Andreas/noid-privacy
1
0
Fork 0
mirror of https://github.com/NexusOne23/noid-privacy.git synced 2026-04-05 15:27:21 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: bump version to 2.2.4, update CHANGELOG and README
Some checks failed
CI - PowerShell Quality Checks / PSScriptAnalyzer (push) Has been cancelled
Details
CI - PowerShell Quality Checks / Test on PowerShell 5.1 (push) Has been cancelled
Details
CI - PowerShell Quality Checks / Test on PowerShell 7.4 (push) Has been cancelled
Details
CI - PowerShell Quality Checks / Validate Project Structure (push) Has been cancelled
Details
Pester Tests / test (push) Has been cancelled
Details

Browse source 
Version bump across 62 files (2.2.3 → 2.2.4).
CHANGELOG.md: New [2.2.4] section with EDR/XDR detection and version tooling.
README.md: Updated release highlights, AV detection example output synced with code.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Nexus 2026-03-24 20:22:12 +01:00
parent 10af4b34bd
commit d4dfe39e4f
62 changed files with 154 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/ISSUE_TEMPLATE/bug_report.md vendored
View file

@ -32,7 +32,7 @@ A clear description of what actually happened.
- **CPU**: [e.g., AMD Ryzen 7 9800X3D]
- **TPM**: [e.g., 2.0 Present]
- **Third-Party AV**: [e.g., None, Windows Defender only]
- **Script Version**: [e.g., v2.2.3]
- **Script Version**: [e.g., v2.2.4]
- **Execution Mode**: [Interactive / Direct / DryRun]
**Get System Info:**

34
CHANGELOG.md
View file

@ -7,6 +7,39 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
---
## [2.2.4] - 2026-03-24
### 🔧 Enhancement Release
**Third-party security product detection for ASR module and verification.**
### ✨ Added
**EDR/XDR and Third-Party AV Detection ([#15](https://github.com/NexusOne23/noid-privacy/issues/15))**
- New: 3-layer detection for third-party security products:
- Layer 1: WMI `SecurityCenter2` (traditional AV: Bitdefender, Kaspersky, Avira, Norton, ESET, etc.)
- Layer 2: Defender Passive Mode via `Get-MpComputerStatus` (EDR/XDR: CrowdStrike, SentinelOne, etc.)
- Layer 3: 18 known EDR service names for display identification
- New: `Test-ThirdPartySecurityProduct` function in `Utils/Dependencies.ps1` (central, reusable)
- New: `Test-WindowsDefenderAvailable` now reports `IsPassiveMode` property
- ASR module gracefully skips when third-party product detected (`Success = $true`, not an error)
- Verify script counts ASR as 19/19 verified when third-party product is primary
- Reported by: VM-Master
**Version Management**
- New: `VERSION` file as single source of truth for version numbers
- New: `Tools/Bump-Version.ps1` — automated version bump across all 61 project files
- DryRun mode for preview, CHANGELOG.md excluded (historical entries preserved)
### 📁 Files Changed
- `Utils/Dependencies.ps1` — New `Test-ThirdPartySecurityProduct`, updated `Test-WindowsDefenderAvailable`, updated `Test-AllDependencies`
- `Modules/ASR/Public/Invoke-ASRRules.ps1` — 3-layer detection before Defender check, inline fallback for standalone mode
- `Tools/Verify-Complete-Hardening.ps1` — 3-layer detection, ASR verified as skipped when third-party product active
- `Tools/Bump-Version.ps1` — New file
- `VERSION` — New file
---
## [2.2.3] - 2026-03-05
### 🔨 Bugfix Release
@ -405,6 +438,7 @@ Temp File Cleanup: Complete
**Made with 🛡️ for the Windows Security Community**
[2.2.4]: https://github.com/NexusOne23/noid-privacy/compare/v2.2.3...v2.2.4
[2.2.3]: https://github.com/NexusOne23/noid-privacy/compare/v2.2.2...v2.2.3
[2.2.2]: https://github.com/NexusOne23/noid-privacy/compare/v2.2.1...v2.2.2
[2.2.1]: https://github.com/NexusOne23/noid-privacy/compare/v2.2.0...v2.2.1

12
CONTRIBUTING.md
View file

@ -68,7 +68,7 @@ Modules/
```
Modules/AdvancedSecurity/
├── AdvancedSecurity.psd1 # Manifest with version 2.2.3
├── AdvancedSecurity.psd1 # Manifest with version 2.2.4
├── AdvancedSecurity.psm1 # Loads Private/*.ps1 and Public/*.ps1
├── Config/
│ ├── RDP.json # RDP hardening config
@ -105,7 +105,7 @@ Modules/AdvancedSecurity/
```powershell
@{
RootModule = 'YourModule.psm1'
ModuleVersion = '2.2.3'
ModuleVersion = '2.2.4'
GUID = 'YOUR-GUID-HERE' # Generate with [guid]::NewGuid()
Author = 'Your Name'
CompanyName = 'NoID Privacy'
@ -128,7 +128,7 @@ Modules/AdvancedSecurity/
Tags = @('Security', 'Hardening', 'Windows11')
ProjectUri = 'https://github.com/yourusername/noid-privacy'
ReleaseNotes = @"
v2.2.3 - Initial Release
v2.2.4 - Initial Release
- Feature 1
- Feature 2
"@
@ -141,7 +141,7 @@ v2.2.3 - Initial Release
```powershell
@{
RootModule = 'AdvancedSecurity.psm1'
ModuleVersion = '2.2.3'
ModuleVersion = '2.2.4'
GUID = 'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
Author = 'NexusOne23'
Description = 'Advanced Security hardening beyond Microsoft Security Baseline'
@ -155,7 +155,7 @@ v2.2.3 - Initial Release
PSData = @{
Tags = @('Security', 'Hardening', 'RDP', 'TLS', 'Windows11')
ReleaseNotes = @"
v2.2.3 - Production Release
v2.2.4 - Production Release
- RDP NLA enforcement + optional complete disable
- WDigest credential protection
- Administrative shares disable (domain-aware)
@ -781,4 +781,4 @@ mkdir "Modules\YourModule\Config"
---
**Questions? Study AdvancedSecurity v2.2.3 - it's the reference implementation!** 🎯
**Questions? Study AdvancedSecurity v2.2.4 - it's the reference implementation!** 🎯

8
Core/Config.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
#>
@ -79,7 +79,7 @@ function New-DefaultConfig {
)
$defaultConfig = @{
version = "2.2.3"
version = "2.2.4"
modules = @{
SecurityBaseline = @{
enabled = $true
@ -122,7 +122,7 @@ function New-DefaultConfig {
status = "IMPLEMENTED"
description = "Microsoft Edge v139 Security Baseline: 24 security policies"
allowExtensions = $true
version = "2.2.3"
version = "2.2.4"
baseline = "Edge v139"
policies = 24
features = @{
@ -148,7 +148,7 @@ function New-DefaultConfig {
disableWirelessDisplay = $false
disableDiscoveryProtocols = $true
disableIPv6 = $false
version = "2.2.3"
version = "2.2.4"
policies = 50
features = @{
rdp_hardening = $true

4
Core/Framework.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
.EXAMPLE
@ -24,7 +24,7 @@
# All configuration comes from config.json via Initialize-Config.
# Script-level variables
$script:FrameworkVersion = "2.2.3"
$script:FrameworkVersion = "2.2.4"
$script:FrameworkRoot = Split-Path -Parent $PSScriptRoot
$script:ExecutionStartTime = Get-Date

2
Core/Logger.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
#>

2
Core/NonInteractive.ps1
View file

@ -12,7 +12,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Usage in modules:
1. Call Test-NonInteractiveMode to check if prompts should be skipped

6
Core/Rollback.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
#>
@ -64,7 +64,7 @@ function Initialize-BackupSystem {
displayName = "" # Auto-generated based on modules
sessionType = "unknown" # wizard | advanced | manual
timestamp = Get-Date -Format "o"
frameworkVersion = "2.2.3"
frameworkVersion = "2.2.4"
modules = @()
totalItems = 0
restorable = $true
@ -2298,7 +2298,7 @@ function Restore-Session {
"HKCU:\Software\Microsoft\Windows\CurrentVersion\SystemSettings\AccountNotifications",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement",
"HKCU:\SOFTWARE\Microsoft\Personalization\Settings",
# NEW: Input Personalization Settings (v2.2.3 - FIX missing HKCU restore)
# NEW: Input Personalization Settings (v2.2.4 - FIX missing HKCU restore)
"HKCU:\SOFTWARE\Microsoft\InputPersonalization",
"HKCU:\SOFTWARE\Microsoft\InputPersonalization\TrainedDataStore",
"HKCU:\Software\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\appDiagnostics"

2
Core/Validator.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
#>

22
Docs/FEATURES.md
View file

@ -1,6 +1,6 @@
# NoID Privacy - Complete Feature List
**Framework Version:** v2.2.3
**Framework Version:** v2.2.4
**Total Security Settings:** 633 (Paranoid mode)
**Modules:** 7 (All Production-Ready)
**Last Updated:** December 22, 2025
@ -11,13 +11,13 @@
| Module | Settings | Status | Description |
|--------|----------|--------|-------------|
| **SecurityBaseline** | 425 | ✅ v2.2.3 | Microsoft Security Baseline for Windows 11 v25H2 |
| **ASR** | 19 | ✅ v2.2.3 | Attack Surface Reduction rules |
| **DNS** | 5 | ✅ v2.2.3 | Secure DNS with DoH encryption |
| **Privacy** | 78 | ✅ v2.2.3 | Telemetry control, OneDrive hardening (Strict: 70 Registry + 2 Services + 6 OneDrive) |
| **AntiAI** | 32 | ✅ v2.2.3 | AI lockdown (15 features, 32 compliance checks) |
| **EdgeHardening** | 24 | ✅ v2.2.3 | Microsoft Edge browser security (24 policies) |
| **AdvancedSecurity** | 50 | ✅ v2.2.3 | Advanced hardening beyond MS Baseline (incl. Wireless Display, Discovery Protocols, IPv6) |
| **SecurityBaseline** | 425 | ✅ v2.2.4 | Microsoft Security Baseline for Windows 11 v25H2 |
| **ASR** | 19 | ✅ v2.2.4 | Attack Surface Reduction rules |
| **DNS** | 5 | ✅ v2.2.4 | Secure DNS with DoH encryption |
| **Privacy** | 78 | ✅ v2.2.4 | Telemetry control, OneDrive hardening (Strict: 70 Registry + 2 Services + 6 OneDrive) |
| **AntiAI** | 32 | ✅ v2.2.4 | AI lockdown (15 features, 32 compliance checks) |
| **EdgeHardening** | 24 | ✅ v2.2.4 | Microsoft Edge browser security (24 policies) |
| **AdvancedSecurity** | 50 | ✅ v2.2.4 | Advanced hardening beyond MS Baseline (incl. Wireless Display, Discovery Protocols, IPv6) |
| **TOTAL** | **633** | ✅ **100%** | **Complete Framework (Paranoid mode)** |
---
@ -238,7 +238,7 @@ Clipchamp.Clipchamp, SpotifyAB.SpotifyMusic
## 🤖 Module 5: AntiAI (32 Policies)
**Description:** Disable 15 Windows AI features via 32 registry policies (v2.2.3)
**Description:** Disable 15 Windows AI features via 32 registry policies (v2.2.4)
### 15 AI Features Disabled:
@ -724,7 +724,7 @@ Some UI elements in Paint and Photos apps may **still be visible** but non-funct
```
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
NoID Privacy v2.2.3
NoID Privacy v2.2.4
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Total Settings: 633 ✅
@ -745,4 +745,4 @@ Framework Completion: 🎉 100% COMPLETE
---
**Last Updated:** December 22, 2025
**Framework Version:** v2.2.3
**Framework Version:** v2.2.4

4
Modules/ASR/ASR.psd1
View file

@ -1,6 +1,6 @@
@{
RootModule = 'ASR.psm1'
ModuleVersion = '2.2.3'
ModuleVersion = '2.2.4'
GUID = 'b2c3d4e5-f6a7-8901-bcde-f23456789012'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'
@ -25,7 +25,7 @@
LicenseUri = ''
ProjectUri = ''
ReleaseNotes = @"
v2.2.3 - Production Release
v2.2.4 - Production Release
- All 19 ASR rules implementation
- Hybrid approach: Registry backup + Set-MpPreference application
- SCCM/Configuration Manager detection

2
Modules/ASR/ASR.psm1
View file

@ -11,7 +11,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+, Administrator privileges, Windows Defender
#>

4
Modules/AdvancedSecurity/AdvancedSecurity.psd1
View file

@ -2,7 +2,7 @@
# Module manifest for AdvancedSecurity
# Version
ModuleVersion = '2.2.3'
ModuleVersion = '2.2.4'
# Unique ID
GUID = 'e7f5a3d2-8c9b-4f1e-a6d3-9b2c8f4e5a1d'
@ -48,7 +48,7 @@
LicenseUri = ''
ProjectUri = ''
ReleaseNotes = @'
v2.2.3 (2025-12-08)
v2.2.4 (2025-12-08)
- Production release of AdvancedSecurity module
- 49 advanced hardening settings implemented (was 36)
- NEW: Wireless Display (Miracast) security hardening

2
Modules/AdvancedSecurity/AdvancedSecurity.psm1
View file

@ -1,5 +1,5 @@
# AdvancedSecurity Module Loader
# Version: 2.2.3
# Version: 2.2.4
# Description: Advanced Security Hardening - Beyond Microsoft Security Baseline
# Get module path

2
Modules/AdvancedSecurity/Config/AdminShares.json
View file

@ -2,7 +2,7 @@
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Administrative Shares Configuration",
"description": "Configuration for disabling administrative shares (C$, ADMIN$, etc.) to prevent lateral movement",
"version": "2.2.3",
"version": "2.2.4",
"Administrative_Shares": {
"description": "Disable automatic creation and remove existing administrative shares",

2
Modules/AdvancedSecurity/Config/Credentials.json
View file

@ -2,7 +2,7 @@
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Credential Protection Configuration",
"description": "Configuration for credential hardening including WDigest protection",
"version": "2.2.3",
"version": "2.2.4",
"WDigest_Protection": {
"description": "Prevent WDigest from storing plaintext passwords in LSASS memory",

2
Modules/AdvancedSecurity/Config/RDP.json
View file

@ -2,7 +2,7 @@
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "RDP Hardening Configuration",
"description": "Configuration for RDP (Remote Desktop Protocol) hardening including NLA enforcement and optional complete disable",
"version": "2.2.3",
"version": "2.2.4",
"NLA_Enforcement": {
"description": "Network Level Authentication (NLA) enforcement settings",

2
Modules/AdvancedSecurity/Private/Block-FingerProtocol.ps1
View file

@ -21,7 +21,7 @@ function Block-FingerProtocol {
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Administrator privileges
REFERENCES:

2
Modules/AdvancedSecurity/Private/Set-SRPRules.ps1
View file

@ -27,7 +27,7 @@ function Set-SRPRules {
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Administrator privileges
REFERENCES:

2
Modules/AdvancedSecurity/Private/Set-WindowsUpdate.ps1
View file

@ -22,7 +22,7 @@ function Set-WindowsUpdate {
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Administrator privileges
Based on: Windows Settings > Windows Update > Advanced options
#>

2
Modules/AdvancedSecurity/Public/Invoke-AdvancedSecurity.ps1
View file

@ -11,7 +11,7 @@ function Invoke-AdvancedSecurity {
- Enterprise: Conservative approach with domain-safety checks
- Maximum: Maximum hardening for air-gapped/high-security environments
Features implemented (v2.2.3):
Features implemented (v2.2.4):
- RDP NLA enforcement + optional complete disable
- WDigest credential protection
- Administrative shares disable (domain-aware)

2
Modules/AntiAI/AntiAI.psd1
View file

@ -1,6 +1,6 @@
@{
RootModule = 'AntiAI.psm1'
ModuleVersion = '2.2.3'
ModuleVersion = '2.2.4'
GUID = 'f8e9d7c6-5b4a-3c2d-1e0f-9a8b7c6d5e4f'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'

4
Modules/AntiAI/AntiAI.psm1
View file

@ -11,7 +11,7 @@
.NOTES
Module: AntiAI
Version: 2.2.3
Version: 2.2.4
Author: NoID Privacy
#>
@ -27,7 +27,7 @@ $privateFunctions = @(
'Disable-Recall'
'Set-RecallProtection'
'Disable-Copilot'
'Disable-CopilotAdvanced' # NEW v2.2.3: URI handlers, Edge sidebar, Recall export
'Disable-CopilotAdvanced' # NEW v2.2.4: URI handlers, Edge sidebar, Recall export
'Disable-ClickToDo'
'Disable-SettingsAgent'
'Disable-ExplorerAI' # NEW: File Explorer AI Actions menu

2
Modules/AntiAI/Private/Disable-CopilotAdvanced.ps1
View file

@ -40,7 +40,7 @@
.NOTES
Requires Administrator privileges.
Part of NoID Privacy AntiAI Module v2.2.3
Part of NoID Privacy AntiAI Module v2.2.4
#>
function Disable-CopilotAdvanced {
[CmdletBinding()]

2
Modules/AntiAI/Private/Test-AntiAICompliance.ps1
View file

@ -42,7 +42,7 @@
.NOTES
Author: NoID Privacy
Version: 2.2.3 (Extended validation)
Version: 2.2.4 (Extended validation)
Requires: Windows 11 24H2+, Administrator privileges
#>

8
Modules/AntiAI/Public/Invoke-AntiAI.ps1
View file

@ -52,7 +52,7 @@
.NOTES
Author: NoID Privacy
Version: 2.2.3
Version: 2.2.4
Requires: Windows 11 24H2 or later, Administrator privileges
Impact: All AI features completely disabled, reboot required
#>
@ -70,7 +70,7 @@ function Invoke-AntiAI {
Write-Host "" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host " ANTI-AI MODULE v2.2.3" -ForegroundColor Cyan
Write-Host " ANTI-AI MODULE v2.2.4" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host ""
Write-Host "Disables 15 AI features (32 policies):" -ForegroundColor White
@ -171,7 +171,7 @@ function Invoke-AntiAI {
@{ Path = "HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\Paint"; Name = "DisableImageCreator"; Type = "DWord" },
@{ Path = "HKLM:\SOFTWARE\Policies\WindowsNotepad"; Name = "DisableAIFeatures"; Type = "DWord" },
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsAI"; Name = "DisableSettingsAgent"; Type = "DWord" },
# NEW v2.2.3: Advanced Copilot Blocking
# NEW v2.2.4: Advanced Copilot Blocking
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsAI"; Name = "AllowRecallExport"; Type = "DWord" },
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Edge"; Name = "EdgeSidebarEnabled"; Type = "DWord" },
@{ Path = "HKLM:\SOFTWARE\Policies\Microsoft\Edge"; Name = "ShowHubsSidebar"; Type = "DWord" },
@ -356,7 +356,7 @@ function Invoke-AntiAI {
}
# ============================================================================
# ADVANCED COPILOT BLOCKING (NEW v2.2.3)
# ADVANCED COPILOT BLOCKING (NEW v2.2.4)
# ============================================================================
Write-Host ""
Write-Host " [Advanced Copilot Blocks]" -ForegroundColor Cyan

2
Modules/DNS/DNS.psd1
View file

@ -2,7 +2,7 @@
# Module manifest for DNS module
RootModule = 'DNS.psm1'
ModuleVersion = '2.2.3'
ModuleVersion = '2.2.4'
GUID = 'a8f7b3c9-4e5d-4a2b-9c1d-8f3e5a7b9c2d'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'

2
Modules/DNS/DNS.psm1
View file

@ -12,7 +12,7 @@
.NOTES
Author: NoID Privacy
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+, Administrator privileges
#>

4
Modules/EdgeHardening/EdgeHardening.psd1
View file

@ -3,7 +3,7 @@
RootModule = 'EdgeHardening.psm1'
# Version number of this module
ModuleVersion = '2.2.3'
ModuleVersion = '2.2.4'
# ID used to uniquely identify this module
GUID = '8e3f4c2a-9b1d-4e7a-a2c5-6f8b3d9e1a4c'
@ -48,7 +48,7 @@
LicenseUri = ''
ProjectUri = ''
ReleaseNotes = @"
v2.2.3 - Production Release
v2.2.4 - Production Release
- Microsoft Edge v139 Security Baseline implementation
- 20 security policies (native PowerShell, no LGPO.exe)
- SmartScreen enforcement with override prevention

2
Modules/EdgeHardening/EdgeHardening.psm1
View file

@ -16,7 +16,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+, Administrator privileges
#>

2
Modules/EdgeHardening/Public/Invoke-EdgeHardening.ps1
View file

@ -48,7 +48,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+, Administrator privileges
IMPORTANT: This applies Microsoft's recommended security baseline.

2
Modules/EdgeHardening/Public/Test-EdgeHardening.ps1
View file

@ -23,7 +23,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Can be run without Administrator privileges
#>

2
Modules/Privacy/Privacy.psd1
View file

@ -1,6 +1,6 @@
@{
RootModule = 'Privacy.psm1'
ModuleVersion = '2.2.3'
ModuleVersion = '2.2.4'
GUID = 'a9f7c8d3-2e5b-4a1f-9c3d-7e8f5a6b2c4d'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'

2
Modules/Privacy/Privacy.psm1
View file

@ -16,7 +16,7 @@
.NOTES
Module: Privacy
Version: 2.2.3
Version: 2.2.4
Author: NoID Privacy
#>

2
Modules/Privacy/Public/Invoke-PrivacyHardening.ps1
View file

@ -354,7 +354,7 @@ function Invoke-PrivacyHardening {
$bloatwareListPath = Join-Path $moduleBackupPath "REMOVED_APPS_LIST.txt"
$listContent = @()
$listContent += "================================================================"
$listContent += " REMOVED APPS - NoID Privacy v2.2.3"
$listContent += " REMOVED APPS - NoID Privacy v2.2.4"
$listContent += " Session: $(Split-Path $moduleBackupPath -Leaf)"
$listContent += " Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
$listContent += "================================================================"

2
Modules/SecurityBaseline/Public/Invoke-SecurityBaseline.ps1
View file

@ -44,7 +44,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3 - Self-Contained Edition
Version: 2.2.4 - Self-Contained Edition
Requires: PowerShell 5.1+, Administrator privileges
BREAKING CHANGE from v1.0:

4
Modules/SecurityBaseline/SecurityBaseline.psd1
View file

@ -1,6 +1,6 @@
@{
RootModule = 'SecurityBaseline.psm1'
ModuleVersion = '2.2.3'
ModuleVersion = '2.2.4'
GUID = 'a1b2c3d4-e5f6-7890-abcd-ef1234567890'
Author = 'NexusOne23'
CompanyName = 'Open Source Project'
@ -26,7 +26,7 @@
LicenseUri = ''
ProjectUri = ''
ReleaseNotes = @"
v2.2.3 - Self-Contained Edition
v2.2.4 - Self-Contained Edition
- NO LGPO.exe REQUIRED! Fully self-contained implementation
- 425 Microsoft Security Baseline settings for Windows 11 25H2
- 335 Registry policies (Computer + User)

2
Modules/SecurityBaseline/SecurityBaseline.psm1
View file

@ -13,7 +13,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+, Administrator privileges
#>

8
NoIDPrivacy-Interactive.ps1
View file

@ -19,7 +19,7 @@
resulting from its use. USE AT YOUR OWN RISK.
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+, Administrator
For CLI mode use: NoIDPrivacy.ps1 -Module <name>
#>
@ -30,7 +30,7 @@
# No parameters - interactive mode only
$ErrorActionPreference = 'Stop'
$Host.UI.RawUI.WindowTitle = "NoID Privacy v2.2.3"
$Host.UI.RawUI.WindowTitle = "NoID Privacy v2.2.4"
# Set script root path (required by modules to load configs)
$script:RootPath = $PSScriptRoot
@ -90,7 +90,7 @@ function Write-Banner {
Clear-Host
Write-Host ""
Write-Host " ========================================" -ForegroundColor Cyan
Write-Host " NoID Privacy v2.2.3 " -ForegroundColor Cyan
Write-Host " NoID Privacy v2.2.4 " -ForegroundColor Cyan
Write-Host " ========================================" -ForegroundColor Cyan
Write-Host ""
Write-Host " Professional Windows 11 Security & Privacy Hardening Framework" -ForegroundColor Gray
@ -105,7 +105,7 @@ function Write-Banner {
$osBuild = if ($os) { $os.BuildNumber } else { $null }
$psVersion = $PSVersionTable.PSVersion.ToString()
$envLine = " Version 2.2.3"
$envLine = " Version 2.2.4"
if ($osBuild) {
$envLine += " | Windows Build $osBuild"
}

6
NoIDPrivacy.ps1
View file

@ -50,7 +50,7 @@
resulting from its use. USE AT YOUR OWN RISK.
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+, Administrator privileges, Windows 11
License: GPL-3.0 (Core CLI). See LICENSE for full terms.
@ -135,7 +135,7 @@ try {
$logDirectory = Join-Path $script:RootPath "Logs"
Initialize-Logger -LogDirectory $logDirectory -MinimumLevel $logLevel
Write-Log -Level INFO -Message "=== NoID Privacy Framework v2.2.3 ===" -Module "Main"
Write-Log -Level INFO -Message "=== NoID Privacy Framework v2.2.4 ===" -Module "Main"
Write-Log -Level INFO -Message "Starting framework initialization..." -Module "Main"
# Load other Core modules
@ -216,7 +216,7 @@ catch {
# Display banner
Write-Host ""
Write-Host "========================================" -ForegroundColor Cyan
Write-Host " NoID Privacy - v2.2.3" -ForegroundColor Cyan
Write-Host " NoID Privacy - v2.2.4" -ForegroundColor Cyan
Write-Host " Windows 11 Security Hardening" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host ""

31
README.md
View file

@ -5,7 +5,7 @@
[![PowerShell](https://img.shields.io/badge/PowerShell-5.1%2B-blue.svg?logo=powershell)](https://github.com/PowerShell/PowerShell)
[![Windows 11](https://img.shields.io/badge/Windows%2011-25H2-0078D4.svg?logo=windows11)](https://www.microsoft.com/windows/)
[![License](https://img.shields.io/badge/license-GPL--3.0-green.svg?logo=gnu)](LICENSE)
[![Version](https://img.shields.io/badge/version-2.2.3-blue.svg)](CHANGELOG.md)
[![Version](https://img.shields.io/badge/version-2.2.4-blue.svg)](CHANGELOG.md)
[![Status](https://img.shields.io/badge/status-production--ready-brightgreen.svg)](CHANGELOG.md)
[![GitHub Stars](https://img.shields.io/github/stars/NexusOne23/noid-privacy?style=flat&logo=github)](https://github.com/NexusOne23/noid-privacy/stargazers)
[![Last Commit](https://img.shields.io/github/last-commit/NexusOne23/noid-privacy?style=flat)](https://github.com/NexusOne23/noid-privacy/commits)
@ -374,17 +374,18 @@ cd noid-privacy
| Module | Settings | Description | Status |
|--------|----------|-------------|--------|
| **SecurityBaseline** | 425 | Microsoft Security Baseline 25H2 | v2.2.3 |
| **ASR** | 19 | Attack Surface Reduction Rules | v2.2.3 |
| **DNS** | 5 | Secure DNS with DoH encryption | v2.2.3 |
| **Privacy** | 78 | Telemetry, Bloatware, OneDrive hardening (Strict) | v2.2.3 |
| **AntiAI** | 32 | AI lockdown (15 features, 32 compliance checks) | v2.2.3 |
| **EdgeHardening** | 24 | Microsoft Edge security (24 policies) | v2.2.3 |
| **AdvancedSecurity** | 50 | Beyond MS Baseline (SRP, Legacy protocols, Wireless Display, Discovery Protocols, IPv6) | v2.2.3 |
| **SecurityBaseline** | 425 | Microsoft Security Baseline 25H2 | v2.2.4 |
| **ASR** | 19 | Attack Surface Reduction Rules | v2.2.4 |
| **DNS** | 5 | Secure DNS with DoH encryption | v2.2.4 |
| **Privacy** | 78 | Telemetry, Bloatware, OneDrive hardening (Strict) | v2.2.4 |
| **AntiAI** | 32 | AI lockdown (15 features, 32 compliance checks) | v2.2.4 |
| **EdgeHardening** | 24 | Microsoft Edge security (24 policies) | v2.2.4 |
| **AdvancedSecurity** | 50 | Beyond MS Baseline (SRP, Legacy protocols, Wireless Display, Discovery Protocols, IPv6) | v2.2.4 |
| **TOTAL** | **633** | **Complete Framework (Paranoid mode)** | **Production** |
**Release Highlights:**
- **v2.2.4:** EDR/XDR detection — CrowdStrike, SentinelOne, Carbon Black + 15 more ([#15](https://github.com/NexusOne23/noid-privacy/issues/15))
- **v2.2.3:** Restore Mode crash fix, Recall snapshot storage verification fix ([#14](https://github.com/NexusOne23/noid-privacy/issues/14))
- **v2.2.2:** Firewall snapshot 60-120s → 2-5s (batch query performance fix)
- **v2.2.1:** Multi-run session bug fix, `.Count` property bug in 5 files
@ -518,10 +519,10 @@ When a third-party antivirus is detected, you'll see a clear notification:
ASR Module Skipped
========================================
Third-party antivirus detected: Kaspersky Total Security
Third-party security product detected: Kaspersky Total Security
ASR rules require Windows Defender to be active.
Your antivirus (Kaspersky Total Security) has its own protection features.
ASR rules require Windows Defender as primary antivirus.
Your security solution (Kaspersky Total Security) has its own protection features.
This is NOT an error - ASR will be skipped.
```
@ -842,9 +843,15 @@ The authors are not responsible for any damage or data loss.
## 📈 Project Status
**Current Version:** 2.2.3
**Current Version:** 2.2.4
**Status:** Production-Ready
### Release Highlights v2.2.4
- **Enhancement:** 3-layer detection for third-party security products (EDR/XDR + traditional AV)
- **Enhancement:** ASR module gracefully skips when CrowdStrike, SentinelOne, etc. are primary ([#15](https://github.com/NexusOne23/noid-privacy/issues/15))
- **Tooling:** `VERSION` file + `Bump-Version.ps1` for automated version management
### Release Highlights v2.2.3
- **Critical Fix:** Restore Mode manual module selection crash (`.Split()``-split`)

4
Start-NoIDPrivacy.bat
View file

@ -7,12 +7,12 @@ REM This script launches NoIDPrivacy-Interactive.ps1 with
REM Administrator privileges (auto-elevation).
REM
REM Author: NexusOne23
REM Version: 2.2.3
REM Version: 2.2.4
REM ========================================
setlocal
title NoID Privacy v2.2.3
title NoID Privacy v2.2.4
REM Get the directory where this batch file is located
set "SCRIPT_DIR=%~dp0"

2
Tests/Run-Tests.ps1
View file

@ -17,7 +17,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+, Pester 5.0+
.EXAMPLE

2
Tests/Setup-TestEnvironment.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
.EXAMPLE

2
Tests/Unit/ASR.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Pester 5.0+
#>

2
Tests/Unit/AdvancedSecurity.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Pester 5.0+
#>

2
Tests/Unit/AntiAI.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Pester 5.0+
#>

2
Tests/Unit/DNS.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Pester 5.0+
#>

2
Tests/Unit/EdgeHardening.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Pester 5.0+
#>

2
Tests/Unit/ModuleTemplate.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Pester 5.0+
#>

2
Tests/Unit/Privacy.Tests.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: Pester 5.0+
#>

4
Tools/Generate-ReleaseChecksums.ps1
View file

@ -13,10 +13,10 @@
Output file for checksums. Default: CHECKSUMS.sha256 in the same directory.
.EXAMPLE
.\Generate-ReleaseChecksums.ps1 -ReleasePath "C:\Release\NoIDPrivacy-v2.2.3"
.\Generate-ReleaseChecksums.ps1 -ReleasePath "C:\Release\NoIDPrivacy-v2.2.4"
.EXAMPLE
.\Generate-ReleaseChecksums.ps1 -ReleasePath ".\NoIDPrivacy-v2.2.3.zip"
.\Generate-ReleaseChecksums.ps1 -ReleasePath ".\NoIDPrivacy-v2.2.4.zip"
#>
[CmdletBinding()]

2
Tools/Parse-EdgeBaseline.ps1
View file

@ -18,7 +18,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
.EXAMPLE

2
Tools/Parse-SecurityBaseline.ps1
View file

@ -25,7 +25,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
.EXAMPLE

8
Tools/Verify-Complete-Hardening.ps1
View file

@ -27,7 +27,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
#>
#Requires -Version 5.1
@ -3308,7 +3308,7 @@ try {
<body>
<div class="container">
<div class="header">
<h1>NoID Privacy v2.2.3</h1>
<h1>NoID Privacy v2.2.4</h1>
<p class="subtitle">Complete Hardening Compliance Report</p>
<span class="badge">All $totalSettings Settings Verified</span>
</div>
@ -3328,7 +3328,7 @@ try {
</div>
<div class="meta-item">
<span class="meta-label">Framework Version</span>
<span class="meta-value">NoID Privacy v2.2.3</span>
<span class="meta-value">NoID Privacy v2.2.4</span>
</div>
</div>
@ -3770,7 +3770,7 @@ try {
</div>
<div class="footer">
<p>Generated by NoID Privacy v2.2.3</p>
<p>Generated by NoID Privacy v2.2.4</p>
<p>Professional Windows 11 Security & Privacy Hardening Framework</p>
</div>
</div>

2
Utils/Compatibility.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
#>

2
Utils/Dependencies.ps1
View file

@ -7,7 +7,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
#>

2
Utils/Hardware.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
#>

2
Utils/Registry.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
#>

2
Utils/Service.ps1
View file

@ -8,7 +8,7 @@
.NOTES
Author: NexusOne23
Version: 2.2.3
Version: 2.2.4
Requires: PowerShell 5.1+
#>

2
VERSION
View file

@ -1 +1 @@
2.2.3
2.2.4

6
config.json
View file

@ -1,5 +1,5 @@
{
"version": "2.2.3",
"version": "2.2.4",
"modules": {
"SecurityBaseline": {
"enabled": true,
@ -48,7 +48,7 @@
"description": "Microsoft Edge v139 Security Baseline: 24 security policies",
"_comment": "Interactive: Allow extensions (Y/N, default: Y)",
"allowExtensions": true,
"version": "2.2.3",
"version": "2.2.4",
"baseline": "Edge v139",
"policies": 24,
"features": {
@ -75,7 +75,7 @@
"disableWirelessDisplay": false,
"disableDiscoveryProtocols": true,
"disableIPv6": false,
"version": "2.2.3",
"version": "2.2.4",
"policies": 50,
"features": {
"rdp_hardening": true,