Merge pull request #365 from HotCakeX/WDACConfig-0.4.7-AppControl-Man…

…ager-1.1.0.0

WDACConfig v0.4.7 and AppControl Manager v1.1.0.0

.github/workflows/Build AppControl Manager MSIX Package.yml

@@ -0,0 +1,74 @@
+name: Build AppControl Manager MSIX Package
+
+permissions:
+  id-token: write
+  contents: read
+  attestations: write
+
+on:
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: windows-latest
+    steps:
+
+      - name: Check out the repository code
+        uses: actions/checkout@v4
+
+      - name: Setting up and downloading Winget
+        shell: pwsh
+        run: |
+          # Set up URLs and retrieve Winget latest release information
+          [string]$WingetRepoURL = 'https://api.github.com/repos/microsoft/winget-cli/releases'
+          $WingetReleases = Invoke-RestMethod -Uri $WingetRepoURL
+          $LatestRelease = $WingetReleases | Select-Object -First 1
+          [string]$WingetURL2 = $LatestRelease.assets.browser_download_url | Where-Object { $_.EndsWith('.msixbundle') } | Select-Object -First 1
+          [string]$WingetLicense = $LatestRelease.assets.browser_download_url | Where-Object { $_.EndsWith('License1.xml') } | Select-Object -First 1
+          [hashtable]$Downloads = @{
+              'VCLibs.appx'            = 'https://aka.ms/Microsoft.VCLibs.x64.14.00.Desktop.appx'
+              'Microsoft.UI.Xaml.appx' = 'https://github.com/microsoft/microsoft-ui-xaml/releases/download/v2.8.6/Microsoft.UI.Xaml.2.8.x64.appx'
+              'Winget.msixbundle'      = 'https://aka.ms/getwinget'
+              'License1.xml'           = $WingetLicense
+          }
+          $Downloads.GetEnumerator() | ForEach-Object -Parallel {
+              $FileName = $_.Key
+              $URL = $_.Value
+              Invoke-RestMethod -Uri $URL -OutFile $FileName
+          }
+          Add-AppxProvisionedPackage -Online -PackagePath 'Winget.msixbundle' -DependencyPackagePath 'Microsoft.UI.Xaml.appx', 'VCLibs.appx' -LicensePath 'License1.xml'
+
+      - name: Finishing setting up Winget
+        shell: powershell
+        run: |
+          Add-AppPackage -Path 'Winget.msixbundle' -DependencyPath 'Microsoft.UI.Xaml.appx', 'VCLibs.appx' -ForceTargetApplicationShutdown -ForceUpdateFromAnyVersion
+          # Add-AppPackage on Windows Server throws error so we use Windows PowerShell for this section.
+
+      - name: Installing the necessary programs
+        run: |
+          winget install --id Microsoft.DotNet.SDK.Preview --exact --accept-package-agreements --accept-source-agreements --uninstall-previous --force
+          winget install --id Microsoft.VisualStudio.2022.BuildTools --exact --accept-package-agreements --accept-source-agreements --uninstall-previous --force
+          winget install --id Microsoft.WindowsSDK.10.0.26100 --exact --accept-package-agreements --accept-source-agreements --uninstall-previous --force
+          winget install --id Microsoft.AppInstaller --exact --accept-package-agreements --accept-source-agreements --uninstall-previous --force
+          winget install --id Microsoft.VCRedist.2015+.x64 --exact --accept-package-agreements --accept-source-agreements --uninstall-previous --force
+
+      - name: Building the AppControl Manager
+        run: dotnet build "AppControl Manager/AppControl Manager.sln" --configuration Release --verbosity minimal
+
+      - name: Generating the MSIX Package
+        run: dotnet msbuild "AppControl Manager/AppControl Manager.sln" /p:Configuration=Release /p:AppxPackageDir="MSIXOutput\" /p:GenerateAppxPackageOnBuild=true
+
+      - name: Capturing the Generated MSIX file Path
+        shell: pwsh
+        run: |
+          [string]$MSIXPath = (Get-ChildItem -Path '.\AppControl Manager\MSIXOutput\AppControl Manage*\AppControl Manager*.msix').FullName
+          
+          if ([string]::IsNullOrWhiteSpace($MSIXPath)) { throw "Couldn't find the generated MSIX package" }
+
+          # Write the MSIXPath to GITHUB_ENV to set it as an environment variable for the entire workflow
+          Add-Content -Path $env:GITHUB_ENV -Value "MSIX_PATH=$MSIXPath"
+
+      - name: Generate Artifact Attestation
+        uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: ${{ env.MSIX_PATH }}

.github/workflows/codeql.yml

@@ -43,7 +43,7 @@ jobs:
         - language: csharp
           build-mode: none
         # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
-        # Use `c-cpp` to analyze code written in C, C++ or both       
+        # Use `c-cpp` to analyze code written in C, C++ or both
         # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
         # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
         # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how

.gitignore

@@ -4,8 +4,8 @@ Harden-Windows-Security Module/bin/
 WDACConfig/obj/
 WDACConfig/.vs/
 WDACConfig/bin/
-WDACConfig/WinUI3/.vs/
-WDACConfig/WinUI3/bin/
-WDACConfig/WinUI3/obj/
-WDACConfig/WinUI3/Generated Files/
-WDACConfig/WinUI3/signtool.exe
+AppControl Manager/.vs/
+AppControl Manager/bin/
+AppControl Manager/obj/
+AppControl Manager/Generated Files/
+AppControl Manager/signtool.exe

WDACConfig/WinUI3/.editorconfig → AppControl Manager/.editorconfig

@@ -31,7 +31,7 @@ dotnet_diagnostic.CA1309.severity = error
 dotnet_diagnostic.CA1311.severity = error
 
 # CA1416: Validate platform compatibility
-dotnet_diagnostic.CA1416.severity = error
+dotnet_diagnostic.CA1416.severity = silent
 
 # CA5384: Do Not Use Digital Signature Algorithm (DSA)
 dotnet_diagnostic.CA5384.severity = error
@@ -275,3 +275,69 @@ dotnet_diagnostic.CA2101.severity = error
 
 # IL2026: Members annotated with 'RequiresUnreferencedCodeAttribute' require dynamic access otherwise can break functionality when trimming application code
 dotnet_diagnostic.IL2026.severity = error
+
+# IDE0305: Simplify collection initialization
+dotnet_diagnostic.IDE0305.severity = error
+
+# IDE0004: Remove Unnecessary Cast
+dotnet_diagnostic.IDE0004.severity = error
+
+# IDE0017: Simplify object initialization
+dotnet_diagnostic.IDE0017.severity = error
+
+# IDE0063: Use simple 'using' statement
+dotnet_diagnostic.IDE0063.severity = error
+
+# CA1001: Types that own disposable fields should be disposable
+dotnet_diagnostic.CA1001.severity = error
+
+# CA1831: Use AsSpan or AsMemory instead of Range-based indexers when appropriate
+dotnet_diagnostic.CA1831.severity = error
+
+# CA5382: Use Secure Cookies In ASP.NET Core
+dotnet_diagnostic.CA5382.severity = error
+
+# CA1063: Implement IDisposable Correctly
+dotnet_diagnostic.CA1063.severity = error
+
+# CA1852: Seal internal types
+dotnet_diagnostic.CA1852.severity = error
+
+# CA2011: Avoid infinite recursion
+dotnet_diagnostic.CA2011.severity = error
+
+# CA2015: Do not define finalizers for types derived from MemoryManager<T>
+dotnet_diagnostic.CA2015.severity = error
+
+# CA2017: Parameter count mismatch
+dotnet_diagnostic.CA2017.severity = error
+
+# CA5397: Do not use deprecated SslProtocols values
+dotnet_diagnostic.CA5397.severity = error
+
+# CA5394: Do not use insecure randomness
+dotnet_diagnostic.CA5394.severity = error
+
+# CA2207: Initialize value type static fields inline
+dotnet_diagnostic.CA2207.severity = error
+
+# CA2219: Do not raise exceptions in finally clauses
+dotnet_diagnostic.CA2219.severity = error
+
+# CA2259: 'ThreadStatic' only affects static fields
+dotnet_diagnostic.CA2259.severity = error
+
+# CA5371: Use XmlReader for 'XmlSchema.Read()'
+dotnet_diagnostic.CA5371.severity = error
+
+# CA5364: Do Not Use Deprecated Security Protocols
+dotnet_diagnostic.CA5364.severity = error
+
+# CA1839: Use 'Environment.ProcessPath'
+dotnet_diagnostic.CA1839.severity = error
+
+# CA2265: Do not compare Span<T> to 'null' or 'default'
+dotnet_diagnostic.CA2265.severity = error
+
+# CA1507: Use nameof to express symbol names
+dotnet_diagnostic.CA1507.severity = error

WDACConfig/WinUI3/App.xaml.cs → AppControl Manager/App.xaml.cs

@@ -30,6 +30,10 @@ public App()
         {
             this.InitializeComponent();
 
+            // Give beautiful outline to the UI elements when using the tab key and keyboard for navigation
+            // https://learn.microsoft.com/en-us/windows/apps/design/style/reveal-focus
+            this.FocusVisualKind = FocusVisualKind.Reveal;
+
             // to handle unhandled exceptions
             this.UnhandledException += App_UnhandledException;
         }

WDACConfig/WinUI3/AppControl Manager.csproj → AppControl Manager/AppControl Manager.csproj

@@ -6,9 +6,8 @@
     <TargetPlatformMinVersion>10.0.26100.0</TargetPlatformMinVersion>
     <RootNamespace>WDACConfig</RootNamespace>
     <ApplicationManifest>app.manifest</ApplicationManifest>
-    <Platforms>x64;ARM64</Platforms>
-    <RuntimeIdentifiers Condition="$([MSBuild]::GetTargetFrameworkVersion('$(TargetFramework)')) &gt;= 8">win-x64;win-arm64</RuntimeIdentifiers>
-    <RuntimeIdentifiers Condition="$([MSBuild]::GetTargetFrameworkVersion('$(TargetFramework)')) &lt; 8">win10-x64;win10-arm64</RuntimeIdentifiers>
+    <Platforms>x64</Platforms>
+    <RuntimeIdentifiers>win-x64</RuntimeIdentifiers>
     <PublishProfile>win-$(Platform).pubxml</PublishProfile>
     <UseWinUI>true</UseWinUI>
     <EnableMsixTooling>true</EnableMsixTooling>
@@ -34,6 +33,9 @@
     <None Remove="Pages\Logs.xaml" />
     <None Remove="Pages\MicrosoftDocumentation.xaml" />
     <None Remove="Pages\Settings.xaml" />
+    <None Remove="Pages\Simulation.xaml" />
+    <None Remove="Pages\SystemInformation\CodeIntegrityInfo.xaml" />
+    <None Remove="Pages\SystemInformation\SystemInformation.xaml" />
     <None Remove="Pages\ViewCurrentPolicies.xaml" />
     <None Remove="Resources\AppControlManagerSupplementalPolicy.xml" />
   </ItemGroup>
@@ -60,12 +62,15 @@
     <ProjectCapability Include="Msix" />
   </ItemGroup>
   <ItemGroup>
+    <!-- <PackageReference Include="CommunityToolkit.Labs.WinUI.Controls.DataTable" Version="0.1.241015-build.1760" /> -->
+    <PackageReference Include="CommunityToolkit.WinUI.Behaviors" Version="8.1.240916" />
     <PackageReference Include="CommunityToolkit.WinUI.Controls.ColorPicker" Version="8.1.240916" />
     <PackageReference Include="CommunityToolkit.WinUI.Controls.Primitives" Version="8.1.240916" />
+    <PackageReference Include="CommunityToolkit.WinUI.Controls.RadialGauge" Version="8.1.240916" />
     <PackageReference Include="CommunityToolkit.WinUI.Controls.SettingsControls" Version="8.1.240916" />
     <PackageReference Include="CommunityToolkit.WinUI.UI.Controls.DataGrid" Version="7.1.2" />
     <PackageReference Include="Microsoft.PowerShell.SDK" Version="7.5.0-preview.5" />
-    <PackageReference Include="Microsoft.Windows.CsWinRT" Version="2.1.5" />
+    <PackageReference Include="Microsoft.Windows.CsWinRT" Version="2.1.6" />
     <PackageReference Include="Microsoft.Windows.SDK.BuildTools" Version="10.0.26100.1742" />
     <PackageReference Include="Microsoft.WindowsAppSDK" Version="1.6.240923002" />
     <PackageReference Include="System.Diagnostics.EventLog" Version="9.0.0-rc.2.24473.5" />
@@ -119,14 +124,14 @@
     <Description>An application that simplifies management of Application Control in Windows.</Description>
     <PackageProjectUrl>https://github.com/HotCakeX/Harden-Windows-Security</PackageProjectUrl>
     <RepositoryUrl>https://github.com/HotCakeX/Harden-Windows-Security</RepositoryUrl>
-    <PackageTags>App Control,WDAC,WDACConfig</PackageTags>
+    <PackageTags>App Control,WDAC,WDACConfig,AppControl For Business, AppControl Manager</PackageTags>
     <PackageReleaseNotes>https://github.com/HotCakeX/Harden-Windows-Security/releases</PackageReleaseNotes>
 
     <!-- Automatically created for packing -->
     <GenerateAppInstallerFile>False</GenerateAppInstallerFile>
     <AppxPackageSigningEnabled>False</AppxPackageSigningEnabled>
     <AppxPackageSigningTimestampDigestAlgorithm>SHA512</AppxPackageSigningTimestampDigestAlgorithm>
-    <AppxAutoIncrementPackageRevision>True</AppxAutoIncrementPackageRevision>
+    <AppxAutoIncrementPackageRevision>False</AppxAutoIncrementPackageRevision>
     <!-- Defining custom directory in the root directory to be created if it doesn't exist. MSIX package after packing will be stored there -->
     <AppxPackageDir>MSIXOutput\</AppxPackageDir>
     <AppxSymbolPackageEnabled>True</AppxSymbolPackageEnabled>
@@ -142,30 +147,35 @@
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <CheckForOverflowUnderflow>True</CheckForOverflowUnderflow>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
-    <CheckForOverflowUnderflow>True</CheckForOverflowUnderflow>
-  </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
     <CheckForOverflowUnderflow>True</CheckForOverflowUnderflow>
   </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'">
-    <CheckForOverflowUnderflow>True</CheckForOverflowUnderflow>
-  </PropertyGroup>
 
   <!-- Exclude the following files and folders from compilation, build, search, solution explorer etc. -->
   <ItemGroup>
     <Compile Remove="Signtool.exe" />
     <Content Remove="Signtool.exe" />
     <None Remove="Signtool.exe" />
 
-    <Compile Remove="Invoke-MSIXSignAndDeploy.ps1" />
-    <Content Remove="Invoke-MSIXSignAndDeploy.ps1" />
-    <None Remove="Invoke-MSIXSignAndDeploy.ps1" />
-
     <Compile Remove="MSIXOutput\**" />
     <Content Remove="MSIXOutput\**" />
     <None Remove="MSIXOutput\**" />
   </ItemGroup>
+  <ItemGroup>
+    <Page Update="Pages\SystemInformation\CodeIntegrityInfo.xaml">
+      <Generator>MSBuild:Compile</Generator>
+    </Page>
+  </ItemGroup>
+  <ItemGroup>
+    <Page Update="Pages\SystemInformation\SystemInformation.xaml">
+      <Generator>MSBuild:Compile</Generator>
+    </Page>
+  </ItemGroup>
+  <ItemGroup>
+    <Page Update="Pages\Simulation.xaml">
+      <Generator>MSBuild:Compile</Generator>
+    </Page>
+  </ItemGroup>
   <ItemGroup>
     <Page Update="Pages\Logs.xaml">
       <Generator>MSBuild:Compile</Generator>

WDACConfig/WinUI3/AppControl Manager.sln → AppControl Manager/AppControl Manager.sln

@@ -6,21 +6,13 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "AppControl Manager", "AppCo
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
-		Debug|ARM64 = Debug|ARM64
 		Debug|x64 = Debug|x64
-		Release|ARM64 = Release|ARM64
 		Release|x64 = Release|x64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
-		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Debug|ARM64.ActiveCfg = Debug|ARM64
-		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Debug|ARM64.Build.0 = Debug|ARM64
-		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Debug|ARM64.Deploy.0 = Debug|ARM64
 		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Debug|x64.ActiveCfg = Debug|x64
 		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Debug|x64.Build.0 = Debug|x64
 		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Debug|x64.Deploy.0 = Debug|x64
-		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Release|ARM64.ActiveCfg = Release|ARM64
-		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Release|ARM64.Build.0 = Release|ARM64
-		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Release|ARM64.Deploy.0 = Release|ARM64
 		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Release|x64.ActiveCfg = Release|x64
 		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Release|x64.Build.0 = Release|x64
 		{8467BDD7-CAF9-478A-B74C-894D30C73E3A}.Release|x64.Deploy.0 = Release|x64