Skip to content

WF Diagnostics v2.0.8b - Security Hardened Release

Choose a tag to compare

View all tags
@faratech faratech released this 29 Aug 05:58
· 132 commits to main since this release
v2.0.8b
ad00c8c

WF Diagnostics v2.0.8 Release Notes

πŸ”’ Major Security Enhancements

Comprehensive Security Hardening

  • Filesystem Access Control: Restricted to only required directories (AppData, temp files, user folders)
  • Command Execution Security: All system commands now go through validated secure execution
  • Input Validation: Comprehensive argument validation and sanitization for all diagnostic tools
  • PowerShell Security: Script content filtering prevents malicious operations

Security Architecture

  • 12 System Commands properly whitelisted and validated
  • 8 PowerShell Cmdlets allowed with content filtering
  • Command Injection Prevention: Complete elimination through strict whitelisting
  • Principle of Least Privilege: Filesystem access restricted to 6 specific directory patterns

🎯 User Experience Improvements

Enhanced Privilege Notifications

  • Clear Status Display: Shows exactly what functionality is available without admin privileges
  • Task Count Transparency: "22 of 27 diagnostic tasks available" when running as standard user
  • Specific Feature List: Details which 5 tasks require administrator privileges
  • Improved UI: Better visual hierarchy and informative messaging

Smart Privilege Model

  • Most Features Work Without Admin: 22+ diagnostic tasks fully functional for standard users
  • Optional Elevation: Easy "Restart as Administrator" for advanced features
  • Graceful Degradation: Application works excellently without requiring UAC prompts

πŸ› οΈ Diagnostic Tools Secured

All Commands Now Use Secure Execution

  • powershell - With script content validation for safe cmdlets only
  • dxdiag - DirectX diagnostics with validated parameters
  • ipconfig - Network configuration with argument restrictions
  • chkdsk - Disk check (admin-only, read-only scan)
  • dism - Windows image health (admin-only, health checking only)
  • verifier - Driver verifier settings (admin-only, query only)
  • powercfg - Battery reports with temp file validation
  • wmic - WMI queries (whitelisted classes only)
  • wevtutil - Event logs (System/Application only)
  • netstat - Network connections (read-only)
  • dsregcmd - Domain registration status

PowerShell Cmdlets Secured

  • Get-AppxPackage - Store applications
  • Get-ScheduledTask - Windows scheduled tasks
  • Get-HotFix - Windows updates and hotfixes
  • Get-Counter - Performance counters
  • Select-Object, Where-Object, ConvertTo-Json - Data processing
  • Repair-Volume - Read-only disk scanning (admin-only)

πŸ”§ Technical Improvements

Build System

  • Optimized Release Build: Link Time Optimization (LTO) enabled
  • Size Optimization: Stripped symbols for smaller binaries
  • Multiple Installers: Both MSI and NSIS packages available

Code Quality

  • Comprehensive Testing: All security features tested and validated
  • Error Handling: Robust fallback mechanisms for all diagnostic operations
  • Memory Safety: All unsafe operations properly validated

πŸ“‹ Administrator vs Standard User Features

βœ… Available to Standard Users (22+ Tasks)

  • System information and hardware analysis
  • Network configuration and connectivity
  • Installed programs and running processes
  • Event logs and system monitoring
  • Performance analysis and disk usage
  • Store apps and scheduled tasks
  • Windows update history

πŸ”’ Administrator-Only Features (5 Tasks)

  • Disk Check (chkdsk) - File system error checking
  • DISM Health - Windows image health validation
  • Battery Report - Hardware battery analysis
  • Driver Verifier - Driver verification settings
  • Minidump Analysis - BSOD crash dump access

πŸš€ Installation & Deployment

Package Options

  • MSI Installer: WF Diagnostics_2.0.8_x64_en-US.msi (4.4 MB)
  • NSIS Installer: WF Diagnostics_2.0.8_x64-setup.exe (3.2 MB)
  • Portable: wfdiag-tauri.exe (7.9 MB)

System Requirements

  • Operating System: Windows 10/11 (x64)
  • Privileges: Most features work without administrator privileges
  • Network: Optional (for AI analysis features)

πŸ”„ Migration Notes

From v2.0.7

  • Automatic: No configuration changes required
  • Enhanced Security: All existing functionality preserved with added security
  • UI Improvements: Better privilege status communication
  • Performance: Same diagnostic capabilities with security hardening

πŸ› Bug Fixes & Improvements

  • Fixed command execution security vulnerabilities
  • Improved error handling for privilege-restricted operations
  • Enhanced user feedback for non-administrator scenarios
  • Corrected version display consistency across UI components
  • Resolved compilation warnings and code quality issues

⚠️ Important Security Notes

  • Breaking Change: Direct command execution no longer possible (security improvement)
  • Behavioral Change: Some diagnostic tasks now properly respect Windows security model
  • Recommendation: Run as administrator only when advanced diagnostic features are needed
  • Migration: Existing diagnostic workflows continue to work with enhanced security

πŸ” Testing & Validation

  • βœ… All 27 diagnostic tasks tested and functional
  • βœ… Security restrictions validated and working
  • βœ… Cross-privilege testing completed
  • βœ… Installation packages verified
  • βœ… Performance impact minimal

For technical support or questions about this release, please refer to the documentation or create an issue in the project repository.

Assets 3
Loading