github HotCakeX/Harden-Windows-Security AppControlManager-v2.0.55.0
AppControl Manager v2.0.55.0
on GitHub

latest release: HardenSystemSecurity-v1.0.30.0
3 days ago

Installation

install AppControl Manager from Microsoft Store

Install it from the Microsoft Store: https://apps.microsoft.com/detail/9png1jddtgp8

Documentation

What's New

Advanced UEFI Secure Boot Variable Inspector

This update introduces a new feature in the View File Certificates page for analyzing the firmware's UEFI variables and Secure Boot data directly from the application. Users can now gain full transparency into the platform's root of trust without relying on external tools or rebooting into BIOS setup.

Tip

These features are especially useful for the upcoming Secure Boot Certificate updates so you can know if your device has automatically received the new certificates or you need to take manual actions.

Key capabilities include:

  • Get Platform Key: Retrieve the Platform Key (PK), the root of trust that controls access to the Key Exchange Key database and establishes ownership of the platform.

  • Get Key Exchange Key: Retrieve the Key Exchange Key (KEK) database, containing keys trusted to update the signature database (db) and the forbidden signature database (dbx).

  • Get Signature Database: Retrieve the Signature Database (db), containing the list of trusted certificates and hashes allowed to execute on this system.

  • Get Forbidden Signature Database: Retrieve the Forbidden Signature Database (dbx), containing the revocation list of compromised certificates and hashes that are blocked from booting.

The default variation of all of them can be independently retrieved as well, representing the factory default state provided by the system manufacturer.

Note

Potential for Detecting Virtual Machines

Virtual machines running on hypervisors such as Hyper-V, VMware, or VirtualBox show different values than a real bare metal system.

  • Hyper-V: At the time of this writing, Hyper-V VMs do not display all of the Default variations of UEFI variables; in fact, you will encounter an error when attempting to get the values of PKDefault or dbxDefault. Whether the VM is shielded or not does not have any effect on the results.

  • VirtualBox: At the time of this writing, attempting to get many of the UEFI variables mentioned in this post results in an error on VirtualBox VMs.

  • VMware: At the time of this writing, attempting to get the Platform Key or Default Platform Key in VMware Workstation VMs results in 0 certificates, an anomaly that can be considered an indicator of a VM. Additionally, getting the default DBX database results in significantly fewer forbidden hashes than those available on the host. The Default and non-default DB both have certificates with the subject VMware, Inc., which can clearly help identify that the system is a VM.

Other Changes

  • Improved memory management and resource usage throughout the app.

PRs


How to verify the MSIXBundle's authenticity: 

gh attestation verify "Path To MSIXBundle" --repo HotCakeX/Harden-Windows-Security --format json

You can install the GitHub CLI from Winget: 

winget install --id GitHub.cli

Check out latest releases or
releases around HotCakeX/Harden-Windows-Security AppControlManager-v2.0.55.0

Don't miss a new Harden-Windows-Security release

NewReleases is sending notifications on new releases.

Get notifications