sysinternals suite trough MS Store (unfinished)

.vscode/bookmarks.json

@@ -49,7 +49,7 @@
 					"label": ""
 				},
 				{
-					"line": 554,
+					"line": 555,
 					"column": 1,
 					"label": ""
 				}
@@ -84,6 +84,16 @@
 					"label": ""
 				}
 			]
+		},
+		{
+			"path": "Rules/IPv4/Outbound/StoreApps.ps1",
+			"bookmarks": [
+				{
+					"line": 343,
+					"column": 10,
+					"label": ""
+				}
+			]
 		}
 	]
 }

Config/ProjectSettings.ps1

@@ -273,7 +273,7 @@ $OFS = " "
 # 4. Enables some disabled unit tests and disables logging
 # 5. Enables setting preference variables for modules
 # NOTE: If changed to $true, change requires PowerShell restart
-Set-Variable -Name Develop -Scope Global -Value $false
+Set-Variable -Name Develop -Scope Global -Value $true
 
 if ($Develop)
 {
@@ -532,6 +532,7 @@ if ($Develop -or !(Get-Variable -Name CheckRemovableVariables -Scope Global -Err
 	Set-Variable -Name DefaultSkipPositivies -Scope Global -Option ReadOnly -Force -Value 0
 
 	# Specify path to sigcheck64.exe if your instance of sigcheck executable isn't in PATH
+	# If sysinternals suite is installed by MS store app it will be in PATH
 	# If digital signature check of a program for which firewall rule is being loaded fails, then
 	# sigcheck64.exe is used to perform hash based online malware analysis via VirusTotal service.
 	# You can get sigcheck64.exe from Microsoft sysinternals site below:

Modules/Ruleset.ProgramInfo/Public/Get-UserApp.ps1

@@ -167,7 +167,7 @@ function Get-UserApp
 			Get-AppxPackage -Name $using:Name -User $using:User -PackageTypeFilter Main
 		}
 
-		# HACK: Hardcoded, a new functioned needed to get remote shares
+		# HACK: Hardcoded, a new function needed to get remote shares
 		[string] $SystemDrive = Get-CimInstance -Class Win32_OperatingSystem -CimSession $CimServer |
 		Select-Object -ExpandProperty SystemDrive
 

Modules/Ruleset.ProgramInfo/Public/Search-Installation.ps1

@@ -279,7 +279,29 @@ function Search-Installation
 		}
 		"SysInternals"
 		{
-			# NOTE: ask user for standalone installation directory of SysInternals
+			if ($Domain -eq [System.Environment]::MachineName)
+			{
+				# TODO: Show warning instead of error when failed (ex. in non elevated run check is Admin)
+				# NOTE: There is supposed to be no Bundle package that is also not Main
+				# TODO: We have Get-UserApp but it doesn't have -AllUsers switch so this is duplicate code,
+				# either implement the switch or make a new function ex. Get-AllUsersApp
+				$SysinternalsSuite = Get-AppxPackage -Name "Microsoft.SysinternalsSuite" -AllUsers -PackageTypeFilter Main
+			}
+			else
+			{
+				$SysinternalsSuite = Invoke-Command @SessionParams -ScriptBlock {
+					# HACK: This will fail in Windows PowerShell with "The system cannot find the file specified"
+					# ISSUE: https://github.com/MicrosoftDocs/windows-powershell-docs/issues/344
+					# See also: https://www.reddit.com/r/sysadmin/comments/lrm3nj/will_getappxpackage_allusers_work_in_remote/
+					Get-AppxPackage -Name "Microsoft.SysinternalsSuite" -AllUsers -PackageTypeFilter Main
+				}
+			}
+
+			if ($SysinternalsSuite)
+			{
+				# NOTE: Otherwise ask user for standalone installation directory of SysInternals
+				Edit-Table $(Format-Path "$($SysinternalsSuite.InstallLocation)\Tools")
+			}
 			break
 		}
 		"OpenSpace"

Rules/IPv4/Outbound/Software/Microsoft/SysInternals.ps1

@@ -112,6 +112,7 @@ Remove-NetFirewallRule -PolicyStore $PolicyStore -Group $Group -Direction $Direc
 
 #
 # SysInternals installation directories
+# TODO: If sysinternals suite is installed by MS Store app, executables will be all x64 without "64" suffix
 #
 $SysInternalsRoot = "%SystemDrive%\tools"