mirror of
https://github.com/NexusOne23/noid-privacy.git
synced 2026-02-07 12:11:53 +01:00
130 lines
6 KiB
PowerShell
130 lines
6 KiB
PowerShell
#Requires -Version 5.1
|
|
|
|
<#
|
|
.SYNOPSIS
|
|
Applies enterprise-grade Recall protection (app/URI deny lists, storage limits).
|
|
|
|
.DESCRIPTION
|
|
Configures 4 additional Recall policies for maximum data protection:
|
|
1. SetDenyAppListForRecall - Apps never captured in snapshots (Browser, Terminal, Password managers, RDP)
|
|
2. SetDenyUriListForRecall - Websites/URLs never captured (Banking, Email, Login pages)
|
|
3. SetMaximumStorageDurationForRecallSnapshots - Max retention: 30 days
|
|
4. SetMaximumStorageSpaceForRecallSnapshots - Max storage: 10 GB
|
|
|
|
Note: These are additional protection layers BEYOND core Recall disable policies.
|
|
Even though Recall is disabled, these provide defense-in-depth.
|
|
|
|
.EXAMPLE
|
|
Set-RecallProtection
|
|
#>
|
|
function Set-RecallProtection {
|
|
[CmdletBinding()]
|
|
param(
|
|
[Parameter(Mandatory = $false)]
|
|
[switch]$DryRun
|
|
)
|
|
|
|
Write-Log -Level DEBUG -Message "Applying Recall enterprise protection (deny lists + storage limits)" -Module "AntiAI"
|
|
|
|
$result = [PSCustomObject]@{
|
|
Success = $false
|
|
Applied = 0
|
|
Errors = @()
|
|
}
|
|
|
|
try {
|
|
if ($DryRun) {
|
|
Write-Log -Level DEBUG -Message "[DRYRUN] Would set Recall protection (Deny lists + Storage limits)" -Module "AntiAI"
|
|
$result.Success = $true
|
|
return $result
|
|
}
|
|
|
|
$regPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsAI"
|
|
|
|
if (-not (Test-Path $regPath)) {
|
|
New-Item -Path $regPath -Force | Out-Null
|
|
Write-Log -Level DEBUG -Message "Created registry path: $regPath" -Module "AntiAI"
|
|
}
|
|
|
|
# 1. App Deny List - Critical apps never captured in snapshots
|
|
$denyApps = @(
|
|
"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!App", # Edge Browser (Banking, passwords)
|
|
"Microsoft.WindowsTerminal_8wekyb3d8bbwe!App", # Terminal (CLI passwords, keys)
|
|
"KeePassXC_8wekyb3d8bbwe!KeePassXC", # Password Manager
|
|
"Microsoft.RemoteDesktop_8wekyb3d8bbwe!App" # RDP (remote system access)
|
|
)
|
|
|
|
# Store as proper MultiString (string array) so policies are visible to compliance checks
|
|
$existing = Get-ItemProperty -Path $regPath -Name "SetDenyAppListForRecall" -ErrorAction SilentlyContinue
|
|
if ($null -ne $existing) {
|
|
Set-ItemProperty -Path $regPath -Name "SetDenyAppListForRecall" -Value $denyApps -Force
|
|
} else {
|
|
New-ItemProperty -Path $regPath -Name "SetDenyAppListForRecall" -Value $denyApps -PropertyType MultiString -Force | Out-Null
|
|
}
|
|
Write-Log -Level DEBUG -Message "Set App Deny List: $($denyApps.Count) critical apps protected" -Module "AntiAI"
|
|
$result.Applied++
|
|
|
|
# 2. URI Deny List - Critical websites never captured in snapshots
|
|
$denyUris = @(
|
|
"*.bank.*", # All banking sites
|
|
"*.paypal.*", # Payment processor
|
|
"*.bankofamerica.*", # Major bank
|
|
"mail.*", # Email sites
|
|
"webmail.*", # Webmail sites
|
|
"*password*", # Any password-related pages
|
|
"*login*" # Any login pages
|
|
)
|
|
|
|
# Store as MultiString using string array
|
|
$existing = Get-ItemProperty -Path $regPath -Name "SetDenyUriListForRecall" -ErrorAction SilentlyContinue
|
|
if ($null -ne $existing) {
|
|
Set-ItemProperty -Path $regPath -Name "SetDenyUriListForRecall" -Value $denyUris -Force
|
|
} else {
|
|
New-ItemProperty -Path $regPath -Name "SetDenyUriListForRecall" -Value $denyUris -PropertyType MultiString -Force | Out-Null
|
|
}
|
|
Write-Log -Level DEBUG -Message "Set URI Deny List: $($denyUris.Count) URL patterns protected" -Module "AntiAI"
|
|
$result.Applied++
|
|
|
|
# 3. Storage Duration Limit - Max 30 days retention
|
|
$existing = Get-ItemProperty -Path $regPath -Name "SetMaximumStorageDurationForRecallSnapshots" -ErrorAction SilentlyContinue
|
|
if ($null -ne $existing) {
|
|
Set-ItemProperty -Path $regPath -Name "SetMaximumStorageDurationForRecallSnapshots" -Value 30 -Force
|
|
} else {
|
|
New-ItemProperty -Path $regPath -Name "SetMaximumStorageDurationForRecallSnapshots" -Value 30 -PropertyType DWord -Force | Out-Null
|
|
}
|
|
Write-Log -Level DEBUG -Message "Set max snapshot retention: 30 days" -Module "AntiAI"
|
|
$result.Applied++
|
|
|
|
# 4. Storage Space Limit - Max 10 GB
|
|
$existing = Get-ItemProperty -Path $regPath -Name "SetMaximumStorageSpaceForRecallSnapshots" -ErrorAction SilentlyContinue
|
|
if ($null -ne $existing) {
|
|
Set-ItemProperty -Path $regPath -Name "SetMaximumStorageSpaceForRecallSnapshots" -Value 10 -Force
|
|
} else {
|
|
New-ItemProperty -Path $regPath -Name "SetMaximumStorageSpaceForRecallSnapshots" -Value 10 -PropertyType DWord -Force | Out-Null
|
|
}
|
|
Write-Log -Level DEBUG -Message "Set max snapshot storage: 10 GB" -Module "AntiAI"
|
|
$result.Applied++
|
|
|
|
# Verify
|
|
$values = Get-ItemProperty -Path $regPath -ErrorAction SilentlyContinue
|
|
|
|
$verified = ($null -ne $values.SetDenyAppListForRecall) -and
|
|
($null -ne $values.SetDenyUriListForRecall) -and
|
|
($values.SetMaximumStorageDurationForRecallSnapshots -eq 30) -and
|
|
($values.SetMaximumStorageSpaceForRecallSnapshots -eq 10)
|
|
|
|
if ($verified) {
|
|
Write-Log -Level DEBUG -Message "Verification SUCCESS: All Recall protection policies applied" -Module "AntiAI"
|
|
$result.Success = $true
|
|
}
|
|
else {
|
|
$result.Errors += "Verification FAILED: Not all Recall protection policies were applied"
|
|
}
|
|
}
|
|
catch {
|
|
$result.Errors += "Failed to apply Recall protection: $($_.Exception.Message)"
|
|
Write-Error $result.Errors[-1]
|
|
}
|
|
|
|
return $result
|
|
}
|