Wiki documents update

HotCakeX · Oct 12, 2024 · e937a85 · e937a85
1 parent d97256c
commit e937a85
Show file tree

Hide file tree

Showing 36 changed files with 313 additions and 588 deletions.
diff --git a/Harden-Windows-Security.ps1 b/Harden-Windows-Security.ps1
@@ -304,7 +304,7 @@ Function AppControl {
             Write-Verbose -Message 'Downloading the MSIX package from the GitHub releases' -Verbose
             $null = Invoke-WebRequest -Uri 'https://github.com/HotCakeX/Harden-Windows-Security/releases/download/WDACConfigv0.4.6/AppControl.Manager_1.0.0.0_x64.msix' -OutFile $MSIXPath
         }
-        
+
 
         # https://learn.microsoft.com/en-us/dotnet/framework/tools/signtool-exe
         Write-Verbose -Message 'Signing the MSIX package'

diff --git a/Wiki posts/AppControl Manager/AppControl Manager.md b/Wiki posts/AppControl Manager/AppControl Manager.md
@@ -0,0 +1,44 @@
+# AppControl Manager
+
+AppControl Manager is a modern secure app that provides easy to use graphical user interface to mange App Control on your device.
+
+The goal is for AppControl manager to reach feature parity with the [WDACConfig](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig) Powershell module as fast as possible and then to surpass it with additional features and improvements.
+
+<br>
+
+## How To Install or Update The App
+
+Use the following PowerShell [command](https://github.com/HotCakeX/Harden-Windows-Security/blob/main/Harden-Windows-Security.ps1) as Admin, it will automatically download the latest MSIX file from this repository's release page and install it for you.
+
+> [!TIP]\
+> The same command can be used to update the app whenever there is a new version available. In the future the updating functionality will be incorporated inside of the app.
+
+<br>
+
+```powershell
+(irm 'https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/Harden-Windows-Security.ps1')+'AppControl'|iex
+```
+
+<br>
+
+## Preview of the App
+
+<img src="https://raw.githubusercontent.com/HotCakeX/.github/refs/heads/main/Pictures/Gifs/AppControlManager.gif" alt="AppControl Manager preview"/>
+
+<br>
+
+## Technical Details of The App
+
+* Built using [WinUI3](https://learn.microsoft.com/en-us/windows/apps/winui/winui3/) / [XAML](https://github.com/microsoft/microsoft-ui-xaml) / [C#](https://learn.microsoft.com/en-us/dotnet/csharp/).
+* Built using the latest [.NET](https://dotnet.microsoft.com).
+* Powered by the [WinAppSDK](https://github.com/microsoft/WindowsAppSDK) (formerly Project Reunion).
+* Packaged with the modern [MSIX](https://learn.microsoft.com/en-us/windows/msix/overview) format.
+* Incorporates the [Mica](https://learn.microsoft.com/en-us/windows/apps/design/style/mica) material design for backgrounds.
+* Adopts the Windows 11 [Fluent design system](https://fluent2.microsoft.design/components/windows).
+* Fast execution and startup time.
+* 0 required dependency.
+* 0 Third-party library or file used.
+* 0 Telemetry or data collection.
+* 0 Windows Registry changes.
+* 100% clean uninstallation.
+* 100% open-source and free to use.
diff --git a/...posts/Azure/Clean Source principle, Azure and Privileged Access Workstations.md b/...posts/Azure/Clean Source principle, Azure and Privileged Access Workstations.md
@@ -50,7 +50,7 @@ When the nested VM is running, the system sees the disk as plain text, not encry
 
 BitLocker is not easy to brute force if the right algorithms are configured (XTS-AES-256) so they would not want to go that direction in most cases.
 
-### What if You Deploy a Signed WDAC Policy on the Host VM?
+### What if You Deploy a Signed App Control Policy on the Host VM?
 
 You could, but what would prevent the threat actor from disabling it on the host? The host is controlled by the threat actor in this scenario and not having the private keys of the deployed signed policy won't matter.
 

diff --git a/Wiki posts/Harden‐Windows‐Security‐Module/Harden‐Windows‐Security‐Module.md b/Wiki posts/Harden‐Windows‐Security‐Module/Harden‐Windows‐Security‐Module.md
@@ -20,6 +20,8 @@ Harden Windows Security also excels in rigorous compliance verification and secu
 
 Furthermore, this module is invaluable for security researchers and penetration testers seeking to assess and improve their system's security posture. It is compatible with any system locale and language, ensuring broad usability.
 
+<br>
+
 ## Comprehensive Logging Capabilities
 
 Harden Windows Security includes detailed logging features that track every part of its operations. These logs are helpful for reviewing what actions were taken, making it easier to audit and troubleshoot. You can choose where these logs are saved:
@@ -32,6 +34,8 @@ Harden Windows Security includes detailed logging features that track every part
 
 These logging options ensure that all actions taken by Harden Windows Security are recorded, giving you clear visibility into your security processes. Whether you’re conducting security checks, responding to issues, or just keeping an eye on things, these logs provide valuable information.
 
+<br>
+
 ## Automatic Updates
 
 The module checks for updates every time you run it and updates itself if there is a new version available, so you don't have to manually do anything.
@@ -317,7 +321,7 @@ The path to the 'Microsoft 365 Apps for Enterprise zip'. Make sure it's in the z
 | WindowsNetworking_BlockNTLM | Blocks NTLM Completely | WindowsNetworking |
 | Miscellaneous_WindowsProtectedPrint | Enables Windows Protected Print Mode | MiscellaneousConfigurations |
 | CountryIPBlocking_OFAC | Include the IP ranges of OFAC Sanctioned Countries in the firewall block rules | CountryIPBlocking |
-| DangerousScriptHostsBlocking | Deploys the Dangerous Script Hosts Blocking WDAC Policy | DownloadsDefenseMeasures |
+| DangerousScriptHostsBlocking | Deploys the Dangerous Script Hosts Blocking App Control Policy | DownloadsDefenseMeasures |
 
 <br>
 
@@ -541,7 +545,7 @@ Indicates that the cmdlet will only remove Process Mitigations (Exploit Protecti
 
 ### -WDACPoliciesToRemove
 
-Select the [WDAC Policy](https://github.com/HotCakeX/Harden-Windows-Security?tab=readme-ov-file#downloads-defense-measures-) names to remove.
+Select the [App Control Policy](https://github.com/HotCakeX/Harden-Windows-Security?tab=readme-ov-file#downloads-defense-measures-) names to remove.
 
 <div align='center'>
 

diff --git a/Wiki posts/Home Index.md b/Wiki posts/Home Index.md
@@ -24,7 +24,6 @@
 - <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/pinkwings.gif" width="35"> [Test-CiPolicy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Test-CiPolicy)
 - <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/pinkwings.gif" width="35"> [Get-CiFileHashes](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Get-CiFileHashes) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
 - <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/pinkwings.gif" width="35"> [ConvertTo-WDACPolicy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/ConvertTo-WDACPolicy) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/pinkwings.gif" width="35"> [Set-CiRuleOptions](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Set-CiRuleOptions) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
 - <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/pinkwings.gif" width="35"> [Get-CIPolicySetting](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Get-CIPolicySetting) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
 
 <br>
@@ -36,20 +35,21 @@
 ## <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="50"> [App Control for Business](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Introduction)
 
 - <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [Introduction](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Introduction)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [WDAC for Lightly Managed Devices](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-for-Lightly-Managed-Devices)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [WDAC for Fully managed device - Variant 1](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-for-Fully-Managed-Devices)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [WDAC for Fully managed device - Variant 2](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-for-Fully-Managed-Devices--Variant-2)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [WDAC for Fully managed device - Variant 3](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-Fully-managed-device---Variant-3)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [WDAC for Fully managed device - Variant 4](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-Fully-managed-device---Variant-4)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [WDAC Notes](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Notes)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [How to Create and Deploy a Signed WDAC Policy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/How-to-Create-and-Deploy-a-Signed-WDAC-Policy-Windows-Defender-Application-Control)
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [App Control for Lightly Managed Devices](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-for-Lightly-Managed-Devices)
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [App Control for Fully managed device - Variant 1](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-for-Fully-Managed-Devices)
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [App Control for Fully managed device - Variant 2](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-for-Fully-Managed-Devices--Variant-2)
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [App Control for Fully managed device - Variant 3](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-Fully-managed-device---Variant-3)
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [App Control for Fully managed device - Variant 4](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-Fully-managed-device---Variant-4)
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [App Control Notes](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Notes)
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [How to Create and Deploy a Signed App Control Policy](https://github.com/HotCakeX/Harden-Windows-Security/wiki/How-to-Create-and-Deploy-a-Signed-WDAC-Policy-Windows-Defender-Application-Control)
 - <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [Fast and Automatic Microsoft Recommended Driver Block Rules updates](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Fast-and-Automatic-Microsoft-Recommended-Driver-Block-Rules-updates)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [WDAC policy for BYOVD Kernel mode only protection](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [EKUs in WDAC, App Control for Business, Policies](https://github.com/HotCakeX/Harden-Windows-Security/wiki/EKUs-in-WDAC,-App-Control-for-Business,-Policies)
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [WDAC Rule Levels Comparison and Guide](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Rule-Levels-Comparison-and-Guide) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [Script Enforcement and PowerShell Constrained Language Mode in WDAC App Control Policies](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Script-Enforcement-and-PowerShell-Constrained-Language-Mode-in-WDAC-App-Control-Policies) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [How to Use Microsoft Defender for Endpoint Advanced Hunting With WDAC App Control](https://github.com/HotCakeX/Harden-Windows-Security/wiki/How-to-Use-Microsoft-Defender-for-Endpoint-Advanced-Hunting-With-WDAC-App-Control) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
-- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [Application Control (WDAC) Frequently Asked Questions (FAQs)](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Application-Control-(WDAC)-Frequently-Asked-Questions-(FAQs)) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [App Control policy for BYOVD Kernel mode only protection](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-policy-for-BYOVD-Kernel-mode-only-protection)
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [EKUs in App Control for Business Policies](https://github.com/HotCakeX/Harden-Windows-Security/wiki/EKUs-in-WDAC,-App-Control-for-Business,-Policies)
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [App Control Rule Levels Comparison and Guide](https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Rule-Levels-Comparison-and-Guide) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [Script Enforcement and PowerShell Constrained Language Mode in App Control Policies](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Script-Enforcement-and-PowerShell-Constrained-Language-Mode-in-WDAC-App-Control-Policies) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [How to Use Microsoft Defender for Endpoint Advanced Hunting With App Control
+](https://github.com/HotCakeX/Harden-Windows-Security/wiki/How-to-Use-Microsoft-Defender-for-Endpoint-Advanced-Hunting-With-WDAC-App-Control) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
+- <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/Gifs/wings/yellowwings.gif" width="35"> [App Control Frequently Asked Questions (FAQs)](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Application-Control-(WDAC)-Frequently-Asked-Questions-(FAQs)) <img src="https://raw.githubusercontent.com/HotCakeX/.github/main/Pictures/PNG%20and%20JPG/New.png" alt="New Label" width="25">
 
 <br>
 

diff --git a/Wiki posts/Miscellaneous/Answers to the Basic Frequently Asked Questions.md b/Wiki posts/Miscellaneous/Answers to the Basic Frequently Asked Questions.md
@@ -12,8 +12,14 @@ This document has answers to the most basic frequently asked questions about thi
 
 ## What Do I Need to Do to Use Harden Windows Security Module?
 
-1. [Install PowerShell from Microsoft Store](https://www.microsoft.com/store/productid/9MZ1SNWT0N5D)
-2. [Follow the How To Use section of the Readme](https://github.com/HotCakeX/Harden-Windows-Security?tab=readme-ov-file#-install-the-harden-windows-security-module-from-powershell-gallery)
+1. Press Start button.
+2. Type `PowerShell`, find it and open it.
+3. Copy & Paste the following line in the PowerShell command line that is opened and press enter.
+4. Wait for the App to start.
+
+```powershell
+(irm 'https://raw.githubusercontent.com/HotCakeX/Harden-Windows-Security/main/Harden-Windows-Security.ps1')+'P'|iex
+```
 
 <br>
 
@@ -26,7 +32,7 @@ This document has answers to the most basic frequently asked questions about thi
 
 ## But I Never Used PowerShell Before
 
-Then let this be your initiation.
+Then let this be your initiation. You don't need to know anything about PowerShell to use the Harden Windows Security application/module.
 
 <br>
 
@@ -76,19 +82,8 @@ Uninstall it by going to Windows Settings -> Apps -> Installed Apps -> Search fo
 
 ## What Categories Do You Recommend to Run?
 
-[In the Categories section on Readme](https://github.com/HotCakeX/Harden-Windows-Security?tab=readme-ov-file#hardening-categories), you will find all the categories available in the Harden Windows Security module with thorough explanation and links for each of them.
-
-For example:
-
-* **BitLocker category** is useful for providing physical security for your computer and data.
-
-* **Optional Windows Features category** is useful for disabling unnecessary optional and rarely used features, also for enabling useful optional features in Windows.
-
-* **Country IP Blocking category** is not necessary to run, unless you really want to block connections to and from those listed countries.
-
-* **Certificate Checking Commands category** is useful for quickly gaining additional insights about the available certificates on your computer.
-
-***All other categories are very much recommended to run.***
+Use the default predefined preset in the Harden Windows Security GUI, it is tuned for optimal and balanced security.
+Presets allow for easy and quick selection of categories and sub-categories.
 
 <br>
 
@@ -114,7 +109,7 @@ Only very old and unsupported hardware *might* experience degraded performance w
 
 ## What If I Want to Revert the Changes?
 
-You can revert the changes by running the command [Unprotect-WindowsSecurity](https://github.com/HotCakeX/Harden-Windows-Security/wiki/Harden%E2%80%90Windows%E2%80%90Security%E2%80%90Module#unprotect-windowssecurity-cmdlet) in PowerShell.
+Use the Unprotect tab in the Harden Windows Security GUI (Graphical User Interface) to undo all the protections.
 
 <br>
 

diff --git a/Wiki posts/Miscellaneous/Hyper V.md b/Wiki posts/Miscellaneous/Hyper V.md
@@ -179,7 +179,7 @@ There are [guides](https://learn.microsoft.com/en-us/windows-hardware/manufactur
 
 1. Your host has Secure boot enabled
 
-2. You use Signed WDAC policies
+2. You use Signed App Control policies
 
 3. Your VM wasn't [SysPrepped](https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/sysprep--generalize--a-windows-installation) before natively booting it on physical machine