Skip to content

Commit

Permalink
Improved New-KernelModeWDACConfig
Browse files Browse the repository at this point in the history
  • Loading branch information
@HotCakeX
HotCakeX committed Jan 22, 2024
1 parent 4efafd3 commit 563396a
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 19 deletions.
6 changes: 3 additions & 3 deletions WDACConfig/Utilities/Hashes.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
"Core\Get-CommonWDACConfig.psm1","Get-CommonWDACConfig.psm1","B79D46BDD63E54902F3CDD14F108F0CB01E213F9C78CEE6A9578F04502F2224E2640D8857BCB47EE6B1FFF7357C62AE2A68BE1F4FA1CA232AFC4442092F87A4E"
"Core\Invoke-WDACSimulation.psm1","Invoke-WDACSimulation.psm1","694D9BD5B7288F9A36287EAD454A7B28698CCD92BF83C36DE08FED77EA0AF49E47189A182C83E83A8519BA893BF65B2673CD24D066C9DD6AEDF68084023346BE"
"Core\New-DenyWDACConfig.psm1","New-DenyWDACConfig.psm1","B1954DD6D0C20C73624C4040C222A6EBA03B141D80391788A39E9995D8D3729BB0A76A4FE571AC8EEAFAFCBB679743C08B58947B13AB3E57B884861BDB9170A2"
"Core\New-KernelModeWDACConfig.psm1","New-KernelModeWDACConfig.psm1","2DB75E59C6AD0CF75DBF7BEC24FB1C43E1BFE443F3E2D9C49AA4D19EE4FACDFE4687D476664991C4744D758B2CD6B11A6AE1C9C56150CE9315EB3A1B273D3E52"
"Core\New-KernelModeWDACConfig.psm1","New-KernelModeWDACConfig.psm1","F5311B8EB87A02CD1BB33B497A7EF6A2A39EB2A0FB1DE5CD6D8B53B60E574D5895681D99004301B7C7B3EEF39D863BB1BA8B408E2890A1F18C3A760475EA92B3"
"Core\New-SupplementalWDACConfig.psm1","New-SupplementalWDACConfig.psm1","E6F44921A45D36EA3D6238368E623505EDD97F8040AF4A654C3A0FDAD9D29A4839DF4340B3A33AE896305DD6FBD01D68FCB740356AA33917652A8AF742098E49"
"Core\New-WDACConfig.psm1","New-WDACConfig.psm1","6ACC7BA93FD208862A99F2FF085528EAF45DF1F29DC6C5246F399857016B0D834D4D67F715DBBB47FED6F59DBC4D217161D0088099D9738670B8F539720B1A04"
"Core\Remove-CommonWDACConfig.psm1","Remove-CommonWDACConfig.psm1","7C6D6EC1BF203D40664783F4A60FDC937B08FEFB2383F7943846BEFD8251340C168C3BB0C16204C052755F027C9F2711DF66C42423C9284FFA4517978D6C59C8"
Expand All @@ -21,8 +21,8 @@
"Resources\ArgumentCompleters.ps1","ArgumentCompleters.ps1","0471552A03BCF16D55C754C8B2C54B5809A211CFB33E00A53B0C3722F65C6E30BA49C371813343839A7AB86B4D2AEE4136521FE31FA5303548132878FC4A1173"
"Resources\Resources2.ps1","Resources2.ps1","404722F31CE73E6C89C623917B8A05AE806E34016EDC2105BD0D2659A8273CE9620282A1C38F0808F2CEC1BA71620F9609DD20F1A91A00217344A6EA687EB35E"
"Resources\User Configurations\Schema.json","Schema.json","9A20EF0148D298178B35C1AAB961C46AF62BBCC0BB0DCCBE63F2FE08E0A764406267449CDD686A01F85650622DA6E690D12FBB88BB3A7E070BA58C1AF8FBC813"
"Resources\WDAC Policies\DefaultWindows_Enforced_Kernel_NoFlights.xml","DefaultWindows_Enforced_Kernel_NoFlights.xml","0DF84E416ADCFB4C423D61BD71902B521B7ED7EADE2837BC41B443C1E0EEEECFE0C66193750455E96800D98374953B129ED0315EB03AFB2AF8D0C922871A223D"
"Resources\WDAC Policies\DefaultWindows_Enforced_Kernel.xml","DefaultWindows_Enforced_Kernel.xml","BF0804A93A8B940FBDF04792E177E41AB669567FBEE78FFD51DE963856EBE3C43DC5ED577446477CF4ED83368F7DE8E4AA399AC54D844C4ED8907D0DEAB7A94B"
"Resources\WDAC Policies\DefaultWindows_Enforced_Kernel_NoFlights.xml","DefaultWindows_Enforced_Kernel_NoFlights.xml","7E4BC35A3F0840C8F3921FB260CE84660DC3CAACB7850A1AEF13AFC48B0E069D27562C5632444926BF60B44A0E0FF522D0215F1F7DD5E1A7E51A45E86AB7F44C"
"Resources\WDAC Policies\DefaultWindows_Enforced_Kernel.xml","DefaultWindows_Enforced_Kernel.xml","846663A7B0CAD90A2305F3C3322D6C2CFA6277B7E4B083CB478FF409DB29A7D0D71318845B884518B8D2F87B66A5EA327D4EB2D39A9707D1EE41B0237812FFD6"
"Resources\WDAC Policies-Archived\DefaultWindows_Enforced_Kernel_NoFlights.xml","DefaultWindows_Enforced_Kernel_NoFlights.xml","D02BCCFA3C35E179A634AFCDE04259C43F8FBD619A4D0D2F7BAC1A8A9FBC58D3EBC7EE89B1B2EC6B3C17BD6EC38ADB501B271AEA3037B980D10EAB9AFA3B8308"
"Resources\WDAC Policies-Archived\DefaultWindows_Enforced_Kernel.xml","DefaultWindows_Enforced_Kernel.xml","BDC7B623386570F383B4A113BF06C7FF6A5A4271AFE572B5D68EEBC161CD650B62E70636527DFBEF09A8F95E66899CEEC424AA22CD00BBEF6D7888759D812F8D"
"Resources\WDAC Policies-Archived\Readme.md","Readme.md","E85639EA8A88E40100AC46DFF72493E1D7A4FC600562C773A04BEF1EBCAA165AD2023E3808B3A5837186DC40C97AC2CB7FA5B2166A3957644ACAC91C9819ACC8"
Expand Down
31 changes: 17 additions & 14 deletions WDACConfig/WDACConfig Module Files/Core/New-KernelModeWDACConfig.psm1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -453,6 +453,9 @@ Function New-KernelModeWDACConfig {

Write-Verbose -Message 'Removing the GUID of the StrictKernelNoFlightRootsPolicy from user configuration'
Remove-CommonWDACConfig -StrictKernelNoFlightRootsPolicyGUID | Out-Null

Write-Verbose -Message 'Removing the time of deployment of the StrictKernelPolicy from user configuration'
Remove-CommonWDACConfig -StrictKernelModePolicyTimeOfDeployment | Out-Null
}
else {
# Remove the Audit mode policy from the system
Expand Down Expand Up @@ -513,8 +516,8 @@ Function New-KernelModeWDACConfig {
# SIG # Begin signature block
# MIILkgYJKoZIhvcNAQcCoIILgzCCC38CAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCYiRetnOXMCIlU
# 25jr/1/XKzQFAb9+QJG7rIH27eBRN6CCB9AwggfMMIIFtKADAgECAhMeAAAABI80
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBxEju7MovYNoFz
# T/QceA1rALlIV+PzbfOFqBVuev2WfqCCB9AwggfMMIIFtKADAgECAhMeAAAABI80
# LDQz/68TAAAAAAAEMA0GCSqGSIb3DQEBDQUAME8xEzARBgoJkiaJk/IsZAEZFgNj
# b20xIjAgBgoJkiaJk/IsZAEZFhJIT1RDQUtFWC1DQS1Eb21haW4xFDASBgNVBAMT
# C0hPVENBS0VYLUNBMCAXDTIzMTIyNzExMjkyOVoYDzIyMDgxMTEyMTEyOTI5WjB5
Expand Down Expand Up @@ -561,16 +564,16 @@ Function New-KernelModeWDACConfig {
# Q0FLRVgtQ0ECEx4AAAAEjzQsNDP/rxMAAAAAAAQwDQYJYIZIAWUDBAIBBQCggYQw
# GAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGC
# NwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQx
# IgQgiXRwvvsbe3wS1CHe2FGdxHtMv9bNhAe5prVrtCJvtJQwDQYJKoZIhvcNAQEB
# BQAEggIAnegUfShgYbzvccCdGs6plCoj6MKKxeKKGZ3lXi/aQoB9clRa6Kt7Xjfp
# wHHzxqX0T3szSFixNaiZrKV2shSWSijhRH8jv34h8tcME2dD5tR45xjGvc3ogB05
# idXR0mp+cQyrE3Z+lcUkAB+ewdvsXw/jE/uwFr+ZwFlgZFfS7thHaNfL9MBJW5jP
# RNtwYME5cVNxR2VUcUgEt9vON6h6yTqhAbzkieHBsxSZQS7xncaWHRTqyakQEzst
# g+XpuNyot94ykhrHUBxJ1WWjxI6yfRJRWaEBTPCSi3sEguV+1acEsCNNxl7BFSNM
# LZLSwsjSFZOR+JeOqNz49GRVf0lLn7KGdujJkteoRDKZwltZ2FSHJboLhq/M8SBa
# 5ns/GlpwuuyepXphmtG4pPW/EjMxgxVdgo6wadur5ksjdLFUKdlqOsM+TCNoNrtH
# +Bn51etxnGeYGK41yv4xF2WvcZCgn4SVa3bZewdjoSZDoBI0asxPdFvZkecuMz+k
# obkaI+yqFFF8ozwowjChhfXJQIBR5yw2nRsQAgX6zf4sIrAqh5TRtRCeoJqvOTqL
# aIuWFc6Bi+fboUCquZ8AiZwuFkGJ0TY3kbl53/jCzEtgTcx+J4BlMhs6ZxCm9hE2
# UaUuRpX9YmnnVbEn3v1IfHonC4KEHweGFid4Nn8HzwR7JgcVyLA=
# IgQgKKKaEAqV5G3upfp4Kntgy/vj4hPoXLK4ioEHnP5IvNMwDQYJKoZIhvcNAQEB
# BQAEggIAa6dC4aaEXxzT7RDJE1wIy4XLdznyrcCeZ4It+BgrrfHefhZVHRpaqBqd
# 9eSoW5WpRKfRhPf1Xc7KH/YyLrfWkbQ9ihf2t99k/mKi8lcb4tU5qCXeZP5LWJWi
# dhRpZkMBLtsHJRvyRaWLoyhgdqQ6d6I50R6l0u4KbjtUEAlOsUNs7Ti1uPIQfBJC
# OAbUv80iz+DNCeI3HHguA6dyy7cHjhhfQ/JhgHBMYzasUX8SVKGFD58RrIpIFS74
# q7bcqSOwpZXyZSuZQjnHmWtgUgobOACGQgWAenidciHfSUpmG3fHfvC18iX9i/tj
# dEJbSEBFoodCYPeI1yIn/54YlusQY+2iDwkGGp12tX2dDYB56CP5kjLkj+bILTXl
# diEvgfJ8jnrJie3EBGX+CbBmwiKajonVW/5ihjaTYdhYxKvacqtLcHypGKJy7Pwe
# to6LaYuwZe3wfxK2BEqN5sY6cNG7ca2cO9u6KUOnkBv3JdRlEhikox5LX1EZY9nf
# ytF6Ft8WlU6EVpRQNWUNABSbj3Qng/1NOP1Y+nSTGZGB6OuFDaPDmn4OXQ2SXCyO
# JbL6HB1SCqc0LKcMId+p8J7BYySOIxi3SMtjLSlGwu7GtXe1gurdHEPHNKJ69eW+
# XUy45JKXsg8kH1SdfFjXY3dPOcrcGmFVZUkXjdQ70zD4XTzVYhg=
# SIG # End signature block
2 changes: 1 addition & 1 deletion ...Config/WDACConfig Module Files/Resources/WDAC Policies/DefaultWindows_Enforced_Kernel.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
</SigningScenarios>
<UpdatePolicySigners />
<CiSigners />
<HvciOptions>0</HvciOptions>
<HvciOptions>0</HvciOptions>
<Settings>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
<Value>
Expand Down
2 changes: 1 addition & 1 deletion ...CConfig Module Files/Resources/WDAC Policies/DefaultWindows_Enforced_Kernel_NoFlights.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@
</SigningScenarios>
<UpdatePolicySigners />
<CiSigners />
<HvciOptions>0</HvciOptions>
<HvciOptions>0</HvciOptions>
<Settings>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
<Value>
Expand Down

0 comments on commit 563396a

Please sign in to comment.