Skip to content

Commit

Permalink
AppControl Manager v.1.8.9.0 (#588)
Browse files Browse the repository at this point in the history 
The AppControl Manager can now be natively installed on non-X64 platforms such as ARM64. It no longer uses MSIX files, it uses MSIXBundle files which include the MSIX files for multiple platforms, making the installation simpler and more straightforward.

The Logs page no longer has a file size limit. It will display log files of any size in an optimized and high-performance way.

The Logs folder would previous be automatically cleaned up when it reached 100MB. The new limit is now set to 1GB.

Removed the color pickers from the Logs page which resulted in the removal of an extra dependency package from the application. They were used to control the logs text color and highlight color which are no longer needed. Now, the text color is defined by your OS theme which makes it more accessible and readable, and the highlight color is defined by your OS accent color.

Significantly improved the search experience in the Logs page.

FilePath or Wildcard FilePath rules are no longer created for kernel-mode files because only user-mode files can be allowed/denied via File Path. Using FilePath rules for kernel-mode files simply has no effect.

✨You can now effortlessly swap any deployed policy in the System Information page. For example, if you have the "Allow Microsoft" policy deployed and you want to change it instantly to "Default Windows", you can select "Default Windows" from the dropdown menu and confirm the action. All of the supplemental policies associated with that base policy will continue to work. At the moment this feature only works for unsigned policies and will cover signed policies in a future version.

In the MDE Advanced Hunting page, added a new section where you can view query examples that generate standard logs compatible with the AppControl Manager, as suggested here.
  • Loading branch information
@HotCakeX
HotCakeX authored Feb 9, 2025
1 parent 99607fa commit 6ed0ff2
Show file tree
Hide file tree
Showing 49 changed files with 762 additions and 856 deletions.
65 changes: 65 additions & 0 deletions AppControl Manager/App.xaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
x:Class="AppControlManager.App"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
xmlns:animations="using:CommunityToolkit.WinUI.Animations"
xmlns:local="using:AppControlManager">
<Application.Resources>
<ResourceDictionary>
Expand All @@ -11,6 +12,70 @@
<!-- Other merged dictionaries here -->
</ResourceDictionary.MergedDictionaries>
<!-- Other app resources here -->


<!-- These styles can be referenced to create a consistent SettingsPage layout -->
<!-- Spacing between cards -->
<x:Double x:Key="SettingsCardSpacing">4</x:Double>
<!-- Style (inc. the correct spacing) of a section header -->
<Style x:Key="SettingsSectionHeaderTextBlockStyle"
BasedOn="{StaticResource BodyStrongTextBlockStyle}"
TargetType="TextBlock">
<Style.Setters>
<Setter Property="Margin" Value="1,30,0,6" />
</Style.Setters>
</Style>


<Style x:Key="GridCardStyle" TargetType="Border">
<Style.Setters>
<Setter Property="Background" Value="{ThemeResource CardBackgroundFillColorDefaultBrush}" />
<Setter Property="BorderThickness" Value="1" />
<Setter Property="BorderBrush" Value="{ThemeResource CardStrokeColorDefaultBrush}" />
<Setter Property="CornerRadius" Value="{StaticResource OverlayCornerRadius}" />
</Style.Setters>
</Style>


<Style x:Key="PanelStyle"
TargetType="StackPanel">
<Setter Property="CornerRadius" Value="8" />
<Setter Property="Padding" Value="0" />
<Setter Property="Margin" Value="0,8,0,8" />
<Setter Property="BorderThickness" Value="0" />
<Setter Property="BorderBrush" Value="{ThemeResource CardStrokeColorDefaultBrush}" />
<Setter Property="Orientation" Value="Horizontal" />
<Setter Property="HorizontalAlignment" Value="Center" />
<Setter Property="Spacing" Value="8" />
<Setter Property="animations:Implicit.HideAnimations" Value="{StaticResource ShowTransitions}" />
</Style>



<animations:ImplicitAnimationSet x:Name="ShowTransitions">
<animations:OffsetAnimation EasingMode="EaseOut"
From="0,24,0"
To="0"
Duration="0:0:0.4" />
<animations:OpacityAnimation EasingMode="EaseOut"
From="0"
To="1"
Duration="0:0:0.2" />
</animations:ImplicitAnimationSet>
<animations:ImplicitAnimationSet x:Name="HideTransitions">
<animations:OffsetAnimation EasingMode="EaseOut"
From="0"
To="0,24,0"
Duration="0:0:0.2" />
<animations:OpacityAnimation EasingMode="EaseOut"
From="1"
To="0"
Duration="0:0:0.1" />
</animations:ImplicitAnimationSet>




</ResourceDictionary>
</Application.Resources>
</Application>
1 change: 0 additions & 1 deletion AppControl Manager/AppControl Manager.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,6 @@
<!-- Nuget packages -->
<ItemGroup>
<PackageReference Include="CommunityToolkit.WinUI.Animations" Version="8.1.240916" />
<PackageReference Include="CommunityToolkit.WinUI.Controls.ColorPicker" Version="8.1.240916" />
<PackageReference Include="CommunityToolkit.WinUI.Controls.Primitives" Version="8.1.240916" />
<PackageReference Include="CommunityToolkit.WinUI.Controls.RadialGauge" Version="8.1.240916" />
<PackageReference Include="CommunityToolkit.WinUI.Controls.Segmented" Version="8.1.240916" />
Expand Down
14 changes: 0 additions & 14 deletions AppControl Manager/CustomUIElements/SigningDetailsDialog.xaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,20 +20,6 @@
BorderBrush="{ThemeResource AccentFillColorDefaultBrush}">

<ContentDialog.Resources>
<!-- These styles can be referenced to create a consistent SettingsPage layout -->

<!-- Spacing between cards -->
<x:Double x:Key="SettingsCardSpacing">4</x:Double>

<!-- Style (inc. the correct spacing) of a section header -->
<Style x:Key="SettingsSectionHeaderTextBlockStyle"
BasedOn="{StaticResource BodyStrongTextBlockStyle}"
TargetType="TextBlock">
<Style.Setters>
<Setter Property="Margin" Value="1,30,0,6" />
</Style.Setters>
</Style>

<!-- https://github.com/microsoft/microsoft-ui-xaml/issues/424 -->
<x:Double x:Key="ContentDialogMaxWidth">2000</x:Double>
</ContentDialog.Resources>
Expand Down
16 changes: 1 addition & 15 deletions AppControl Manager/CustomUIElements/SigningDetailsDialogForRemoval.xaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,22 +18,8 @@
CornerRadius="8"
Style="{ThemeResource DefaultContentDialogStyle}"
BorderBrush="{ThemeResource AccentFillColorDefaultBrush}">

<ContentDialog.Resources>
<!-- These styles can be referenced to create a consistent SettingsPage layout -->

<!-- Spacing between cards -->
<x:Double x:Key="SettingsCardSpacing">4</x:Double>

<!-- Style (inc. the correct spacing) of a section header -->
<Style x:Key="SettingsSectionHeaderTextBlockStyle"
BasedOn="{StaticResource BodyStrongTextBlockStyle}"
TargetType="TextBlock">
<Style.Setters>
<Setter Property="Margin" Value="1,30,0,6" />
</Style.Setters>
</Style>

<!-- https://github.com/microsoft/microsoft-ui-xaml/issues/424 -->
<x:Double x:Key="ContentDialogMaxWidth">2000</x:Double>
</ContentDialog.Resources>
Expand Down
0 ...ntrol Manager/Others/packageManagement.cs → ...anager/Excluded Code/packageManagement.cs
View file
File renamed without changes.
113 changes: 100 additions & 13 deletions AppControl Manager/Main/BasePolicyCreator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ internal sealed class DriverBlockListInfo
}
catch (Exception ex)
{
Logger.Write($"An error occurred: {ex.Message}");
Logger.Write($"An error occurred while retrieving additional information related to the Microsoft recommended driver block rules: {ex.Message}");

// Return null in case of an error
return null;
Expand Down Expand Up @@ -380,7 +380,7 @@ internal static void GetDriversBlockRules(string StagingArea)
/// <param name="RequireEVSigners"></param>
/// <param name="EnableScriptEnforcement"></param>
/// <param name="TestMode"></param>
internal static void BuildAllowMSFT(string StagingArea, bool IsAudit, ulong? LogSize, bool deploy, bool RequireEVSigners, bool EnableScriptEnforcement, bool TestMode, bool? deployAppControlSupplementalPolicy)
internal static void BuildAllowMSFT(string StagingArea, bool IsAudit, ulong? LogSize, bool deploy, bool RequireEVSigners, bool EnableScriptEnforcement, bool TestMode, bool? deployAppControlSupplementalPolicy, string? PolicyIDToUse = null)
{

string policyName;
Expand All @@ -403,8 +403,9 @@ internal static void BuildAllowMSFT(string StagingArea, bool IsAudit, ulong? Log
// Final Policy Path
string finalPolicyPath = Path.Combine(GlobalVars.UserConfigDir, $"{policyName}.xml");

// Get/Deploy the block rules
GetBlockRules(StagingArea, deploy);
// Get/Deploy the block rules if this base policy is not being swapped
if (PolicyIDToUse is null)
GetBlockRules(StagingArea, deploy);

Logger.Write("Copying the AllowMicrosoft.xml from Windows directory to the Staging Area");

Expand All @@ -415,13 +416,19 @@ internal static void BuildAllowMSFT(string StagingArea, bool IsAudit, ulong? Log
// Get the policy ID of the policy being created
string policyID = SetCiPolicyInfo.Set(tempPolicyPath, true, $"{policyName} - {DateTime.Now.ToString("MM-dd-yyyy", CultureInfo.InvariantCulture)}", null, null);

if (PolicyIDToUse is not null)
{
policyID = PolicyIDToUse;
}


if (deployAppControlSupplementalPolicy == true)
{
// Supply the policy ID of the policy being deployed to this method
SupplementalForSelf.Deploy(StagingArea, policyID);
}

SetCiPolicyInfo.Set(tempPolicyPath, new Version("1.0.0.0"));
SetCiPolicyInfo.Set(tempPolicyPath, new Version("1.0.0.0"), PolicyIDToUse);

CiRuleOptions.Set(
tempPolicyPath,
Expand Down Expand Up @@ -460,7 +467,7 @@ internal static void BuildAllowMSFT(string StagingArea, bool IsAudit, ulong? Log
/// <param name="RequireEVSigners"></param>
/// <param name="EnableScriptEnforcement"></param>
/// <param name="TestMode"></param>
internal static void BuildDefaultWindows(string StagingArea, bool IsAudit, ulong? LogSize, bool deploy, bool RequireEVSigners, bool EnableScriptEnforcement, bool TestMode, bool? deployAppControlSupplementalPolicy)
internal static void BuildDefaultWindows(string StagingArea, bool IsAudit, ulong? LogSize, bool deploy, bool RequireEVSigners, bool EnableScriptEnforcement, bool TestMode, bool? deployAppControlSupplementalPolicy, string? PolicyIDToUse = null)
{

string policyName;
Expand All @@ -483,8 +490,9 @@ internal static void BuildDefaultWindows(string StagingArea, bool IsAudit, ulong
// Final Policy Path
string finalPolicyPath = Path.Combine(GlobalVars.UserConfigDir, $"{policyName}.xml");

// Get/Deploy the block rules
GetBlockRules(StagingArea, deploy);
// Get/Deploy the block rules if this base policy is not being swapped
if (PolicyIDToUse is null)
GetBlockRules(StagingArea, deploy);

Logger.Write("Copying the DefaultWindows.xml from Windows directory to the Staging Area");

Expand All @@ -495,13 +503,20 @@ internal static void BuildDefaultWindows(string StagingArea, bool IsAudit, ulong
// Get the policy ID of the policy being created
string policyID = SetCiPolicyInfo.Set(tempPolicyPath, true, $"{policyName} - {DateTime.Now.ToString("MM-dd-yyyy", CultureInfo.InvariantCulture)}", null, null);


if (PolicyIDToUse is not null)
{
policyID = PolicyIDToUse;
}


if (deployAppControlSupplementalPolicy == true)
{
// Supply the policy ID of the policy being deployed to this method
SupplementalForSelf.Deploy(StagingArea, policyID);
}

SetCiPolicyInfo.Set(tempPolicyPath, new Version("1.0.0.0"));
SetCiPolicyInfo.Set(tempPolicyPath, new Version("1.0.0.0"), PolicyIDToUse);

CiRuleOptions.Set(
tempPolicyPath,
Expand Down Expand Up @@ -638,7 +653,7 @@ internal static void GetBlockRules(string StagingArea, bool deploy)
/// <param name="RequireEVSigners"></param>
/// <param name="EnableScriptEnforcement"></param>
/// <param name="TestMode"></param>
internal static void BuildSignedAndReputable(string StagingArea, bool IsAudit, ulong? LogSize, bool deploy, bool RequireEVSigners, bool EnableScriptEnforcement, bool TestMode, bool? deployAppControlSupplementalPolicy)
internal static void BuildSignedAndReputable(string StagingArea, bool IsAudit, ulong? LogSize, bool deploy, bool RequireEVSigners, bool EnableScriptEnforcement, bool TestMode, bool? deployAppControlSupplementalPolicy, string? PolicyIDToUse = null)
{

string policyName;
Expand All @@ -661,8 +676,9 @@ internal static void BuildSignedAndReputable(string StagingArea, bool IsAudit, u
// Final policy XML path
string finalPolicyPath = Path.Combine(GlobalVars.UserConfigDir, $"{policyName}.xml");

// Get/Deploy the block rules
GetBlockRules(StagingArea, deploy);
// Get/Deploy the block rules if this base policy is not being swapped
if (PolicyIDToUse is null)
GetBlockRules(StagingArea, deploy);

Logger.Write("Copying the AllowMicrosoft.xml from Windows directory to the Staging Area");

Expand All @@ -683,12 +699,19 @@ internal static void BuildSignedAndReputable(string StagingArea, bool IsAudit, u
// Get the policyID of the policy being created
string policyID = SetCiPolicyInfo.Set(tempPolicyPath, true, $"{policyName} - {DateTime.Now.ToString("MM-dd-yyyy", CultureInfo.InvariantCulture)}", null, null);


if (PolicyIDToUse is not null)
{
policyID = PolicyIDToUse;
}


if (deployAppControlSupplementalPolicy == true)
{
SupplementalForSelf.Deploy(StagingArea, policyID);
}

SetCiPolicyInfo.Set(tempPolicyPath, new Version("1.0.0.0"));
SetCiPolicyInfo.Set(tempPolicyPath, new Version("1.0.0.0"), PolicyIDToUse);


if (deploy)
Expand All @@ -709,6 +732,70 @@ internal static void BuildSignedAndReputable(string StagingArea, bool IsAudit, u
MainWindow.Instance.AssignToSidebar(finalPolicyPath);
}


/// <summary>
/// Creates and deploys the Strict Kernel-mode base policy
/// Since this is only Kernel-mode, we don't need to deploy the special AppControl Manager supplemental policy
/// </summary>
/// <param name="StagingArea"></param>
/// <param name="IsAudit"></param>
/// <param name="deploy"></param>
/// <param name="deployAppControlSupplementalPolicy"></param>
internal static void BuildStrictKernelMode(string StagingArea, bool IsAudit, bool NoFlightRoots, bool deploy, string? PolicyIDToUse = null)
{

string fileName = NoFlightRoots ? "StrictKernelMode_NoFlightRoots" : "StrictKernelMode";

// Path of the policy file in the staging area
string policyPath = Path.Combine(StagingArea, $"{fileName}.xml");

// path of the policy in the app's resources directory
string policyPathInResourcesDir = Path.Combine(AppContext.BaseDirectory, "Resources", $"{fileName}.xml");

// path of the policy in user configurations directory
string finalPolicyPath = Path.Combine(GlobalVars.UserConfigDir, $"{fileName}.xml");

// Copy the policy from app's directory to the staging area
File.Copy(policyPathInResourcesDir, policyPath, true);

if (IsAudit)
{
// Add the audit mode rule option to the policy
CiRuleOptions.Set(filePath: policyPath, rulesToAdd: [CiRuleOptions.PolicyRuleOptions.EnabledAuditMode]);
}

string policyID;

if (PolicyIDToUse is not null)
{
SetCiPolicyInfo.Set(policyPath, new Version("1.0.0.0"), PolicyIDToUse);
policyID = PolicyIDToUse;
}
else
{
// Reset the policy ID
policyID = SetCiPolicyInfo.Set(policyPath, true, null, null, null);
}

// Copy the policy to the user configurations directory
File.Copy(policyPath, finalPolicyPath, true);

// If it is to be deployed
if (deploy)
{
Logger.Write($"Deploying the Strict Kernel-mode policy with the ID {policyID}");

string cipPath = Path.Combine(StagingArea, $"{fileName}.cip");

// Convert the XML to CiP
PolicyToCIPConverter.Convert(policyPath, cipPath);

// Deploy the CiP file
CiToolHelper.UpdatePolicy(cipPath);
}
}


[GeneratedRegex(@"<VersionEx>(.*?)<\/VersionEx>", RegexOptions.Compiled)]
private static partial Regex MyRegex();

Expand Down
4 changes: 2 additions & 2 deletions AppControl Manager/MainWindow.xaml.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,12 +111,12 @@ internal sealed class PageTitleMap
},
[typeof(Pages.Update)] = new PageTitleMap
{
Titles = [GlobalVars.GetString("Update"), "Custom MSIX Path"],
Titles = [GlobalVars.GetString("Update"), "Custom MSIXBundle Path"],
Pages = [typeof(Pages.Update), typeof(Pages.UpdatePageCustomMSIXPath)]
},
[typeof(Pages.UpdatePageCustomMSIXPath)] = new PageTitleMap // sub-page
{
Titles = [GlobalVars.GetString("Update"), "Custom MSIX Path"],
Titles = [GlobalVars.GetString("Update"), "Custom MSIXBundle Path"],
Pages = [typeof(Pages.Update), typeof(Pages.UpdatePageCustomMSIXPath)]
},
[typeof(Pages.Deployment)] = new PageTitleMap
Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Others/GlobalVars.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ internal static string GetString(string resourceKey)
internal static readonly string StagingArea = Path.Combine(UserConfigDir, "StagingArea");

// The link to the file that contains the download link for the latest version of the AppControl Manager
internal static readonly Uri AppUpdateDownloadLinkURL = new("https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/refs/heads/main/AppControl%20Manager/DownloadURL.txt");
internal static readonly Uri AppUpdateDownloadLinkURL = new("https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/refs/heads/main/AppControl%20Manager/MSIXBundleDownloadURL.txt");

// The link to the file that contains the version number of the latest available version of the AppControl Manager
internal static readonly Uri AppVersionLinkURL = new("https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/refs/heads/main/AppControl%20Manager/version.txt");
Expand Down
4 changes: 2 additions & 2 deletions AppControl Manager/Others/Logger.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@ static Logger()
// Create the Logs directory if it doesn't exist, won't do anything if it exists
_ = Directory.CreateDirectory(LogsDirectory);

// Check the size of the directory and clear it if it exceeds 100 MB
// Check the size of the directory and clear it if it exceeds 1000 MB
// To ensure the logs directory doesn't get too big
if (GetDirectorySize(LogsDirectory) > 100 * 1024 * 1024) // 100 MB in bytes
if (GetDirectorySize(LogsDirectory) > 1000 * 1024 * 1024) // 1000 MB in bytes
{
// Empty the directory while retaining the most recent file
EmptyDirectory(LogsDirectory);
Expand Down
2 changes: 1 addition & 1 deletion AppControl Manager/Pages/AllowNewApps/AllowNewApps.xaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
<NavigationView x:Name="AllowNewAppsNavigation"
PaneDisplayMode="Top"
IsTabStop="True"
Grid.Row="1"
Grid.Row="1"
SelectionChanged="NavigationView_SelectionChanged"
IsSettingsVisible="False"
IsBackButtonVisible="Collapsed">
Expand Down
Loading

0 comments on commit 6ed0ff2

Please sign in to comment.