Closed testmmo closed 1 month ago
Hi, Yes, I have an article about it on how you can fix it, it's a one-liner
Get-ChildItem -Recurse -Path "C:\Users\$env:username\AppData\Local\GitHubDesktop\*\resources\app\git\*.exe" | ForEach-Object -Process { Set-ProcessMitigation -Name $_.Name -Disable ForceRelocateImages }
I can make the script detect if GitHub desktop is installed and automatically run that command when ASLR is on. Are you okay with that?
There is no other way around it because git executables are just poorly made and not compatible with ASLR.
Yes that was the fix thanks. I originally searched and checked readme but guess didn't dig deep enough.
Probably should auto run it if github installed as part of the script. Don't see reason why anyone would not do the fix.
Yes that was the fix thanks. I originally searched and checked readme but guess didn't dig deep enough.
Probably should auto run it if github installed as part of the script. Don't see reason why anyone would not do the fix.
thanks for the feedback, i'll implement that
Hi, i just implemented this feature https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.4.6
Great thanks for the update.
Few other things. i think C:\Program Files\WSL\wsl.exe should be allowed for ASR. Not sure why microsoft blocks when it is their own software.
Exception calling "PrepDownloadedFiles" with "4" argument(s): "One or more errors occurred. (The directory 'C:\Users\XXX\AppData\Local\Temp\HardeningXStuff' does not exist.)" I created that manually to fix. But when doing from module and running as admin probably can give option to create it.
Exception calling "RequirementsCheck" with "0" argument(s): "Microsoft Defender is running in Passive Mode state, please remove any 3rd party AV and then try again." I see this doesn't work along malwarebytes anymore. I trust this more but its unfortunate we can't run both as I have seen MB catch things that MS hasn't. I had to uninstall MB to get your latest changes.
lastly i like the new pics that are more professional to me.
Great thanks for the update.
Few other things. i think C:\Program Files\WSL\wsl.exe should be allowed for ASR. Not sure why microsoft blocks when it is their own software.
- Exception calling "PrepDownloadedFiles" with "4" argument(s): "One or more errors occurred. (The directory 'C:\Users\XXX\AppData\Local\Temp\HardeningXStuff' does not exist.)" I created that manually to fix. But when doing from module and running as admin probably can give option to create it.
- Exception calling "RequirementsCheck" with "0" argument(s): "Microsoft Defender is running in Passive Mode state, please remove any 3rd party AV and then try again." I see this doesn't work along malwarebytes anymore. I trust this more but its unfortunate we can't run both as I have seen MB catch things that MS hasn't. I had to uninstall MB to get your latest changes.
lastly i like the new pics that are more professional to me.
The required directory is automatically created, you don't need to create it yourself. What you experienced most likely was caused by the 3rd party antivirus. I can't reproduce this problem in any system or tests.
Wsl.exe blocked by ASR or ASLR? if ASR then which rule is blocking it?
What specifically doesn't Microsoft Defender catch after applying the hardening measures in this repo, but some other 3rd party AV does?
Ok sounds good yes must have been other av.
Actually it was old log. So I think everything is fine as WSL has been working well.
That ASR rule is set to warn + block so it displays notifications and allows you to click/tap on it to unblock the blocked program, i did that because that ASR rule is still in preview phase so false positives are expected.
Tools category
Harden Windows Security Script
Does your system meet the requirements?
Is your Windows installation genuine?
Please explain the bug
After using this script I get issue with GitHub desktop. Whenever fetch new commits or try to sync get this annoying popup.
I think it is because of the ASR rules.
Similar as https://github.com/desktop/desktop/issues/14401