AppControl Manager v2.0.25.0 (#755)

Introduced a tailor-made policy to block Remote Management and Monitoring software, mitigating the recent surge in RMM-based attacks. This policy prevents execution of known RMM tools and thwarts unauthorized remote access. Administrators may enable, disable or deploy it in Audit mode to monitor activity within the network. It covers an extensive catalog of executables by filename and directory path—regardless of drive letter—and can be extended by submitting additional entries via GitHub Issues.

Updated the View File Certificates feature to function without Administrator privileges.

Added a modern Windows 11–style "AppControl Manager" entry to the File Explorer right-click (or tap-and-hold) interface, granting instant access to certificate inspection, hash calculation, and direct launching of XML/CIP files in the Policy Editor. Future enhancements will include folder-wide block actions, all implemented with high-performance code to eliminate any delay in the context menu.

Enhanced the View File Certificates page with an informative banner that displays essential metadata for the file under inspection.

Shrunk the MSIXBundle footprint by leveraging an architecture-aware build pipeline, resulting in a leaner app package.

Author: HotCakeX

.github/workflows/Build AppControl Manager MSIX Package.yml

@@ -31,6 +31,7 @@
 using Microsoft.Extensions.Hosting;
 using Microsoft.UI.Xaml;
 using Microsoft.UI.Xaml.Controls;
+using Microsoft.Windows.ApplicationModel.WindowsAppRuntime;
 using Microsoft.Windows.AppLifecycle;
 using Microsoft.Windows.Globalization;
 using Windows.ApplicationModel;
@@ -203,7 +204,7 @@ internal App()
 		Logger.Write(string.Format(GlobalVars.Rizz.GetString("AppStartupMessage"), Environment.Version));
 
 		// https://github.com/microsoft/WindowsAppSDK/blob/main/specs/VersionInfo/VersionInfo.md
-		// Logger.Write($"Built with Windows App SDK: {ReleaseInfo.AsString} - Runtime Info: {RuntimeInfo.AsString}");
+		Logger.Write($"Built with Windows App SDK: {ReleaseInfo.AsString} - Runtime Info: {RuntimeInfo.AsString}");
 
 		// Give beautiful outline to the UI elements when using the tab key and keyboard for navigation
 		// https://learn.microsoft.com/windows/apps/design/style/reveal-focus
@@ -253,7 +254,7 @@ private async void TaskScheduler_UnobservedTaskException(object? sender, Unobser
 	/// Invoked when the application is launched.
 	/// </summary>
 	/// <param name="args">Details about the launch request and process.</param>
-	protected override void OnLaunched(Microsoft.UI.Xaml.LaunchActivatedEventArgs args)
+	protected override async void OnLaunched(Microsoft.UI.Xaml.LaunchActivatedEventArgs args)
 	{
 		// Register the Jump List tasks
 		/*
@@ -328,6 +329,44 @@ protected override void OnLaunched(Microsoft.UI.Xaml.LaunchActivatedEventArgs ar
 					Logger.Write(GlobalVars.Rizz.GetString("FileActivationNoArgumentsMessage"));
 				}
 			}
+			else
+			{
+				Logger.Write($"ExtendedActivationKind: {activatedEventArgs.Kind}");
+
+				/*
+				Windows.ApplicationModel.Activation.LaunchActivatedEventArgs launchArgs = (Windows.ApplicationModel.Activation.LaunchActivatedEventArgs)activatedEventArgs.Data;
+				string passed = launchArgs.Arguments;
+
+				Logger.Write($"Arguments: {passed}");
+				*/
+
+				string[] possibleArgs = Environment.GetCommandLineArgs();
+
+				// Look for our two keys
+				string? actionArg = possibleArgs.FirstOrDefault(a => a.StartsWith("--action=", StringComparison.OrdinalIgnoreCase));
+				string? fileArg = possibleArgs.FirstOrDefault(a => a.StartsWith("--file=", StringComparison.OrdinalIgnoreCase));
+
+				if (actionArg is not null && fileArg is not null)
+				{
+					// Extract values past the '=' and trim any quotes
+					string action = actionArg["--action=".Length..];
+
+					string filePath = fileArg["--file=".Length..].Trim('"');
+
+					Logger.Write($"Parsed Action: {action}");
+					Logger.Write($"Parsed File: {filePath}");
+
+					// Save file path and action for later navigation
+					if (!string.IsNullOrWhiteSpace(filePath) && !string.IsNullOrWhiteSpace(action))
+					{
+						Settings.LaunchActivationFilePath = filePath;
+						Settings.LaunchActivationAction = action;
+
+						// If the selected file is not accessible with the privileges the app is currently running with, prompt for elevation
+						requireAdminPrivilege = !FileAccessCheck.IsFileAccessibleForWrite(filePath);
+					}
+				}
+			}
 		}
 		catch (Exception ex)
 		{
@@ -425,7 +464,7 @@ protected override void OnLaunched(Microsoft.UI.Xaml.LaunchActivatedEventArgs ar
 
 			try
 			{
-				_ = PolicyEditorViewModel.OpenInPolicyEditor(Settings.FileActivatedLaunchArg);
+				await PolicyEditorViewModel.OpenInPolicyEditor(Settings.FileActivatedLaunchArg);
 			}
 			catch (Exception ex)
 			{
@@ -440,6 +479,55 @@ protected override void OnLaunched(Microsoft.UI.Xaml.LaunchActivatedEventArgs ar
 				Settings.FileActivatedLaunchArg = string.Empty;
 			}
 		}
+		// If there is/was activation through context menu
+		else if (!string.IsNullOrWhiteSpace(Settings.LaunchActivationAction))
+		{
+			try
+			{
+				if (string.Equals(Settings.LaunchActivationAction, "PolicyEditor", StringComparison.OrdinalIgnoreCase))
+				{
+					ViewModelForMainWindow.NavViewSelectedItem = ViewModelForMainWindow.allNavigationItems
+					.First(item => string.Equals(item.Tag.ToString(), "PolicyEditor", StringComparison.OrdinalIgnoreCase));
+
+					await PolicyEditorViewModel.OpenInPolicyEditor(Settings.LaunchActivationFilePath);
+				}
+				else if (string.Equals(Settings.LaunchActivationAction, "FileSignature", StringComparison.OrdinalIgnoreCase))
+				{
+					ViewFileCertificatesVM vm = AppHost.Services.GetRequiredService<ViewFileCertificatesVM>();
+
+					ViewModelForMainWindow.NavViewSelectedItem = ViewModelForMainWindow.allNavigationItems
+					.First(item => string.Equals(item.Tag.ToString(), "ViewFileCertificates", StringComparison.OrdinalIgnoreCase));
+
+					await vm.OpenInViewFileCertificatesVM(Settings.LaunchActivationFilePath);
+				}
+				else if (string.Equals(Settings.LaunchActivationAction, "FileHashes", StringComparison.OrdinalIgnoreCase))
+				{
+					GetCIHashesVM vm = AppHost.Services.GetRequiredService<GetCIHashesVM>();
+
+					ViewModelForMainWindow.NavViewSelectedItem = ViewModelForMainWindow.allNavigationItems
+					.First(item => string.Equals(item.Tag.ToString(), "GetCodeIntegrityHashes", StringComparison.OrdinalIgnoreCase));
+
+					await vm.OpenInGetCIHashes(Settings.LaunchActivationFilePath);
+				}
+				else
+				{
+					InitialNav();
+				}
+			}
+			catch (Exception ex)
+			{
+				Logger.Write(ErrorWriter.FormatException(ex));
+
+				// Continue doing the normal navigation if there was a problem
+				InitialNav();
+			}
+			finally
+			{
+				// Clear the launch activation args after they've been used
+				Settings.LaunchActivationFilePath = string.Empty;
+				Settings.LaunchActivationAction = string.Empty;
+			}
+		}
 		else
 		{
 			InitialNav();

AppControl Manager/App.xaml.cs

@@ -62,7 +62,6 @@
     <AppxPackageSigningEnabled>False</AppxPackageSigningEnabled>
     <!-- This specifies what hashing algorithm must be used for the certificate that will sign the MSIX package -->
     <AppxPackageSigningTimestampDigestAlgorithm>SHA512</AppxPackageSigningTimestampDigestAlgorithm>
-    <!-- <AppxPackageSigningTimestampDigestAlgorithm>SHA256</AppxPackageSigningTimestampDigestAlgorithm> -->
     <AppxAutoIncrementPackageRevision>False</AppxAutoIncrementPackageRevision>
 
     <!-- Defining custom directory in the root directory to be created if it doesn't exist. MSIX package after packing will be stored there -->
@@ -78,7 +77,7 @@
     <!-- https://learn.microsoft.com/dotnet/core/deploying/native-aot/optimizing -->
 
     <ErrorReport>send</ErrorReport>
-    <FileVersion>2.0.24.0</FileVersion>
+    <FileVersion>2.0.25.0</FileVersion>
     <AssemblyVersion>$(FileVersion)</AssemblyVersion>
     <NeutralLanguage>en-US</NeutralLanguage>
     <PackageLicenseFile>LICENSE</PackageLicenseFile>
@@ -191,7 +190,7 @@
     <NuGetAuditMode>all</NuGetAuditMode>
     <NuGetAuditLevel>low</NuGetAuditLevel>
 
-    <GenerateDocumentationFile>True</GenerateDocumentationFile>
+    <GenerateDocumentationFile>false</GenerateDocumentationFile>
 
     <DocumentationFile>AppControlManagerAPIDocumentation.xml</DocumentationFile>
 
@@ -331,8 +330,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <None Remove="CppInterop\ScheduledTaskManager-ARM64.exe" />
-    <None Remove="CppInterop\ScheduledTaskManager-x64.exe" />
     <None Remove="Pages\AllowNewAppsDataGrid.xaml" />
     <None Remove="Pages\AllowNewAppsEventLogsDataGrid.xaml" />
     <None Remove="Pages\AllowNewAppsLocalFilesDataGrid.xaml" />
@@ -364,13 +361,12 @@
     <None Remove="Resources\Allow All Policy.xml" />
     <None Remove="Resources\Allow Microsoft Template.xml" />
     <None Remove="Resources\AppControlManagerSupplementalPolicy.xml" />
+    <None Remove="Resources\Blocking RMMs - Remote Monitor and Management.xml" />
     <None Remove="Resources\Default Windows Template.xml" />
     <None Remove="Resources\EmptyPolicy.xml" />
     <None Remove="Resources\ISGBasedSupplementalPolicy.xml" />
     <None Remove="Resources\StrictKernelMode.xml" />
     <None Remove="Resources\StrictKernelMode_NoFlightRoots.xml" />
-    <None Remove="RustInterop\DeviceGuardWMIRetriever-ARM64.exe" />
-    <None Remove="RustInterop\DeviceGuardWMIRetriever-X64.exe" />
   </ItemGroup>
   <ItemGroup>
     <Content Include="Assets\SplashScreen.scale-200.png" />
@@ -379,16 +375,10 @@
     <Content Include="Assets\Square44x44Logo.scale-200.png" />
     <Content Include="Assets\Square44x44Logo.targetsize-24_altform-unplated.png" />
     <Content Include="Assets\Wide310x150Logo.scale-200.png" />
-    <Content Include="CppInterop\ManageDefender-ARM64.exe">
+    <Content Include="CppInterop\ManageDefender.exe">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </Content>
-    <Content Include="CppInterop\ManageDefender-x64.exe">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Include="CppInterop\ScheduledTaskManager-ARM64.exe">
-      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
-    </Content>
-    <Content Include="CppInterop\ScheduledTaskManager-x64.exe">
+    <Content Include="CppInterop\ScheduledTaskManager.exe">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </Content>
     <Content Include="Resources\Allow All Policy.xml">
@@ -400,6 +390,9 @@
     <Content Include="Resources\AppControlManagerSupplementalPolicy.xml">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </Content>
+    <Content Include="Resources\Blocking RMMs - Remote Monitor and Management.xml">
+      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+    </Content>
     <Content Include="Resources\Default Windows Template.xml">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </Content>
@@ -415,10 +408,10 @@
     <Content Include="Resources\StrictKernelMode_NoFlightRoots.xml">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </Content>
-    <Content Include="RustInterop\DeviceGuardWMIRetriever-ARM64.exe">
+    <Content Include="RustInterop\DeviceGuardWMIRetriever.exe">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </Content>
-    <Content Include="RustInterop\DeviceGuardWMIRetriever-X64.exe">
+    <Content Include="Shell\Shell.dll">
       <CopyToOutputDirectory>Always</CopyToOutputDirectory>
     </Content>
   </ItemGroup>
@@ -432,14 +425,6 @@
     <Content Remove="version.txt" />
     <None Remove="version.txt" />
 
-    <Compile Remove="DownloadURL.txt" />
-    <Content Remove="DownloadURL.txt" />
-    <None Remove="DownloadURL.txt" />
-
-    <Compile Remove="AppControlManagerAPIDocumentation.xml" />
-    <Content Remove="AppControlManagerAPIDocumentation.xml" />
-    <None Remove="AppControlManagerAPIDocumentation.xml" />
-
     <Compile Remove="MSIXBundleDownloadURL.txt" />
     <Content Remove="MSIXBundleDownloadURL.txt" />
     <None Remove="MSIXBundleDownloadURL.txt" />