Conversation
* Introduced a tailor-made policy to block Remote Management and Monitoring software, mitigating the recent surge in RMM-based attacks. This policy prevents execution of known RMM tools and thwarts unauthorized remote access. Administrators may enable, disable or deploy it in Audit mode to monitor activity within the network. It covers an extensive catalog of executables by filename and directory path—regardless of drive letter—and can be extended by submitting additional entries via [GitHub Issues](https://github.com/HotCakeX/Harden-Windows-Security). * Updated the [View File Certificates](https://github.com/HotCakeX/Harden-Windows-Security/wiki/View-File-Certificates) feature to function without Administrator privileges. * Added a modern Windows 11–style "AppControl Manager" entry to the File Explorer right-click (or tap-and-hold) interface, granting instant access to certificate inspection, hash calculation, and direct launching of XML/CIP files in the Policy Editor. Future enhancements will include folder-wide block actions, all implemented with high-performance code to eliminate any delay in the context menu. * Enhanced the [View File Certificates](https://github.com/HotCakeX/Harden-Windows-Security/wiki/View-File-Certificates) page with an informative banner that displays essential metadata for the file under inspection. * Shrunk the MSIXBundle footprint by leveraging an architecture-aware build pipeline, resulting in a leaner app package.
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds a new RMM blocking policy, enhances file‐certificate inspection without admin rights, and integrates an Explorer context‐menu entry, while updating versioning and build artifacts.
- Introduce
BuildRMMBlockinginBasePolicyCreatorto block known RMM tools with audit/deploy options - Migrate certificate‐view copy handlers to ViewModel, disable navigation cache, and enable context‐menu launch
- Update manifest and workflow to add Explorer integration, bump version to 2.0.25.0, and streamline MSIXBundle packaging
Reviewed Changes
Copilot reviewed 49 out of 49 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| Pages/ViewFileCertificates.xaml.cs | Disabled navigation cache; moved copy logic into ViewModel |
| Pages/ViewFileCertificates.xaml | Swapped code‐behind handlers for VM bindings; added enable flags |
| Main/BasePolicyCreator.cs | Added BuildRMMBlocking for policy generation |
| Package.appxmanifest | Bumped version; added fileExplorerContextMenus and COM server |
| AppSettings/Main.cs | Added settings for context‐menu launch args |
| .github/workflows/Build AppControl Manager MSIX Package.yml | Removed MSIX upload, adjusted artifact steps, made build script more modular |
| AppControl Manager.csproj | Bumped FileVersion; disabled documentation file generation; updated interop references |
Comments suppressed due to low confidence (5)
.github/workflows/Build AppControl Manager MSIX Package.yml:18
- [nitpick] The MSIX_PATH output and its upload step were removed, which could confuse users expecting the .msix artifact. If retaining the .msix is required, re-add the outputs and upload-artifact step or document the change.
- MSIX_PATH: ${{ steps.main_buildOp.outputs.MSIX_PATH }}
AppControl Manager/Pages/CreatePolicy.xaml:380
- The new RMM Blocking expander lacks automation properties (e.g., AutomationProperties.Name) for screen-reader support. Consider adding accessible labels or tooltips.
<controls:SettingsExpander IsExpanded="{x:Bind ViewModel.RMMBlockingSettingsIsExpanded, Mode=TwoWay" x:Uid="RMMBlockingSection" HeaderIcon="{ui:FontIcon Glyph=}">
AppControl Manager/Others/GlobalVars.cs:117
- By collapsing architecture-specific executables into a single name, the wrong binary may be invoked on ARM64. Consider preserving the RuntimeInformation-based selection or verifying the generic executable exists for all architectures.
internal static readonly string DeviceGuardWMIRetrieverProcessPath = Path.Combine(RustInteropPath, "DeviceGuardWMIRetriever.exe");
AppControl Manager/AppControl Manager.csproj:193
- [nitpick] Disabling XML documentation file generation may impact API consumers who rely on generated docs. Confirm that this change is intentional or re-enable
<GenerateDocumentationFile>true</GenerateDocumentationFile>.
<GenerateDocumentationFile>false</GenerateDocumentationFile>
AppControl Manager/Pages/ViewFileCertificates.xaml.cs:49
- [nitpick] Disabling navigation cache will cause the page to reinitialize each time and lose scroll or filter state. Verify that this aligns with the intended user experience.
this.NavigationCacheMode = NavigationCacheMode.Disabled;
HotCakeX
added
the
AppControl Manager 🛡️
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Introduced a tailor-made policy to block Remote Management and Monitoring software, mitigating the recent surge in RMM-based attacks. This policy prevents execution of known RMM tools and thwarts unauthorized remote access. Administrators may enable, disable or deploy it in Audit mode to monitor activity within the network. It covers an extensive catalog of executables by filename and directory path—regardless of drive letter—and can be extended by submitting additional entries via GitHub Issues.
Updated the View File Certificates feature to function without Administrator privileges.
Added a modern Windows 11–style "AppControl Manager" entry to the File Explorer right-click (or tap-and-hold) interface, granting instant access to certificate inspection, hash calculation, and direct launching of XML/CIP files in the Policy Editor. Future enhancements will include folder-wide block actions, all implemented with high-performance code to eliminate any delay in the context menu.
Enhanced the View File Certificates page with an informative banner that displays essential metadata for the file under inspection.
Shrunk the MSIXBundle footprint by leveraging an architecture-aware build pipeline, resulting in a leaner app package.