You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This update marks the release of the initial version of the graphical user interface (GUI) for the WDACConfig module. The application operates as a standalone tool, independent of PowerShell. It is called AppControl Manager and it offers the following key features:
Built using WinUI3/XAML/C#.
Powered by the WinAppSDK (formerly Project Reunion).
Packaged with the modern MSIX format.
Incorporates the Mica material design for backgrounds.
Adopts the Windows 11 Fluent design system.
Significantly faster execution and startup times.
0 required dependency.
0 third-party library or file used.
How To Install the AppControl Manager app
Use the following PowerShell command for Automated Installation
A familiar installation method, just like the Harden Windows Security module. Nothing else is needed to be done.
As demonstrated in the preview, several features have already been implemented. The application leverages WebView2, which comes pre-installed with Windows, to facilitate web rendering. I've included two convenient menu items that provide direct access to both App Control resources from this repository and official Microsoft documentation, ensuring guidance and support are always just two clicks or taps away.
Features Implemented So Far
Creating, configuring and deploying AllowMicrosoft policy
Creating, configuring and deploying SignedAndReputable policy (based on ISG)
Creating and deploying Microsoft recommended driver block rules
Creating and deploying Microsoft recommended user-mode block rules
Checking for secure policy settings on the system
Getting the Code Integrity hashes of the files (Authenticode hash and Page hash)
Adding/Changing/Removing User Configurations
Configure policy rule options
View deployed policies on the system (with filtering search)
Remove unsigned policies from the system
Quick access to App Control resources and documentations right within the app
More features will come very quickly in the near future.
Let's Talk Security and Threat Model
At this stage, security should be top of mind. Let's delve into how the recent developments, particularly the introduction of compiled binaries for the GUI, impact the overall security and threat model.
First and foremost, the PowerShell module will always remain available in its uncompiled form. This ensures flexibility for users who prefer or require it.
Additionally, the source code for the new MSIX-packaged AppControl Manager is fully accessible in this repository. Anyone can review the code and explore the complete Visual Studio solution provided, allowing you to easily create the MSIX package on your own.
Tip
Does this alter the threat model? Absolutely not. Here's why: When using the WDACConfig PowerShell module, you inherently grant it Administrator privileges. By doing so, you're already placing a level of trust in the module—demonstrated by running PowerShell as an Administrator and executing one of its cmdlets or commands in the terminal.
The same level of privilege applies to the new AppControl Manager application packaged in MSIX format. It will still require Administrator privileges for its operations, as it performs the same functions as the PowerShell version. In fact, 90% of the codebase remains unchanged.
Is using the MSIX package mandatory? Absolutely not. You can continue using the WDACConfig PowerShell module exactly as before—nothing has changed in that regard. The AppControl Manager application is simply a part of the development roadmap, and as promised, I'm actively working on it. Personally, this interface will make managing application controls on my systems, and those I manage, much more streamlined and easier.
Important
If you are an enterprise or business, you can have your security team code review the AppControl Manager application, and after fully verifying it, code sign it and use it in your environment.
Note
Question: Is the MSIX package pre-signed?
Answer: No.
Question: Can I (as a user) code sign it using my own certificate?
Answer: It's up to you.
If users choose to install it, the process involves generating a self-signed certificate on their device, which is then used to sign the MSIX package before installation.
This approach ensures a high level of security, as the certificate is unique to each device, and no one else has access to it. Furthermore, the certificate contains no private keys, meaning it cannot be used to sign anything else, adding an additional layer of protection.
Here is a quick technical rundown of the AppControl function that performs all of the required tasks automatically in a matter of seconds. No manual work is needed for the user to perform.
The script installs the WDACConfig MSIX package on the system.
It does so by securely generating a unique self-signed certificate on the user's system and then using it to sign the MSIX package.
Everything happens locally and no certificate comes from outside of the device.
The certificate is added to the Local Machine's Trust Root Certification Authorities Store with only public keys, ensuring no private key exists to be used to sign anything else.
Its existence with public key is needed so that you can use the WDACConfig app; without it the app will not launch as it will be considered untrusted by the system.
The 2 files, WDACConfig.dll and WDACConfig.exe inside of the MSIX app installation folder will be added to the Attack Surface Reduction rules exclusion list if they don't already exist in there, so the app will work properly.
The script creates a new directory in the TEMP directory for its operations and it will be deleted at the end of the script.
The script checks for the existence of any previous self-signed certificates generated by it and will remove them if it detects any, guaranteeing no unnecessary leftover remains on the user's system.
Summary
This is a new milestone in the development of the WDACConfig module. I'm personally learning a lot by doing it and the application I'm making is very useful for my needs and others I work with, by sharing it with the community, I'm hoping it will be useful for you too.
As I've thoroughly explained, the security model remains intact, decisions being made are based on logic and research with security in mind.
If you have any feedback or questions, feel free to share it. I'm always open to suggestions and improvements.
Other Changes
Changed the wording in all of the documents and codes to replace "Windows Defender Application Control" with "App Control" or "App Control for Business". This aligns the documentations with the Microsoft's as they also made the same changes to their documentations.
Updated the URLs for the Microsoft recommended block rules to point to the correct ones.
The Set-CiRuleOptions cmdlet has been removed. You can fully configure a policy in real-time using the new AppControl Manager. I received lots of feedbacks from users that the module and its cmdlets are too advanced or the learning curve is high, that's why the AppControl Manager, which has a full featured GUI, makes everything easier to use and there is essentially no learning curve for that.
Systematic reduction of PowerShell code and transitioning to modern C# code for improved interoperability and robustness which also unlocks many new possibilities.
Improved startup speed of the WDACConfig module and all its cmdlets.
WDAC Simulation has become significantly faster.
The WDACConfig module now automatically creates log files and stores them in the secure location inside of the WDACConfig folder in Program files. The size of that folder never gets bigger than 100MB due to the checks implemented, if it does, the folder is automatically emptied. You will be able to modify this limit in the settings in a future update.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Introduction of the Modern GUI for WDACConfig
This update marks the release of the initial version of the graphical user interface (GUI) for the WDACConfig module. The application operates as a standalone tool, independent of PowerShell. It is called AppControl Manager and it offers the following key features:
How To Install the AppControl Manager app
Use the following PowerShell command for Automated Installation
A familiar installation method, just like the Harden Windows Security module. Nothing else is needed to be done.
Here is a preview of it
As demonstrated in the preview, several features have already been implemented. The application leverages WebView2, which comes pre-installed with Windows, to facilitate web rendering. I've included two convenient menu items that provide direct access to both App Control resources from this repository and official Microsoft documentation, ensuring guidance and support are always just two clicks or taps away.
Features Implemented So Far
More features will come very quickly in the near future.
Let's Talk Security and Threat Model
At this stage, security should be top of mind. Let's delve into how the recent developments, particularly the introduction of compiled binaries for the GUI, impact the overall security and threat model.
First and foremost, the PowerShell module will always remain available in its uncompiled form. This ensures flexibility for users who prefer or require it.
Additionally, the source code for the new MSIX-packaged AppControl Manager is fully accessible in this repository. Anyone can review the code and explore the complete Visual Studio solution provided, allowing you to easily create the MSIX package on your own.
Tip
Does this alter the threat model? Absolutely not. Here's why: When using the WDACConfig PowerShell module, you inherently grant it Administrator privileges. By doing so, you're already placing a level of trust in the module—demonstrated by running PowerShell as an Administrator and executing one of its cmdlets or commands in the terminal.
The same level of privilege applies to the new AppControl Manager application packaged in MSIX format. It will still require Administrator privileges for its operations, as it performs the same functions as the PowerShell version. In fact, 90% of the codebase remains unchanged.
Is using the MSIX package mandatory? Absolutely not. You can continue using the WDACConfig PowerShell module exactly as before—nothing has changed in that regard. The AppControl Manager application is simply a part of the development roadmap, and as promised, I'm actively working on it. Personally, this interface will make managing application controls on my systems, and those I manage, much more streamlined and easier.
Important
If you are an enterprise or business, you can have your security team code review the AppControl Manager application, and after fully verifying it, code sign it and use it in your environment.
Note
Question: Is the MSIX package pre-signed?
Answer: No.
Question: Can I (as a user) code sign it using my own certificate?
Answer: It's up to you.
If users choose to install it, the process involves generating a self-signed certificate on their device, which is then used to sign the MSIX package before installation.
This approach ensures a high level of security, as the certificate is unique to each device, and no one else has access to it. Furthermore, the certificate contains no private keys, meaning it cannot be used to sign anything else, adding an additional layer of protection.
Here is a quick technical rundown of the AppControl function that performs all of the required tasks automatically in a matter of seconds. No manual work is needed for the user to perform.
Summary
This is a new milestone in the development of the WDACConfig module. I'm personally learning a lot by doing it and the application I'm making is very useful for my needs and others I work with, by sharing it with the community, I'm hoping it will be useful for you too.
As I've thoroughly explained, the security model remains intact, decisions being made are based on logic and research with security in mind.
If you have any feedback or questions, feel free to share it. I'm always open to suggestions and improvements.
Other Changes
Changed the wording in all of the documents and codes to replace "Windows Defender Application Control" with "App Control" or "App Control for Business". This aligns the documentations with the Microsoft's as they also made the same changes to their documentations.
Updated the URLs for the Microsoft recommended block rules to point to the correct ones.
The
Set-CiRuleOptionscmdlet has been removed. You can fully configure a policy in real-time using the new AppControl Manager. I received lots of feedbacks from users that the module and its cmdlets are too advanced or the learning curve is high, that's why the AppControl Manager, which has a full featured GUI, makes everything easier to use and there is essentially no learning curve for that.Systematic reduction of PowerShell code and transitioning to modern C# code for improved interoperability and robustness which also unlocks many new possibilities.
Improved startup speed of the WDACConfig module and all its cmdlets.
WDAC Simulation has become significantly faster.
The WDACConfig module now automatically creates log files and stores them in the secure location inside of the WDACConfig folder in Program files. The size of that folder never gets bigger than 100MB due to the checks implemented, if it does, the folder is automatically emptied. You will be able to modify this limit in the settings in a future update.
PR: #345
This discussion was created from the release WDACConfig 0.4.6 + AppControl Manager 1.0.0.0.
Beta Was this translation helpful? Give feedback.
All reactions