AppControl Manager v1.3.0.0 and WDACConfig v0.4.9

[HotCakeX]

What's New

Excited to announce another major update for the AppControl Manager app, introducing enhanced features that bring more capabilities to a modern, GUI-based experience.

Important

How To Install: Copy and Paste this command in an elevated PowerShell. (Technical explanation available here)

(irm 'https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/Harden-Windows-Security.ps1')+'AppControl'|iex

Note

Every new feature introduced in AppControl Manager is significantly faster than its counterpart in the WDACConfig module, thanks to optimized algorithms and improved logic. For instance, if scanning hundreds of thousands of event logs would previously take 5 minutes in the module, now completes in just 30~ seconds with AppControl Manager. The same thing is true for local file scans, and MDE Advanced Hunting log scans.

Tip

If you already have the AppControl Manager installed, simply go to the Update section and press the button to auto update to the latest version. Read more about the process in here

Brand new documents, videos and tutorials will be added to the repository and YouTube channel for the AppControl Manager in the near future.

New Features in AppControl Manager

• Easily create policies directly from local event logs, enhanced with advanced filtering and search capabilities.

• Import EVTX log files to create policies, also featuring advanced filtering and search capabilities.

• Generate policies using MDE Advanced Hunting logs with powerful filtering and search options.

• Effortlessly allow files or apps blocked by the system. This functionality mirrors the Edit-WDACConfig -AllowNewApps command previously available in the WDACConfig module.

• Switch the app's theme independently of the system theme.

• Choose between Mica, MicaAlt, or Acrylic for the app's backdrop to tailor the overall visual experience.

• Introduced a darker background option for a striking aesthetic, particularly when paired with MicaAlt.

• Enable sound effects for navigation and regular app interactions, adding an immersive experience.

• Your app settings are now saved, so you won't need to reconfigure them every time you launch the app.

• Redesigned the Simulation page for a better user experience.

• Added concise descriptions to each page for quick contextual understanding.

• Implemented a search bar with auto-suggestions to streamline main navigation.

• New navigation customization in settings: switch between left and top navigation styles.

Note

It's probably worth mentioning that all of the methods and algorithms used for scans, either MDE AH, event logs or Local file scans, are unique and built specifically for AppControl Manager, more on that later.

Technical Changes

• Replaced most DLLImports with LibraryImports as part of the initiative to support Native AOT (Ahead-of-Time Compilation). This transition enhances compatibility with Arbitrary Code Guard (ACG) exploit protection.

• Bumped .NET to version 9 stable.

• Implemented and enforced additional code security and style guidelines.

• Transitioned certain Windows API calls from AdvApi32 to modern Bcrypt and CNG Crypto APIs for better security and performance.

• Changed the way AppIdentity service would be started to use a more native method, again in order to make the app more compatible with Native AOT requirements.

• Switched all in-line regex expressions to source-generated compiled ones for improved performance.

Changes to the WDACConfig Module

The jobs of the following parameters or cmdlets have been removed. If you attempt to use them, you will see a notice and a link to the AppControl Manager app. The new app offers so much more capabilities that simply cannot be implemented in PowerShell.

• ConvertTo-WDACPolicy
• Edit-WDACConfig -AllowNewApps
• Invoke-WDACSimulation

Upcoming changes to the WDACConfig Module

The following cmdlets/functions will be completely removed as their jobs will be integrated with the AppControl Manager for a superior experience. This change happens in the next version, currently targeting version 1.4.0.0. Be sure that all of their features will be completely implemented in the AppControl Manager before they are removed, so you will not experience any absence of feature.

• Edit-WDACConfig
• Edit-SignedWDACConfig
• New-SupplementalWDACConfig
• New-DenyWDACConfig
• Get-CiFileHashes
• Get-CIPolicySetting
• ConvertTo-WDACPolicy
• Set-CommonWDACConfig
• Remove-CommonWDACConfig
• Get-CommonWDACConfig
• New-KernelModeWDACConfig
• Invoke-WDACSimulation

If you wish to stay on version 0.4.8.2 or 0.4.9, you can disable auto update check in WDACConfig module using the following command:

Set-CommonWDACConfig -AutoUpdate $false

Closes #394

[WildByDesign]

@HotCakeX This might not be the most appropriate place to post this, but your GUI-related work with AppControl Manager is absolutely fantastic! This is so incredibly thorough and feature packed that my jaw is literally still on the floor.

Great work! Speechless.

[HotCakeX]

@WildByDesign Thank you so much, appreciate it ^^
So much more coming soon 😊