search

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
https://hotcakex.github.io
MIT License
1.37k stars 107 forks source link

[Bug]: ASLR issue with Github Desktop #266

Closed testmmo closed 1 month ago

testmmo commented 1 month ago

Tools category

Harden Windows Security Script

Does your system meet the requirements?

Is your Windows installation genuine?

Please explain the bug

After using this script I get issue with GitHub desktop. Whenever fetch new commits or try to sync get this annoying popup.

I think it is because of the ASR rules.

Similar as https://github.com/desktop/desktop/issues/14401

image
HotCakeX commented 1 month ago

Hi, Yes, I have an article about it on how you can fix it, it's a one-liner

Get-ChildItem -Recurse -Path "C:\Users\$env:username\AppData\Local\GitHubDesktop\*\resources\app\git\*.exe" | ForEach-Object -Process { Set-ProcessMitigation -Name $_.Name -Disable ForceRelocateImages }


I can make the script detect if GitHub desktop is installed and automatically run that command when ASLR is on. Are you okay with that?

There is no other way around it because git executables are just poorly made and not compatible with ASLR.

testmmo commented 1 month ago

Yes that was the fix thanks. I originally searched and checked readme but guess didn't dig deep enough.

Probably should auto run it if github installed as part of the script. Don't see reason why anyone would not do the fix.

HotCakeX commented 1 month ago

Yes that was the fix thanks. I originally searched and checked readme but guess didn't dig deep enough.

Probably should auto run it if github installed as part of the script. Don't see reason why anyone would not do the fix.

thanks for the feedback, i'll implement that

HotCakeX commented 2 weeks ago

Hi, i just implemented this feature https://github.com/HotCakeX/Harden-Windows-Security/releases/tag/Hardening-Module-v.0.4.6

testmmo commented 1 week ago

Great thanks for the update. 

Few other things. i think C:\Program Files\WSL\wsl.exe should be allowed for ASR. Not sure why microsoft blocks when it is their own software.

  1. Exception calling "PrepDownloadedFiles" with "4" argument(s): "One or more errors occurred. (The directory 'C:\Users\XXX\AppData\Local\Temp\HardeningXStuff' does not exist.)"  I created that manually to fix. But when doing from module and running as admin probably can give option to create it. 

  2. Exception calling "RequirementsCheck" with "0" argument(s): "Microsoft Defender is running in Passive Mode state, please remove any 3rd party AV and then try again."  I see this doesn't work along malwarebytes anymore. I trust this more but its unfortunate we can't run both as I have seen MB catch things that MS hasn't. I had to uninstall MB to get your latest changes.

lastly i like the new pics that are more professional to me. 

HotCakeX commented 1 week ago

Great thanks for the update. 

Few other things. i think C:\Program Files\WSL\wsl.exe should be allowed for ASR. Not sure why microsoft blocks when it is their own software.

  1. Exception calling "PrepDownloadedFiles" with "4" argument(s): "One or more errors occurred. (The directory 'C:\Users\XXX\AppData\Local\Temp\HardeningXStuff' does not exist.)"  I created that manually to fix. But when doing from module and running as admin probably can give option to create it.
  2. Exception calling "RequirementsCheck" with "0" argument(s): "Microsoft Defender is running in Passive Mode state, please remove any 3rd party AV and then try again."  I see this doesn't work along malwarebytes anymore. I trust this more but its unfortunate we can't run both as I have seen MB catch things that MS hasn't. I had to uninstall MB to get your latest changes.

lastly i like the new pics that are more professional to me.

The required directory is automatically created, you don't need to create it yourself. What you experienced most likely was caused by the 3rd party antivirus. I can't reproduce this problem in any system or tests.

Wsl.exe blocked by ASR or ASLR? if ASR then which rule is blocking it?

What specifically doesn't Microsoft Defender catch after applying the hardening measures in this repo, but some other 3rd party AV does?

testmmo commented 1 week ago

Ok sounds good yes must have been other av.

Actually it was old log. So I think everything is fine as WSL has been working well. image

HotCakeX commented 1 week ago

That ASR rule is set to warn + block so it displays notifications and allows you to click/tap on it to unblock the blocked program, i did that because that ASR rule is still in preview phase so false positives are expected.