New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
implement Cylance PROTECT generalization #100
implement Cylance PROTECT generalization #100
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good so far, but ozzy must test it on custome rlevel
let the pull request open until the script is fully tested |
Hey guys, quick dumb question. This does look like the generalizations reg keys we know of, but errors out when testing due to the BIS-F PowerShell commandlets not being loaded. Was I not supposed to just run this as normal to test it or do I need to load your PowerShell commandlets first and run from somewhere else? The keys it is looking to delete are the ones we have noted for generalization. |
Checkout https://eucweb.com/kba/27190824 |
Perfect. I eft for day, but will run through next week when I am at synergy. See you guys there maybe. |
Alright, so ran on our production image and this is what we have:
Here is screenshot: |
@matthias-schlimm just wanted to make sure you saw my comment above. We have now been running the generalization part within the BIS-F framework for a bit and sealed several times. All good there (outside of it showing failed on stopping service as mentioned above). So yea, just the CTX recommended 'compatibility mode' would be a nice option to enable/disable as well for most environments to get added in for that one registry key. |
Yes, will update the code shorty to use the compatibility mode as you described
… Am 07.06.2019 um 18:48 schrieb ozzy01 ***@***.***>:
@matthias-schlimm just wanted to make sure you saw my comment above. We have now been running the generalization part within the BIS-F framework for a bit and sealed several times. All good there (outside of it showing failed on stopping service as mentioned above). So yea, just the CTX recommended 'compatibility mode' would be a nice option to enable/disable as well for most environments to get added in for that one registry key.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Fixes #89 - implements Cylance PROTECT generalization during preparation phase