v2.2.1: Critical multi-run session bugfix, .Count property fix, ASR prompt improvement, code quality review

2026-02-09 21:14:28 +01:00 · 2025-12-20 23:08:01 +01:00 · 2025-12-20 23:08:01 +01:00 · b3efcf35fd
commit b3efcf35fd
parent c6f8291d50
68 changed files with 307 additions and 159 deletions
--- a/Modules/AdvancedSecurity/Public/Invoke-AdvancedSecurity.ps1
+++ b/Modules/AdvancedSecurity/Public/Invoke-AdvancedSecurity.ps1
@ -11,7 +11,7 @@ function Invoke-AdvancedSecurity {
        - Enterprise: Conservative approach with domain-safety checks
        - Maximum: Maximum hardening for air-gapped/high-security environments
        
-        Features implemented (v2.2.0):
+        Features implemented (v2.2.1):
        - RDP NLA enforcement + optional complete disable
        - WDigest credential protection
        - Administrative shares disable (domain-aware)
--- a/Modules/AdvancedSecurity/Public/Test-AdvancedSecurity.ps1
+++ b/Modules/AdvancedSecurity/Public/Test-AdvancedSecurity.ps1
@ -110,13 +110,15 @@ function Test-AdvancedSecurity {
        Write-Host "Testing Discovery Protocols (WS-Discovery + mDNS)..." -ForegroundColor Gray
        $discoveryTest = Test-DiscoveryProtocolsSecurity
        if ($discoveryTest) {
+            # Optional feature (Maximum profile only) - use Pass field which is always true
+            $statusText = if ($discoveryTest.Compliant) { "Disabled (Maximum)" } else { "Enabled (Optional - Maximum profile only)" }
            $results += [PSCustomObject]@{
                Feature   = "Discovery Protocols (WS-Discovery + mDNS)"
-                Status    = if ($discoveryTest.Compliant) { "Secure" } else { "Insecure" }
+                Status    = $statusText
                Details   = "mDNS=" + $(if ($discoveryTest.EnableMDNS -eq 0) { "Disabled" } else { "Enabled/Not Set" }) +
                            "; Services: FDResPub=" + $discoveryTest.FDResPubDisabled + ", fdPHost=" + $discoveryTest.FdPHostDisabled +
                            "; FirewallRulesEnabled=" + $discoveryTest.FirewallRulesEnabled
-                Compliant = $discoveryTest.Compliant
+                Compliant = $discoveryTest.Pass  # Always true - optional feature
            }
        }

@ -124,9 +126,11 @@ function Test-AdvancedSecurity {
        Write-Host "Testing Firewall Shields Up (Public)..." -ForegroundColor Gray
        $shieldsUpTest = Test-FirewallShieldsUp
        # Always pass - this is an optional hardening only for the Maximum (air-gapped) profile
+        $statusText = if ($shieldsUpTest.IsEnabled) { "Enabled (Maximum)" } else { "Not enabled (Optional - Maximum profile only)" }
        $results += [PSCustomObject]@{
            Feature    = "Firewall Shields Up (Public)"
-            Compliant  = $shieldsUpTest.Pass
+            Status     = $statusText
+            Compliant  = $shieldsUpTest.Pass  # Always true - optional feature
            Details    = $shieldsUpTest.Message
        }
        
@ -147,8 +151,8 @@ function Test-AdvancedSecurity {
        Write-Host "============================================" -ForegroundColor Cyan
        Write-Host ""
        
-        $compliantCount = ($results | Where-Object { $_.Compliant -eq $true }).Count
-        $totalTests = $results.Count
+        $compliantCount = @($results | Where-Object { $_.Compliant -eq $true }).Count
+        $totalTests = @($results).Count
        $compliancePercent = [math]::Round(($compliantCount / $totalTests) * 100, 1)
        
        Write-Host "Total Tests:    $totalTests" -ForegroundColor White