Comments (3)
ab366s
commented on April 27, 2024
1
I'm experiencing the same issue. I added multiple lines at the end of the GetSafePathsToAllow.ps1 file. The end of the file looks like this:
### Windows Defender put their binaries in ProgramData for a while. Comment this back out when they move it back.
"%OSDRIVE%\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\*" "%OSDRIVE%\PROGRAMDATA\MICROSOFT\WINDOWS\PASSWORDEXPIRENOTIFICATION.VBS" "%OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS\*"
If I run the script the output looks good
PS C:\AaronLocker\CustomizationInputs> .\GetSafePathsToAllow.ps1
\\MYDOMAIN.LOCAL\netlogon\*
\\MYDOMAIN.LOCAL\sysvol\*
%OSDRIVE%\PROGRAMDATA\MICROSOFT\WINDOWS DEFENDER\*
%OSDRIVE%\PROGRAMDATA\MICROSOFT\WINDOWS\PASSWORDEXPIRENOTIFICATION.VBS
%OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS\*
But when you run Create-Policies.ps1 path rules are created using only the last line of GetSafePathsToAllow.ps1. In this case only EXE, DLL, and Script rules for %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS\*" are created and any previous entries are omitted.
Actually, it creates multiple entries with the same path
| Exe | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
|---|---|---|---|---|---|
| Exe | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Exe | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Exe | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Exe | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Script | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
|---|---|---|---|---|---|
| Script | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Script | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Script | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Script | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Dll | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
|---|---|---|---|---|---|
| Dll | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Dll | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Dll | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
| Dll | AuditOnly | Path | Everyone | Allow | %OSDRIVE%\PROGRAMDATA\SEAGULL\DRIVERS* |
from aaronlocker.
AaronMargosis
commented on April 27, 2024
Where are you seeing that? There should be three: one path rule each for EXE, DLL, and Script collections.
from aaronlocker.
jsuther1974
commented on April 27, 2024
Merged fix for this issue.
from aaronlocker.
Related Issues (18)
- How do we get signed scripts? HOT 2
- Just a thought regarding NonDefaultRootDirs
- Additional config required for Windows Event Collector
- Unable to add exceptions using GetExeFilesToDenyList.ps1 HOT 5
- netlogon location HOT 3
- Unexpected Allow in WDAC Deny Rules from createpolicy HOT 2
- Question: WDAC Allow and Deny HOT 1
- Russian accont\group names HOT 9
- AppLocker rule to deny Powershell not working as expected.
- Request: Intune ready Applocker XML files
- This repo is missing important files
- Request: Microsoft Sentinel Workbook to replace AaronLocker Excel Sheet
- Updating of documentation to include Code Integrity rules
- WDAC Events
- VirusTotal API integration
- WDAC rules are not generated on Windows Server 2019 HOT 1
- Custom AD group for UnSafePath HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aaronlocker.