From e46dcb48081f1dbe3140c03ffcf9eff8f5a92af7 Mon Sep 17 00:00:00 2001 From: Violet Date: Tue, 9 Jan 2024 08:05:07 -0930 Subject: [PATCH 1/2] Fixed a problem with misplaced double quotes --- .../Main files/Core/Protect-WindowsSecurity.psm1 | 2 +- Harden-Windows-Security.ps1 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Harden-Windows-Security Module/Main files/Core/Protect-WindowsSecurity.psm1 b/Harden-Windows-Security Module/Main files/Core/Protect-WindowsSecurity.psm1 index 63e1442b1..19780050c 100644 --- a/Harden-Windows-Security Module/Main files/Core/Protect-WindowsSecurity.psm1 +++ b/Harden-Windows-Security Module/Main files/Core/Protect-WindowsSecurity.psm1 @@ -1123,7 +1123,7 @@ Function Protect-WindowsSecurity { # Create a scheduled task action, this defines how to download and install the latest Microsoft Recommended Driver Block Rules [Microsoft.Management.Infrastructure.CimInstance]$Action = New-ScheduledTaskAction -Execute 'Powershell.exe' ` - -Argument '-NoProfile -WindowStyle Hidden -command "& {try {Invoke-WebRequest -Uri "https://aka.ms/VulnerableDriverBlockList" -OutFile VulnerableDriverBlockList.zip -ErrorAction Stop}catch{exit 1};Expand-Archive -Path .\VulnerableDriverBlockList.zip -DestinationPath "VulnerableDriverBlockList" -Force;Rename-Item -Path .\VulnerableDriverBlockList\SiPolicy_Enforced.p7b -NewName "SiPolicy.p7b" -Force;Copy-Item -Path .\VulnerableDriverBlockList\SiPolicy.p7b -Destination "$env:SystemDrive\Windows\System32\CodeIntegrity -Force";citool --refresh -json;Remove-Item -Path .\VulnerableDriverBlockList -Recurse -Force;Remove-Item -Path .\VulnerableDriverBlockList.zip -Force; exit 0;}"' + -Argument '-NoProfile -WindowStyle Hidden -command "& {try {Invoke-WebRequest -Uri "https://aka.ms/VulnerableDriverBlockList" -OutFile VulnerableDriverBlockList.zip -ErrorAction Stop}catch{exit 1};Expand-Archive -Path .\VulnerableDriverBlockList.zip -DestinationPath "VulnerableDriverBlockList" -Force;Rename-Item -Path .\VulnerableDriverBlockList\SiPolicy_Enforced.p7b -NewName "SiPolicy.p7b" -Force;Copy-Item -Path .\VulnerableDriverBlockList\SiPolicy.p7b -Destination "$env:SystemDrive\Windows\System32\CodeIntegrity" -Force;citool --refresh -json;Remove-Item -Path .\VulnerableDriverBlockList -Recurse -Force;Remove-Item -Path .\VulnerableDriverBlockList.zip -Force; exit 0;}"' # Create a scheduled task principal and assign the SYSTEM account's well-known SID to it so that the task will run under its context [Microsoft.Management.Infrastructure.CimInstance]$TaskPrincipal = New-ScheduledTaskPrincipal -LogonType S4U -UserId 'S-1-5-18' -RunLevel Highest diff --git a/Harden-Windows-Security.ps1 b/Harden-Windows-Security.ps1 index 5386f6532..a519b2f62 100644 --- a/Harden-Windows-Security.ps1 +++ b/Harden-Windows-Security.ps1 @@ -1123,7 +1123,7 @@ Function Protect-WindowsSecurity { # Create a scheduled task action, this defines how to download and install the latest Microsoft Recommended Driver Block Rules [Microsoft.Management.Infrastructure.CimInstance]$Action = New-ScheduledTaskAction -Execute 'Powershell.exe' ` - -Argument '-NoProfile -WindowStyle Hidden -command "& {try {Invoke-WebRequest -Uri "https://aka.ms/VulnerableDriverBlockList" -OutFile VulnerableDriverBlockList.zip -ErrorAction Stop}catch{exit 1};Expand-Archive -Path .\VulnerableDriverBlockList.zip -DestinationPath "VulnerableDriverBlockList" -Force;Rename-Item -Path .\VulnerableDriverBlockList\SiPolicy_Enforced.p7b -NewName "SiPolicy.p7b" -Force;Copy-Item -Path .\VulnerableDriverBlockList\SiPolicy.p7b -Destination "$env:SystemDrive\Windows\System32\CodeIntegrity -Force";citool --refresh -json;Remove-Item -Path .\VulnerableDriverBlockList -Recurse -Force;Remove-Item -Path .\VulnerableDriverBlockList.zip -Force; exit 0;}"' + -Argument '-NoProfile -WindowStyle Hidden -command "& {try {Invoke-WebRequest -Uri "https://aka.ms/VulnerableDriverBlockList" -OutFile VulnerableDriverBlockList.zip -ErrorAction Stop}catch{exit 1};Expand-Archive -Path .\VulnerableDriverBlockList.zip -DestinationPath "VulnerableDriverBlockList" -Force;Rename-Item -Path .\VulnerableDriverBlockList\SiPolicy_Enforced.p7b -NewName "SiPolicy.p7b" -Force;Copy-Item -Path .\VulnerableDriverBlockList\SiPolicy.p7b -Destination "$env:SystemDrive\Windows\System32\CodeIntegrity" -Force;citool --refresh -json;Remove-Item -Path .\VulnerableDriverBlockList -Recurse -Force;Remove-Item -Path .\VulnerableDriverBlockList.zip -Force; exit 0;}"' # Create a scheduled task principal and assign the SYSTEM account's well-known SID to it so that the task will run under its context [Microsoft.Management.Infrastructure.CimInstance]$TaskPrincipal = New-ScheduledTaskPrincipal -LogonType S4U -UserId 'S-1-5-18' -RunLevel Highest From 6e552062daf7e3cd1c8bad12a721a1b58ca8f7df Mon Sep 17 00:00:00 2001 From: Violet Date: Tue, 9 Jan 2024 08:05:44 -0930 Subject: [PATCH 2/2] Version update to 0.2.9 --- .../Main files/Harden-Windows-Security-Module.psd1 | 2 +- Harden-Windows-Security Module/version.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Harden-Windows-Security Module/Main files/Harden-Windows-Security-Module.psd1 b/Harden-Windows-Security Module/Main files/Harden-Windows-Security-Module.psd1 index fd8438fff..63335beb0 100644 --- a/Harden-Windows-Security Module/Main files/Harden-Windows-Security-Module.psd1 +++ b/Harden-Windows-Security Module/Main files/Harden-Windows-Security-Module.psd1 @@ -4,7 +4,7 @@ RootModule = 'Harden-Windows-Security-Module.psm1' # Version number of this module. - ModuleVersion = '0.2.8' + ModuleVersion = '0.2.9' # Supported PSEditions CompatiblePSEditions = @('Core') diff --git a/Harden-Windows-Security Module/version.txt b/Harden-Windows-Security Module/version.txt index 08456a479..d81f1c3fc 100644 --- a/Harden-Windows-Security Module/version.txt +++ b/Harden-Windows-Security Module/version.txt @@ -1 +1 @@ -0.2.8 \ No newline at end of file +0.2.9 \ No newline at end of file