Adding support for custom file path rule creation #624
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File path rules now work for non-admin protected folders such as Desktop folder.
1 task
Added a deploy toggle button to the Configure policy rule options page. File Publisher and Hash rule types created in the XML file will no longer have the file path in the FriendlyName field. This is to make the generated policy more generic for mass deployments. Added the ability to create custom pattern-based file rule based Supplemental and Deny policies.
There was a problem hiding this comment.
PR Overview
This PR adds support for creating custom file path rules using pattern‐based definitions while also updating related UI elements and XML policy generation logic. Key changes include:
- New UI elements and event handlers for custom pattern–based file rules (both Deny and Supplemental policies).
- Updates to XML operations and logger messages, including adjustments to rule FriendlyNames.
- Enhancements to the ScanLevels enum and SignerAndHashBuilder to process custom file rule patterns.
Reviewed Changes
| File | Description |
|---|---|
| AppControl Manager/CustomUIElements/CustomPatternBasedFilePath.xaml.cs | Introduces a new ContentDialog with examples for custom file path patterns (note potential collection initializer syntax issue). |
| AppControl Manager/Pages/CreateDenyPolicy.xaml.cs | Adds a new region for custom pattern–based file rules with deploy toggle and policy name events. |
| AppControl Manager/Pages/ConfigurePolicyRuleOptions.xaml.cs | Incorporates a deploy toggle that automatically converts policies if selected. |
| AppControl Manager/IntelGathering/ScanLevels.cs | Updates the ScanLevels enum to include a new value for custom file rule patterns. |
| AppControl Manager/XMLOps/SignerAndHashBuilder.cs | Enhances the builder to separate and process custom file rule patterns from other file data. |
| AppControl Manager/XMLOps/NewFilePublisherLevelRules.cs, NewFilePathRules.cs, NewHashLevelRules.cs | Standardizes FriendlyName attributes to use static text instead of file names. |
| AppControl Manager/App.xaml.cs | Changes access modifier for MainWindow from public to internal. |
| AppControl Manager/Pages/CreateSupplementalPolicy.xaml.cs | Removes extraneous formatting and adds support for creating Supplemental policies based on custom file rule patterns. |
Copilot reviewed 16 out of 16 changed files in this pull request and generated 2 comments.
Bumped version to 1.9.3.0 Added toggle buttons to the Create AppControl Policy that allows you to create the base policies with creation/deploying the Microsoft recommended (user-mode) block rules. Improved the resiliency of installed packaged apps list retrieval.
Some of the info bars in the Create Supplemental Policy page weren't closable at the end of the operation, that's fixed now. re-attached the event handler to the main scrollveiwer in the deny policy creation page. Fixed toggle buttons in the create base policy page.
All CIP files generated for supplemental and deny policies have the same file name that you select as policy name, making it easier to identify them in the user configurations directory. Previously the CIP files would have the ID (GUID format) which made it hard to recognize which XML or policy they belonged to. When creating Supplemental or Deny policies, if you choose to deploy them, only the XML policy file will exist in the AppControl Manager directory in Program Files, but if you do not toggle the Deploy button, then the CIP file will also exist in the AppControl Manager directory. This makes it easier for you to use the CIP file on another system. Both the XML and CIP files will have the same name, easy to recognize, and it's the same name you select for the policy. Made the same change to the Allow New Apps page at the final step (Step 3) when you create to deploy the supplemental policy. Improved the ListViews for Supplemental and Deny policy creations. The total logs/files are now updated when user is on those pages.
will be enabling this after sidebar support has been added
There was a problem hiding this comment.
PR Overview
This PR introduces support for custom file path rule creation along with several UI and policy deployment enhancements. Key changes include updating the file path rule options for non-admin folders, adding deploy toggle buttons to simplify policy creation/deployment, and refining policy filename handling for mass deployment.
Reviewed Changes
| File | Description |
|---|---|
| AppControl Manager/Others/GetAppsList.cs | New helper class added to retrieve packaged apps, with a couple of syntactical issues in list initializations and return statements. |
| AppControl Manager/CustomUIElements/CustomPatternBasedFilePath.xaml.cs | Added custom pattern examples for file paths; however, improper collection initializer syntax is used. |
| AppControl Manager/Pages/CreateDenyPolicy.xaml.cs | Updates on CIP conversion logic and policy deployment flow. |
| AppControl Manager/Pages/ConfigurePolicyRuleOptions.xaml.cs | Minor adjustments to load policy options on file selection. |
| AppControl Manager/IntelGathering/ScanLevels.cs | Added new ScanLevels enum value for custom file rule patterns. |
| AppControl Manager/Pages/StrictKernelPolicyScanResults.xaml.cs, Logs.xaml.cs, App.xaml.cs, MicrosoftDocumentation.xaml.cs, GitHubDocumentation.xaml.cs | Improvements to navigation caching and minor refactors. |
| AppControl Manager/Pages/AllowNewApps/AllowNewAppsStart.xaml.cs, BasePolicyCreator.cs, CreatePolicy.xaml.cs | Enhancements to policy build/deploy routines and updated parameter handling, including a typo in variable names. |
Copilot reviewed 27 out of 27 changed files in this pull request and generated 4 comments.
Fixed typo in button code name
HotCakeX
deleted the
Adding-support-for-custom-file-path-rule-creation
branch
|
Awesome! Thanks for this @HotCakeX |
You're welcome ^^ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
File path rules now work for non-admin protected folders such as Desktop folder. In the Create Supplemental Policy page, if the scan level is set to
File PathorWildcard File Path, a new rule option calledDisabled:Runtime FilePath Rule Protectionwill be added so that you can use file path rules to allow files in non-admin protected paths to run.Added a deploy toggle button to the Configure policy rule options page. Related discussion
File Publisher and Hash rule types created in the XML file will no longer have the file path in the
FriendlyNamefield. This is to make the generated policy more generic for mass deployments. Related discussionAdded the ability to create custom pattern-based file-rule-based Supplemental and Deny policies. Related feature request. You can use this feature to create sophisticated allow/deny rules for very dynamic situations.
Bumped version to
1.9.3.0Added toggle buttons to the Create AppControl Policy that allows you to create/deploy the base policies without creation/deploying the Microsoft recommended (user-mode) block rules.
Improved the resiliency of installed packaged apps list retrieval.
In the Configure Policy Rule Options page, when you assign an XML file path to the page using the Sidebar button, its rule options will be automatically retrieved and displayed to you. Previously this would only work when you used the Browse button in the page itself.
Some of the info bars in the Create Supplemental Policy page weren't closable at the end of the operation, that's fixed now.
All CIP files generated for supplemental and deny policies have the same file name that you select as policy name, making it easier to identify them in the user configurations directory. Previously the CIP files would have the ID (GUID format) which made it hard to recognize which XML or policy they belonged to.
When creating Supplemental or Deny policies, if you choose to deploy them, only the XML policy file will exist in the
AppControl Managerdirectory inProgram Files, but if you do not toggle the Deploy button, then the CIP file will also exist in theAppControl Managerdirectory. This makes it easier for you to use the CIP file on another system. Both the XML and CIP files will have the same name, easy to recognize, and it's the same name you select for the policy.When user is already inside of the scan results pages for supplemental and deny policies, the total logs/files count is now updated in real time.