search

HotCakeX / Harden-Windows-Security

Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels | Read The Rationale https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Rationale.md
https://hotcakex.github.io
MIT License
1.84k stars 143 forks source link

[Bug]: modules seems to not work in constrained language mode (files signed) #271

Closed ckuever closed 5 months ago

ckuever commented 5 months ago

Tools category

Harden Windows Security Module

Does your system meet the requirements?

Is your Windows installation genuine?

Please explain the bug

Hi,

re-opening https://github.com/HotCakeX/Harden-Windows-Security/issues/243 with information

we did everything as you also nicely described

https://github.com/HotCakeX/Harden-Windows-Security/wiki/Script-Enforcement-and-PowerShell-Constrained-Language-Mode-in-WDAC-App-Control-Policies

However even if the modules could be loaded with no issues, there are no commands available

image

have you ever tried your nice modules with script enforcement and in constrained language mode? Or will this simply not work?

Thank you.

HotCakeX commented 5 months ago

Hi, The modules here use advanced features that aren't allowed in constrained language mode even when signed (which isn't what i had expected but that's what i experienced), maybe the PowerShell team can shed some light on it later.

That's why I personally don't recommended script enforcement unless the device isn't going to use PowerShell except for some simple built-in commands.

since it's not a bug, at least not one that i can fix, i'm gonna move it to discussions, i will update you as soon as i have new info on this 🙂