after a clean install of Windows, and if you ever disable it you can't enable it again.

The easier way I'm aware of would be using AppLocker which is a feature built into Windows 10/11 Pro (it uses Group Policy Editor which isn't in Home edition). AppLocker is a whitelisting feature that is the predecessor to WDAC but a lot easier to set up. It basically just lets you restrict what can run on the system by letting you create rules where something can only run if you create a specific rule to allow it, but you can also create rules to block specific stuff too. So you can just make a rule to block wmic.exe to test.

Here's a simple walkthrough which should be the fastest way to reproduce. The steps are simple but I'll add some contextual info that might make it seem more complicated than it is.

  1. Open Group Policy Editor (Just search the start menu for gpedit.msc )

  2. In the group policy editor to go: Computer Configuration > Windows Settings > Security Settings > Application Control Policies > AppLocker > Executable Rules

image

Then in the right side there won't be any executable rules yet, so AppLocker won't be active until there's at least one. Before creating a rule to block wmic.exe you'll want to create a rule to just allow all exe's so it doesn't interfere with the rest of your system. Basically with applocker active (meaning there's at least one rule), a program can only run if there is a rule explicitly allowing it. So if you were to just go and create a wmic.exe blocking rule, actually it wouldn't allow any other exes to run without making a rule to allow them, so we can just do that first.

  1. In the right hand side with executable rules selected, right click and hit 'create new rule' > Keep 'Allow' selected and hit 'Next' > Then select 'Path' and hit next > In the path box, just simply put an asterisk ( * ) and hit next > on exceptions page just hit next > Then you can name the rule whatever you want and hit Create.

See here as an example:

Create.wildcard.rule.mp4

That basically creates a rule that just allows any exe to run, which in your case where AppLocker wasn't enabled before, will actually mean it will make no difference, since without AppLocker everything was allowed by default anyway.

  1. Next right click to create another rule, but this time on the permissions page select "Deny" action > Then select 'Path' type rule like before > then in the path box this time put *\wmic.exe . (Note it has to be a backslash, it wont let you put a forward slash) then hit next > Again on the exceptions page hit next without changing anything > Then name the rule whatever you want and hit Create.

Now you'll have 2 rules, one allowing all exe's, but one blocking wmic.exe, but Deny rules always overrule the Allow rules so now it effectively only blocks wmic.exe from running. If you delete all the rules it should just revert to disabling AppLocker altogether.

  1. One possible thing you might have to do, is back on the left side of the window with the tree (where Executable Rules was selected), right click "AppLocker", click "Properties", then where it has the Executable Rules "Configured" check box, check that and in the dropdown hit "Enforce Rules" and hit OK.
image

This step might not even be necessary but worth knowing about. In the dropdown you can also select "Audit Only" if you want to disable AppLocker without having to delete the rules.

Also note that there are other sections like 'Windows Installer Rules' and 'Script Rules'. Those all get activated independently, so as long as you don't create any rules in there they won't be affected so you don't have to worry about those.


As a side note, if you happen to be interested in learning everything else about AppLocker I also made a huge tutorial here, but that is definitely overkill for this purpose lol.

@openspeedtest
Copy link
Owner

@ThioJoe I reproduced this issue; I enabled SmartAppControl, and everything worked fine. However, after a Windows update, I encountered the same error as you did. I modified the default-gateway package using the changes from the deleted pull request, and it is working on my machine. I need to test this on Windows 10, etc. I have not bumped up the version number. As I mentioned, I need more testing.
https://openspeedtest.com/downloads/OpenSpeedTest-Server%202.1.8-PowerShell.exe

@openspeedtest
Copy link
Owner

Your Must have a default gateway and IP addresses
wmic issue is very rare. If that is the problem try https://openspeedtest.com/downloads/OpenSpeedTest-Server%202.1.8-PowerShell.exe

@openspeedtest
Copy link
Owner

@dw5 Also check firewall rules.

@ronald-mendoza
Copy link

ronald-mendoza commented Jun 26, 2024

FYI, wmic.exe is no longer available on a clean install of Windows 11 version 24H2 (Build 26100.863) Release Preview. (Not sure if it remains and/or is functional on an upgrade in-place.)

The PowerShell test version does seem to work.

@ronald-mendoza
Copy link

The test version also seems to work for me on Windows 10 version 22H2.

@ronald-mendoza
Copy link

FYI, I upgraded one of my systems in place to the 24H2 Release Preview (26100.1000) and wmic.exe is still there and functional.

@CRK1918
Copy link

CRK1918 commented Oct 10, 2024

On my latest Windows 11 system, only the test version work for me as well.

@ManuFlosoYT
Copy link

{5C2A7590-9E05-4ECC-8174-8B09075F5ED3}
Im having this issue from both "OpenSpeedTest-Server 2.1.8-PowerShell.exe" and "OpenSpeedTest-Server_2.1.8.exe", im on Windows 11 with this build number
winver

@vanclute
Copy link

vanclute commented Dec 7, 2024

Ditto here, can't get the IP address on a brand new Windows 11 machine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants