-
Added
App Control Policy Statusto tray menu which simply runsGet-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard, captures theStdoutdata and parses that data quickly into a small message box for a quick status check. -
Added a View Logs submenu with options for
Code IntegrityandMSI and Scriptlogs. (In the future, I might add another log option forPolicy Activation Events).-
Both log selections open Event Viewer to the relevant logs and are pre-filtered via XPath Query to specifically show only WDAC-related Event IDs as noted here (Understanding Application Control events).
-
Fixed a bug in Event Viewer relating to the
%APPDATA%\Microsoft\MMC\eventvwrfile which is actually an XML file (without an extension) that gets modified every time you run Event Viewer. The bug relates to the<DynamicPath>node which gets bugged anytime you runeventvwrfrom the command line with the/cand/or/farguments. I had to fix this by parsing the XML file and removing the<DynamicPath>node when selecting one of the log file options in the tray tool.
-
-
Added a third Toast Notification for Audit mode events for processes that would have been blocked if it were not for Audit mode.
-
Fixed a bug in part of the Toast Notifications where a file location was hardcoded by accident. It is now fully run based on current working directory. The scheduled tasks install script (
Install-Tasks.ps1) also installs the tasks and subsequent commands based upon current working directory. -
Fixed bug that caused tray icon to be blurry under different scaling scenarios