search

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
https://hotcakex.github.io
MIT License
1.87k stars 148 forks source link

[Bug]: After running the script in full, windows defender shows "You don't have the proper permission to view the page" in the exclusions page #151

Closed agpt8 closed 1 year ago

agpt8 commented 1 year ago

Tools category

Harden Windows Security Module

Does your system meet the requirements?

Is your Windows installation genuine?

Please explain the bug

I ran the script in full recently. While working on a development task, the Attack surface reduction rule blocked me from running pip.exe in my virtual environment. I went into Windows Defender exclusions page to add an exclusion but it shows the following to me. image

After researching the issue a little, I also found that it wont let me view the Controlled Folder Access exclusion page as well, showing me the same message as above.

Running Get-MpPreference on elevated powershell shows N/A: Administrators are not allowed to view exclusions for a lot of entries for some reason. I have attached the entire Get-MpPerference output as a text file for your reference.

The only setting I changed after running the script was to reenable the Performance mode on Dev Drive using Set-MpPreference -PerformanceModeStatus Enabled. Reversing this didn't change anything.

How can I fix this issue on my machine? mp_perference.txt

HotCakeX commented 1 year ago

Hi, This is a new policy added in Microsoft Security Baselines that hides the exclusions list from the local admin. I will create a new policy and add it to the optional overrides today

image
HotCakeX commented 1 year ago

By the way your exclusion list is not gone, they are just hidden. After that policy is set to not configured they will be visible again.

agpt8 commented 1 year ago

Ahh yes! Changing it to Not Configured fixed the issue! Thank you! And yes, I see the preconfigured apps in the Allow list as well!

HotCakeX commented 1 year ago

You're welcome and sorry for releasing the 23H2 update without adding that to the overrides

agpt8 commented 1 year ago

No issues! Thank you for helping resolve this issue so quickly! πŸ˜ƒ

HotCakeX commented 1 year ago

Hi, the issue is now fixed, thanks for reporting it, please run the script or module again and use the optional overrides in the Microsoft Security Baselines category.

Release notes: https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.2.3