Andreas/noid-privacy
1
0
Fork 0
mirror of https://github.com/NexusOne23/noid-privacy.git synced 2026-02-07 12:11:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

v2.2.1: Critical multi-run session bugfix, .Count property fix, ASR prompt improvement, code quality review

Browse source
This commit is contained in:
NexusOne23 2025-12-20 23:08:01 +01:00
parent c6f8291d50
commit b3efcf35fd
68 changed files with 307 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Modules/ASR/ASR.psd1
View file

@ -1,6 +1,6 @@
@{
RootModule = 'ASR.psm1'
ModuleVersion = '2.2.0'
ModuleVersion = '2.2.1'
GUID = 'b2c3d4e5-f6a7-8901-bcde-f23456789012'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'
@ -25,7 +25,7 @@
LicenseUri = ''
ProjectUri = ''
ReleaseNotes = @"
v2.2.0 - Production Release
v2.2.1 - Production Release
- All 19 ASR rules implementation
- Hybrid approach: Registry backup + Set-MpPreference application
- SCCM/Configuration Manager detection

2
Modules/ASR/ASR.psm1
View file

@ -11,7 +11,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.0
Version: 2.2.1
Requires: PowerShell 5.1+, Administrator privileges, Windows Defender
#>

22
Modules/ASR/Public/Invoke-ASRRules.ps1
View file

@ -307,7 +307,7 @@ function Invoke-ASRRules {
Write-Host "This rule blocks very new or unknown executables that" -ForegroundColor Yellow
Write-Host "are not yet trusted by Microsoft's reputation systems." -ForegroundColor Yellow
Write-Host ""
Write-Host "Do you install NEW or UNTRUSTED software frequently?" -ForegroundColor White
Write-Host "Do you install NEW software frequently?" -ForegroundColor White
Write-Host ""
Write-Host " - Games from independent developers" -ForegroundColor Gray
Write-Host " - Beta software / Early access programs" -ForegroundColor Gray
@ -315,12 +315,12 @@ function Invoke-ASRRules {
Write-Host " - Open-source tools without Microsoft reputation" -ForegroundColor Gray
Write-Host ""
Write-Host "Options:" -ForegroundColor Cyan
Write-Host " [Y] Yes - I need to install untrusted software" -ForegroundColor Yellow
Write-Host " [Y] Yes - I regularly install new software" -ForegroundColor Yellow
Write-Host " > AUDIT mode: Events logged, installs allowed" -ForegroundColor Gray
Write-Host " > Developer/test mode (less secure)" -ForegroundColor Gray
Write-Host " > Recommended if you install software from various sources" -ForegroundColor Gray
Write-Host ""
Write-Host " [N] No - I only install trusted software" -ForegroundColor Green
Write-Host " > BLOCK mode: Maximum security (recommended)" -ForegroundColor Gray
Write-Host " [N] No - I rarely install new software" -ForegroundColor Green
Write-Host " > BLOCK mode: Maximum security" -ForegroundColor Gray
Write-Host " > New/unknown installers may be blocked" -ForegroundColor Gray
Write-Host ""
@ -483,14 +483,14 @@ function Invoke-ASRRules {
$mpPref = Get-MpPreference
$currentActions = $mpPref.AttackSurfaceReductionRules_Actions
if ($currentActions) {
$result.Details.BlockMode = ($currentActions | Where-Object { $_ -eq 1 }).Count
$result.Details.AuditMode = ($currentActions | Where-Object { $_ -eq 2 }).Count
$result.Details.DisabledMode = ($currentActions | Where-Object { $_ -eq 0 }).Count
$result.Details.BlockMode = @($currentActions | Where-Object { $_ -eq 1 }).Count
$result.Details.AuditMode = @($currentActions | Where-Object { $_ -eq 2 }).Count
$result.Details.DisabledMode = @($currentActions | Where-Object { $_ -eq 0 }).Count
} else {
# Fallback to array count
$result.Details.BlockMode = ($asrRules | Where-Object { $_.Action -eq 1 }).Count
$result.Details.AuditMode = ($asrRules | Where-Object { $_.Action -eq 2 }).Count
$result.Details.DisabledMode = ($asrRules | Where-Object { $_.Action -eq 0 }).Count
$result.Details.BlockMode = @($asrRules | Where-Object { $_.Action -eq 1 }).Count
$result.Details.AuditMode = @($asrRules | Where-Object { $_.Action -eq 2 }).Count
$result.Details.DisabledMode = @($asrRules | Where-Object { $_.Action -eq 0 }).Count
}
# Step 6: Verification