WildByDesign
commented
1 week ago @HotCakeX This might not be the most appropriate place to post this, but your GUI-related work with AppControl Manager is absolutely fantastic! This is so incredibly thorough and feature packed that my jaw is literally still on the floor.
Great work! Speechless.
HotCakeX
What's New
Excited to announce another major update for the AppControl Manager app, introducing enhanced features that bring more capabilities to a modern, GUI-based experience.
Brand new documents, videos and tutorials will be added to the repository and YouTube channel for the AppControl Manager in the near future.
New Features in AppControl Manager
Easily create policies directly from local event logs, enhanced with advanced filtering and search capabilities.
Import EVTX log files to create policies, also featuring advanced filtering and search capabilities.
Generate policies using MDE Advanced Hunting logs with powerful filtering and search options.
Effortlessly allow files or apps blocked by the system. This functionality mirrors the
Edit-WDACConfig -AllowNewAppscommand previously available in the WDACConfig module.Switch the app's theme independently of the system theme.
Choose between Mica, MicaAlt, or Acrylic for the app's backdrop to tailor the overall visual experience.
Introduced a darker background option for a striking aesthetic, particularly when paired with MicaAlt.
Enable sound effects for navigation and regular app interactions, adding an immersive experience.
Your app settings are now saved, so you won't need to reconfigure them every time you launch the app.
Redesigned the Simulation page for a better user experience.
Added concise descriptions to each page for quick contextual understanding.
Implemented a search bar with auto-suggestions to streamline main navigation.
New navigation customization in settings: switch between left and top navigation styles.
Technical Changes
Replaced most
DLLImportswithLibraryImportsas part of the initiative to support Native AOT (Ahead-of-Time Compilation). This transition enhances compatibility with Arbitrary Code Guard (ACG) exploit protection.Bumped .NET to version 9 stable.
Implemented and enforced additional code security and style guidelines.
Transitioned certain Windows API calls from
AdvApi32to modernBcryptandCNGCrypto APIs for better security and performance.Changed the way
AppIdentityservice would be started to use a more native method, again in order to make the app more compatible with Native AOT requirements.Switched all in-line regex expressions to source-generated compiled ones for improved performance.
Changes to the WDACConfig Module
The jobs of the following parameters or cmdlets have been removed. If you attempt to use them, you will see a notice and a link to the AppControl Manager app. The new app offers so much more capabilities that simply cannot be implemented in PowerShell.
ConvertTo-WDACPolicyEdit-WDACConfig -AllowNewAppsInvoke-WDACSimulationUpcoming changes to the WDACConfig Module
The following cmdlets/functions will be completely removed as their jobs will be integrated with the AppControl Manager for a superior experience. This change happens in the next version, currently targeting version
1.4.0.0. Be sure that all of their features will be completely implemented in the AppControl Manager before they are removed, so you will not experience any absence of feature.Edit-WDACConfigEdit-SignedWDACConfigNew-SupplementalWDACConfigNew-DenyWDACConfigGet-CiFileHashesGet-CIPolicySettingConvertTo-WDACPolicySet-CommonWDACConfigRemove-CommonWDACConfigGet-CommonWDACConfigNew-KernelModeWDACConfigInvoke-WDACSimulationIf you wish to stay on version 0.4.8.2 or 0.4.9, you can disable auto update check in WDACConfig module using the following command:
Closes #394