-
Added
App Control Policy Status
to tray menu which simply runsGet-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\DeviceGuard
, captures theStdout
data and parses that data quickly into a small message box for a quick status check. -
Added a View Logs submenu with options for
Code Integrity
andMSI and Script
logs. (In the future, I might add another log option forPolicy Activation Events
).-
Both log selections open Event Viewer to the relevant logs and are pre-filtered via XPath Query to specifically show only WDAC-related Event IDs as noted here (Understanding Application Control events).
-
Fixed a bug in Event Viewer relating to the
%APPDATA%\Microsoft\MMC\eventvwr
file which is actually an XML file (without an extension) that gets modified every time you run Event Viewer. The bug relates to the<DynamicPath>
node which gets bugged anytime you runeventvwr
from the command line with the/c
and/or/f
arguments. I had to fix this by parsing the XML file and removing the<DynamicPath>
node when selecting one of the log file options in the tray tool.
-
-
Added a third Toast Notification for Audit mode events for processes that would have been blocked if it were not for Audit mode.
-
Fixed a bug in part of the Toast Notifications where a file location was hardcoded by accident. It is now fully run based on current working directory. The scheduled tasks install script (
Install-Tasks.ps1
) also installs the tasks and subsequent commands based upon current working directory. -
Fixed bug that caused tray icon to be blurry under different scaling scenarios