From 13db2683fb46943c25c4fbd4be5b01d0e0401d5e Mon Sep 17 00:00:00 2001 From: metablaster <44481081+metablaster@users.noreply.github.com> Date: Wed, 22 Nov 2023 17:40:20 +0100 Subject: [PATCH] Add rules for OneDriveFile Co-Authoring Executable --- .../IPv4/Outbound/Software/Microsoft/OneDrive.ps1 | 14 ++++++++++++++ Scripts/Security/Remove-ASR.ps1 | 2 +- Scripts/Security/Set-ATP.ps1 | 2 ++ Scripts/Security/Set-Privacy.ps1 | 1 + docs/CHANGELOG.md | 1 + 5 files changed, 19 insertions(+), 1 deletion(-) diff --git a/Rules/IPv4/Outbound/Software/Microsoft/OneDrive.ps1 b/Rules/IPv4/Outbound/Software/Microsoft/OneDrive.ps1 index 5110fd6e..c2e387ad 100644 --- a/Rules/IPv4/Outbound/Software/Microsoft/OneDrive.ps1 +++ b/Rules/IPv4/Outbound/Software/Microsoft/OneDrive.ps1 @@ -197,6 +197,20 @@ if ((Confirm-Installation "OneDrive" ([ref] $OneDriveRoot)) -or $ForceLoad) -InterfaceType $DefaultInterface ` -Description "" | Format-RuleOutput } + + $Program = "$OneDriveRoot\$VersionFolder\FileCoAuth.exe" + if ((Test-ExecutableFile $Program) -or $ForceLoad) + { + New-NetFirewallRule -DisplayName "OneDrive Co-Authoring Executable" ` + -Platform $Platform -PolicyStore $PolicyStore -Profile $DefaultProfile ` + -Service Any -Program $Program -Group $Group ` + -Enabled True -Action Allow -Direction $Direction -Protocol TCP ` + -LocalAddress Any -RemoteAddress Internet4 ` + -LocalPort Any -RemotePort 443 ` + -LocalUser $UsersGroupSDDL ` + -InterfaceType $DefaultInterface ` + -Description "Microsoft OneDriveFile Co-Authoring Executable" | Format-RuleOutput + } } } diff --git a/Scripts/Security/Remove-ASR.ps1 b/Scripts/Security/Remove-ASR.ps1 index 3c3d1c9c..406e3167 100644 --- a/Scripts/Security/Remove-ASR.ps1 +++ b/Scripts/Security/Remove-ASR.ps1 @@ -30,7 +30,7 @@ SOFTWARE. .VERSION 0.15.1 -.GUID a25eb685-36f4-4bb4-b825-61cf2e737a46 +.GUID 621a598a-01bf-4c90-9b1a-2cc682fa3d64 .AUTHOR metablaster zebal@protonmail.com diff --git a/Scripts/Security/Set-ATP.ps1 b/Scripts/Security/Set-ATP.ps1 index dd779ab0..b5093b22 100644 --- a/Scripts/Security/Set-ATP.ps1 +++ b/Scripts/Security/Set-ATP.ps1 @@ -75,6 +75,8 @@ None. Set-ATP.ps1 does not generate any output TODO: There are some exotic options for Set-MpPreference which we don't use TODO: A script is needed to reset ATP modification to factory defaults TODO: More options can be configured such as script scanning +TODO: Comments for each GPO setting should indicate what is the default +TODO: Need to exclude settings which don't apply to target computer .LINK https://github.com/metablaster/WindowsFirewallRuleset/blob/master/Scripts/README.md diff --git a/Scripts/Security/Set-Privacy.ps1 b/Scripts/Security/Set-Privacy.ps1 index 66b30589..6c848f8e 100644 --- a/Scripts/Security/Set-Privacy.ps1 +++ b/Scripts/Security/Set-Privacy.ps1 @@ -64,6 +64,7 @@ None. Set-Privacy.ps1 does not generate any output .NOTES TODO: More Windows privacy options can be set in GPO TODO: A script is needed to reset privacy modification to factory defaults +TODO: Need to exclude settings which don't apply to target computer .LINK https://github.com/metablaster/WindowsFirewallRuleset/blob/master/Scripts/README.md diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index b7511841..b3c512dd 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -35,6 +35,7 @@ Here is a list of changes for each of the releases. - Updated rule related to Windows 11 updates - Added rules for GooglePlay and Bluestacks - Updated rules for Microsoft phone app now known as Microsoft Phone Link + - Added rule for OneDriveFile Co-Authoring Executable - Modules