HotCakeX
commented
3 months ago Hi, Looks like you unnecessarily installed a module called "ProcessMitigations" which is in here https://www.powershellgallery.com/packages/ProcessMitigations/1.0.7
Everything the Harden Windows Security module uses and needs is included by default in Windows. It's not mentioned anywhere that the module needs outside dependency. This is why it works properly in environments with WDAC policies deployed.
FYI, this is the location of the Process Mitigations built-in module, the one that the Harden Windows Security module uses automatically.
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\ProcessMitigationsI use WDAC policies on my own system and i use the Default Windows template, that's the most restrictive policy I'd recommend to be used for both user-mode and kernel-mode files.
If a policy is kernel-mode only then it can get a lot more restrictive.
So just uninstall that module you installed and that will fix the problem.
Tools category
Harden Windows Security Module
Does your system meet the requirements?
Is your Windows installation genuine?
Please explain the bug
Hi,
our last issue in a PAW project piloting your module for usage
Set-ProcessMitigation: The 'Set-ProcessMitigation' command was found in the module 'ProcessMitigations', but the module could not be loaded due to the following error: [Could not load file or assembly 'C:\Program Files\WindowsPowerShell\Modules\ProcessMitigations\1.0.7\ProcessMitigations.dll'. Your organization used Device Guard to block this app. Contact your support person for more info. (0x800711C7)]
I see you use Set-ProcessMitigation a lot and this seems to fail when device guard is already somehow enabled (via Intune or whatever)
any confirmation on that also possible if this simply won't work?
Thank you