WDACConfig update 0.2.2

Author: HotCakeX

WDACConfig/ArgumentCompleters.ps1

@@ -1,8 +1,3 @@
-# argument tab auto-completion for SignToolPath param to show only .exe files in the current directory
-[scriptblock]$ArgumentCompleterSignToolPath = {
-    Get-ChildItem | Where-Object { $_.extension -like '*.exe' } | ForEach-Object { return "`"$_`"" }
-}
-
 # argument tab auto-completion for CertPath param to show only .cer files in current directory and 2 sub-directories recursively
 [scriptblock]$ArgumentCompleterCertPath = {
     # Note the use of -Depth 1

WDACConfig/Deploy-SignedWDACConfig.psm1

@@ -24,6 +24,8 @@ function Deploy-SignedWDACConfig {
 
         [parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true)]
         [System.String]$SignToolPath,
+
+        [Parameter(Mandatory = $false)][Switch]$SignOnly,
 
         [Parameter(Mandatory = $false)][Switch]$SkipVersionCheck
     )
@@ -132,26 +134,36 @@ function Deploy-SignedWDACConfig {
 
             Remove-Item ".\$PolicyID.cip" -Force            
             Rename-Item "$PolicyID.cip.p7" -NewName "$PolicyID.cip" -Force
-            CiTool --update-policy ".\$PolicyID.cip" -json | Out-Null
-            Write-Host "`npolicy with the following details has been Signed and Deployed in Enforced Mode:" -ForegroundColor Green        
-            Write-Output "PolicyName = $PolicyName"
-            Write-Output "PolicyGUID = $PolicyID`n"
-            Remove-Item -Path ".\$PolicyID.cip" -Force
-
-            # Ask user question about whether or not to add the Signed policy xml file to the User Config Json for easier usage later
-            $userInput = ''
-            while ($userInput -notin 1, 2) {
-                $userInput = $(Write-Host 'Add the Signed policy xml file path just created to the User Configurations? Please enter 1 to Confirm or 2 to Skip.' -ForegroundColor Cyan ; Read-Host) 
-                if ($userInput -eq 1) {
-                    Set-CommonWDACConfig -SignedPolicyPath $PolicyPath
-                    &$WriteViolet "Added $PolicyPath to the User Configuration file."             
-                }
-                elseif ($userInput -eq 2) {                    
-                    &$WritePink 'Skipping...'                  
+
+            if (!$SignOnly) {
+
+                CiTool --update-policy ".\$PolicyID.cip" -json | Out-Null
+                Write-Host "`npolicy with the following details has been Signed and Deployed in Enforced Mode:" -ForegroundColor Green        
+                Write-Output "PolicyName = $PolicyName"
+                Write-Output "PolicyGUID = $PolicyID`n"
+                Remove-Item -Path ".\$PolicyID.cip" -Force
+
+                # Ask user question about whether or not to add the Signed policy xml file to the User Config Json for easier usage later
+                $userInput = ''
+                while ($userInput -notin 1, 2) {
+                    $userInput = $(Write-Host 'Add the Signed policy xml file path just created to the User Configurations? Please enter 1 to Confirm or 2 to Skip.' -ForegroundColor Cyan ; Read-Host) 
+                    if ($userInput -eq 1) {
+                        Set-CommonWDACConfig -SignedPolicyPath $PolicyPath
+                        &$WriteViolet "Added $PolicyPath to the User Configuration file."             
+                    }
+                    elseif ($userInput -eq 2) {                    
+                        &$WritePink 'Skipping...'                  
+                    }
+                    else {
+                        Write-Warning 'Invalid input. Please enter 1 or 2 only.'
+                    }               
                 }
-                else {
-                    Write-Warning 'Invalid input. Please enter 1 or 2 only.'
-                }               
+            }
+
+            else {            
+                Write-Host "`npolicy with the following details has been Signed and is ready for deployment:" -ForegroundColor Green
+                Write-Output "PolicyName = $PolicyName"
+                Write-Output "PolicyGUID = $PolicyID`n"
             }
         }
     }
@@ -184,6 +196,9 @@ Certificate common name
 .PARAMETER SignToolPath
 Path to the SignTool.exe - optional parameter
 
+.PARAMETER SignOnly
+Indicates that the cmdlet only signs the WDAC policy and will not deploy it to the system. Useful for when you want to deploy it elsewhere.
+
 .PARAMETER SkipVersionCheck
 Can be used with any parameter to bypass the online version check - only to be used in rare cases
 
@@ -197,4 +212,4 @@ Set-PSReadLineKeyHandler -Key Tab -Function MenuComplete
 Register-ArgumentCompleter -CommandName 'Deploy-SignedWDACConfig' -ParameterName 'CertCN' -ScriptBlock $ArgumentCompleterCertificateCN
 Register-ArgumentCompleter -CommandName 'Deploy-SignedWDACConfig' -ParameterName 'PolicyPaths' -ScriptBlock $ArgumentCompleterPolicyPaths
 Register-ArgumentCompleter -CommandName 'Deploy-SignedWDACConfig' -ParameterName 'CertPath' -ScriptBlock $ArgumentCompleterCertPath
-Register-ArgumentCompleter -CommandName 'Deploy-SignedWDACConfig' -ParameterName 'SignToolPath' -ScriptBlock $ArgumentCompleterSignToolPath
+Register-ArgumentCompleter -CommandName 'Deploy-SignedWDACConfig' -ParameterName 'SignToolPath' -ScriptBlock $ArgumentCompleterExeFilePathsPicker

WDACConfig/Edit-SignedWDACConfig.psm1

@@ -1,4 +1,4 @@
-#Requires -RunAsAdministrator 
+#Requires -RunAsAdministrator
 function Edit-SignedWDACConfig {
     [CmdletBinding(
         DefaultParameterSetName = 'Allow New Apps Audit Events',
@@ -256,7 +256,7 @@ function Edit-SignedWDACConfig {
             # The notice about variable being assigned and never used should be ignored - it's being dot-sourced from Resources file
             [datetime]$Date = Get-Date
             # An empty array that holds the Policy XML files - This array will eventually be used to create the final Supplemental policy
-            [System.Array]$PolicyXMLFilesArray = @()
+            [System.Object[]]$PolicyXMLFilesArray = @()
 
             ################################### Initiate Live Audit Mode ###################################
 
@@ -333,9 +333,9 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
                     &$WritePink "`nAudit mode deployed, start installing your programs now"
                     &$WriteViolet "When you've finished installing programs, Press Enter to start selecting program directories to scan`n"
                     Pause
-
+                    
                     # Store the program paths that user browses for in an array
-                    [System.Array]$ProgramsPaths = @()
+                    [System.Object[]]$ProgramsPaths = @()
                     Write-Host "`nSelect program directories to scan" -ForegroundColor Cyan
                     # Showing folder picker GUI to the user for folder path selection
                     do {
@@ -469,7 +469,7 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
                     # Any other attempts such as "Get-FileHash" or "Get-AuthenticodeSignature" fail and ConfigCI Module cmdlets totally ignore these files and do not create allow rules for them
 
                     # Finding the file(s) first and storing them in an array
-                    [System.Array]$ExesWithNoHash = @()
+                    [System.Object[]]$ExesWithNoHash = @()
                     # looping through each user-selected path(s)
                     foreach ($ProgramsPath in $ProgramsPaths) {
                         # Making sure the currently processing path has any .exe in it
@@ -621,7 +621,7 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
             Remove-Item -Path '.\ProgramDir_ScanResults*.xml' -Force -ErrorAction SilentlyContinue
             Remove-Item -Path ".\SupplementalPolicy$SuppPolicyName.xml" -Force -ErrorAction SilentlyContinue
             # An empty array that holds the Policy XML files - This array will eventually be used to create the final Supplemental policy
-            [System.Array]$PolicyXMLFilesArray = @()
+            [System.Object[]]$PolicyXMLFilesArray = @()
 
             #Initiate Live Audit Mode
 
@@ -700,7 +700,7 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
                     Pause
 
                     # Store the program paths that user browses for in an array
-                    [System.Array]$ProgramsPaths = @()
+                    [System.Object[]]$ProgramsPaths = @()
                     Write-Host "`nSelect program directories to scan`n" -ForegroundColor Cyan
                     # Showing folder picker GUI to the user for folder path selection
                     do {
@@ -910,8 +910,6 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
                     New-Item -Path "$env:TEMP\TemporarySignToolFile" -ItemType Directory -Force | Out-Null
                     Copy-Item -Path $SignToolPathFinal -Destination "$env:TEMP\TemporarySignToolFile" -Force
                     New-CIPolicy -ScanPath "$env:TEMP\TemporarySignToolFile" -Level FilePublisher -Fallback Hash -UserPEs -UserWriteablePaths -MultiplePolicyFormat -AllowFileNameFallbacks -FilePath .\SignTool.xml
-                    # Due to a bug Have to repeat this process twice: https://github.com/MicrosoftDocs/WDAC-Toolkit/issues/278
-                    New-CIPolicy -ScanPath "$env:TEMP\TemporarySignToolFile" -Level FilePublisher -Fallback Hash -UserPEs -UserWriteablePaths -MultiplePolicyFormat -AllowFileNameFallbacks -FilePath .\SignTool.xml
                     # Delete the Temporary folder in the TEMP folder
                     if (!$Debug) { Remove-Item -Recurse -Path "$env:TEMP\TemporarySignToolFile" -Force }
 
@@ -1025,6 +1023,6 @@ Can be used with any parameter to bypass the online version check - only to be u
 Set-PSReadLineKeyHandler -Key Tab -Function MenuComplete
 Register-ArgumentCompleter -CommandName 'Edit-SignedWDACConfig' -ParameterName 'CertCN' -ScriptBlock $ArgumentCompleterCertificateCN
 Register-ArgumentCompleter -CommandName 'Edit-SignedWDACConfig' -ParameterName 'CertPath' -ScriptBlock $ArgumentCompleterCertPath
-Register-ArgumentCompleter -CommandName 'Edit-SignedWDACConfig' -ParameterName 'SignToolPath' -ScriptBlock $ArgumentCompleterSignToolPath
+Register-ArgumentCompleter -CommandName 'Edit-SignedWDACConfig' -ParameterName 'SignToolPath' -ScriptBlock $ArgumentCompleterExeFilePathsPicker
 Register-ArgumentCompleter -CommandName 'Edit-SignedWDACConfig' -ParameterName 'PolicyPaths' -ScriptBlock $ArgumentCompleterPolicyPathsBasePoliciesOnly
 Register-ArgumentCompleter -CommandName 'Edit-SignedWDACConfig' -ParameterName 'SuppPolicyPaths' -ScriptBlock $ArgumentCompleterPolicyPathsSupplementalPoliciesOnly

WDACConfig/Edit-WDACConfig.psm1

@@ -189,7 +189,7 @@ function Edit-WDACConfig {
             Remove-Item -Path '.\ProgramDir_ScanResults*.xml' -Force -ErrorAction SilentlyContinue
             Remove-Item -Path ".\SupplementalPolicy$SuppPolicyName.xml" -Force -ErrorAction SilentlyContinue    
             # An empty array that holds the Policy XML files - This array will eventually be used to create the final Supplemental policy
-            [System.Array]$PolicyXMLFilesArray = @()
+            [System.Object[]]$PolicyXMLFilesArray = @()
 
             #Initiate Live Audit Mode
 
@@ -267,7 +267,7 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
                     Pause
 
                     # Store the program paths that user browses for in an array
-                    [System.Array]$ProgramsPaths = @()
+                    [System.Object[]]$ProgramsPaths = @()
                     Write-Host "`nSelect program directories to scan" -ForegroundColor Cyan
                     # Showing folder picker GUI to the user for folder path selection
                     do {
@@ -393,7 +393,7 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
             # The notice about variable being assigned and never used should be ignored - it's being dot-sourced from Resources file
             [datetime]$Date = Get-Date
             # An empty array that holds the Policy XML files - This array will eventually be used to create the final Supplemental policy
-            [System.Array]$PolicyXMLFilesArray = @()
+            [System.Object[]]$PolicyXMLFilesArray = @()
 
             ################################### Initiate Live Audit Mode ###################################
 
@@ -450,7 +450,7 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
                     Pause                 
 
                     # Store the program paths that user browses for in an array
-                    [System.Array]$ProgramsPaths = @()
+                    [System.Object[]]$ProgramsPaths = @()
                     Write-Host "`nSelect program directories to scan`n" -ForegroundColor Cyan
                     # Showing folder picker GUI to the user for folder path selection
                     do {
@@ -584,7 +584,7 @@ CiTool --update-policy "$((Get-Location).Path)\$PolicyID.cip" -json; Remove-Item
                     # Any other attempts such as "Get-FileHash" or "Get-AuthenticodeSignature" fail and ConfigCI Module cmdlets totally ignore these files and do not create allow rules for them
 
                     # Finding the file(s) first and storing them in an array
-                    [System.Array]$ExesWithNoHash = @()
+                    [System.Object[]]$ExesWithNoHash = @()
                     # looping through each user-selected path(s)
                     foreach ($ProgramsPath in $ProgramsPaths) {
                         # Making sure the currently processing path has any .exe in it

WDACConfig/Invoke-WDACSimulation.psm1

@@ -33,7 +33,7 @@ function Invoke-WDACSimulation {
 
         if ($FolderPath) {
             # Store the results of the Signed files
-            [System.Array]$SignedResult = @()
+            [System.Object[]]$SignedResult = @()
             # Get all of the files that WDAC supports from the user provided directory
             $CollectedFiles = (Get-ChildItem -Recurse -Path $FolderPath -File -Include '*.sys', '*.exe', '*.com', '*.dll', '*.ocx', '*.msp', '*.mst', '*.msi', '*.js', '*.vbs', '*.ps1', '*.appx').FullName
 
@@ -134,7 +134,7 @@ function Invoke-WDACSimulation {
             }
 
             # Create an empty array to store the output objects
-            [System.Array]$FinalAllowedFilesOutputObject = @()
+            [System.Object[]]$FinalAllowedFilesOutputObject = @()
 
             # Loop through the first array and create output objects with the file path and source
             foreach ($path in $Hashresults) {

WDACConfig/New-DenyWDACConfig.psm1

@@ -90,7 +90,7 @@ function New-DenyWDACConfig {
             # remove any possible files from previous runs
             Remove-Item -Path '.\ProgramDir_ScanResults*.xml' -Force -ErrorAction SilentlyContinue
             # An array to hold the temporary xml files of each user-selected folders
-            [System.Array]$PolicyXMLFilesArray = @()
+            [System.Object[]]$PolicyXMLFilesArray = @()
 
             ######################## Process Program Folders From User input #####################
             for ($i = 0; $i -lt $ScanLocations.Count; $i++) {
@@ -163,7 +163,7 @@ function New-DenyWDACConfig {
         elseif ($Drivers) {           
 
             powershell.exe {
-                [System.Array]$DriverFilesObject = @()
+                [System.Object[]]$DriverFilesObject = @()
                 # loop through each user-selected folder paths
                 foreach ($ScanLocation in $args[0]) {
                     # DriverFile object holds the full details of all of the scanned drivers - This scan is greedy, meaning it stores as much information as it can find

WDACConfig/New-WDACConfig.psm1

@@ -460,7 +460,7 @@ function New-WDACConfig {
             [System.String]$path = 'windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md'
 
             [System.String]$ApiUrl = "https://api.github.com/repos/$owner/$repo/commits?path=$path"
-            [System.Array]$Response = Invoke-RestMethod $ApiUrl
+            [System.Object[]]$Response = Invoke-RestMethod $ApiUrl
             [datetime]$Date = $Response[0].commit.author.date
 
             &$WriteLavender "`nThe document containing the drivers block list on GitHub was last updated on $Date"