Recommended block rules #506#526
Open
chlaplan wants to merge 9 commits into
Open
Conversation
• FolderHashScanForm.cs — New dialog for folder-based hash file scanning with browse, subfolder toggle, file checklist, and hash type selection Modified Files CustomRuleConditionsPanel.cs • Added hash mode panel with Single File, Multiple Files radio buttons and Folder Scan... button • "Folder Scan..." button directly opens FolderHashScanForm dialog • Multi-file and folder scan modes batch files into a single FolderScan-type rule using New-CIPolicy -ScanPath (instead of one PowerShell call per file) • Selected files are copied to a temp folder preserving subfolder structure from the source • Stores SourceFolderPath and HashTypesToKeep on the rule for downstream processing FolderHashScanForm.cs • Browse folder with optional Include subfolders checkbox • Scan Folder button enumerates files by common PE/script extensions • Select All / Deselect All for the file checklist • Hash type checkboxes: Hash SHA1, Hash SHA256, Hash Page SHA1, Hash Page SHA256, and All (toggle) • Exposes SelectedFiles, SelectedHashTypes, SourceFolderPath, IncludeSubfolders, AllFilesSelected • Dark mode support SigningRules_Control.cs • Added AddRuleToTableWithoutClosing() method to support batch rule insertion without closing the custom rules panel Policy.cs (PolicyCustomRules class) • Added HashTypesToKeep property (HashSet<string>) — hash types to retain when filtering generated policy XML • Added SourceFolderPath property (string) — original folder path for FriendlyName correction MainForm.cs • Added using System.Linq • FriendlyName fix: after scan, replaces temp folder path in each rule's FriendlyName with the original source folder path (preserving subfolders) • Hash type filtering: removes unwanted hash types (Hash SHA1, Hash Page SHA256, etc.) from generated policy based on user's checkbox selections • Progress bar improvements: • ProcessCustomValueRules(BackgroundWorker, SiPolicy) now reports incremental progress 0–25% per rule • ProcessSignerRules(BackgroundWorker, SiPolicy) shows "Processing rule X of Y ..." with accurate counts • FolderScan shows phased status: "Scanning folder: ...", "Scan complete. Applying hash type filters ...", "Filtered: kept X of Y hash rules.", "Merging scanned policy rules ..." • ProgressChanged handler respects custom UserState messages
This reverts commit 162dd88.
• Added -NoLogo -NonInteractive flags to PowerShell invocation to reduce startup overhead • Fixed potential deadlock: moved StandardOutput.ReadToEnd() and StandardError.ReadToEnd() before WaitForExit() to prevent buffer-full hang MainForm.cs • Fixed progress bar stalling at 25% during Folder Scan by reporting progress after skipping non-applicable rules • Added mid-scan progress report (~55%) before CreateScannedPolicyFromPS(PolicyCustomRules, string, string) so UI shows activity during long scans • Updated progress status text: "Scanning and processing rules (this may take a few minutes) ..." for the 25-80% range
518 update file scan UI process
This reverts commit e7f6333.
Added a checker to see if the edit policy has merge rules, if so have the check box(es) checked Fixed Duplicating rules on re-check • MergeFileRules(Object[], Object[]) now skips incoming Allow/Deny/FileRule entries whose ID already exists in the destination policy (case-insensitive). Added a GetFileRuleId(Object) helper. • MergeProductSigners(ProductSigners, ProductSigners) now dedupes FileRuleRef entries by RuleID the same way. • Re-merging the Recommended Driver/User-Mode Blocklist is now idempotent.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
#506
This pull request updates the
Recommended_UserMode_Blocklist.xmlpolicy template and improves the policy merging logic inPolicyHelper.csto enhance rule deduplication and maintain consistency. The main changes include new rule options, the addition and adjustment of allow/deny rules, improvements to file version handling, and more robust deduplication during policy merges.Policy template enhancements:
Policy metadata updates:
10.1.0.2to10.2.0.0in both the<VersionEx>and<Settings>sections to reflect these changes. [1] [2]Policy merging logic improvements:
MergePoliciesfunction inPolicyHelper.csto deduplicate file rules based on content (hash or file name + version range) rather than just IDs. This prevents re-insertion of duplicate rules when merging policies, even if IDs differ. FileRuleRef IDs in signing scenarios are now remapped to existing IDs when duplicates are found, ensuring correct deduplication throughout the merge process.These updates make the blocklist more comprehensive, future-proof, and ensure that policy merges are more reliable and maintainable.