search

dahlbyk / posh-git

A PowerShell environment for Git
http://dahlbyk.github.io/posh-git/
MIT License
7.62k stars 802 forks source link

Posh Git Module Gets Blocked by Windows Action Guard #939

Closed oliverlabs closed 1 year ago

oliverlabs commented 1 year ago

System Details

Issue Description

I am experiencing a problem with... ConsoleMode.ps1 is being blocked by Windows Action Guard.

oliverlabs commented 1 year ago
git-posh-screen
rbuckton commented 1 year ago

As a workaround you can add an exclusion in Windows Security for that specific file, though that does potentially weaken the security of your Windows device.

patridge commented 1 year ago

Not that it helps, but this appears to be a botched Defender definition that went out. It appears to affect all sorts of things, like this issue as well as deleting all app shortcuts in the task bar. Here's a thread about it on Reddit.

https://www.reddit.com/r/sysadmin/comments/10ar1vb/multiple_users_reporting_microsoft_apps_have/

And here's an acknowledgement from the M365 folks.

https://twitter.com/MSFT365Status/status/1613871552256155649

patridge commented 1 year ago

I was just able to fix this on my system. Defender completely deletes that ConsoleMode.ps1 file no matter where it is created, including during reinstall, which made things a challenge. Here are the steps I needed to get back to working again.

  1. Add exclusion to parent folder to allow you to install the new ConsoleMode.ps1 in the future: C:\Users\{username}\Documents\PowerShell\Modules\posh-git\1.1.0\
  2. Add exclusion to the entire Temp folder where the posh-git installer will create the same file when you try to reinstall: C:\Users\{username}\AppData\Local\Temp\.
  3. Reinstall posh-git: PowerShellGet\Install-Module posh-git -Scope CurrentUser -Force
  4. Remove exclusion for entire Temp folder, since that's probably a bit too expansive. (You need to keep the first exclusion in place until Defender stops trying to delete ConsoleMode.ps1 every time.)
oliverlabs commented 1 year ago

Thanks, Adam, @patridge. This worked for me. For those who don't know how to add an exclusion, use the following command:

Add-MpPreference -AttackSurfaceReductionOnlyExclusions "[PATH]"

patridge commented 1 year ago

Ooh...I wonder if that would allow you to preemptively add non-existent files that you plan to have exist soon. That would prevent needing to add exemptions that are more broad than strictly necessary.

Oddly, adding via that system doesn't appear to surface them in the Exclusions page of the Security section of the Windows Settings app. I wonder where those get stored.

oliverlabs commented 1 year ago

Yes, it would. You can add both files and folders to the exception.