Remove use of unnecessary inferior functions #1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current implementation of SharpAppLocker is using inferior functions from the following Assembly Types:
The use of theses Assembly Type will load into the default application domain the following Assemblies:
In terms of operational security, there is no need to load and use theses Assemblies when they are only wrappers around the IAppIdPolicyHandler COM interface. My PR aim to use the IAppIdPolicyHandler directly in order to avoid unnecessary Assembly to be loaded.
As show below, this is the Assembly loaded by
SharpAppLocker
Below the list of Assemblies loaded with my PR:
The
Get-AppLockerPolicy
PowerShell Cmdlet is nothing more than a wrapper around the aforementioned COM interface. The definition of the interface can be easily found by reverse engineering the following two .NET Framework Assemblies:Please note that for the moment the output of the application will be a bit different due to the methods from the COM interface return (in a BSTR varaible) the policies in an XML format.
Example with XML output of local AppLocker policies. In this case this is just the default policies.
Another example with JSON output of effective AppLocker policies.