Remove use of unnecessary inferior functions

[am0nsec]

The current implementation of SharpAppLocker is using inferior functions from the following Assembly Types:

• AppLockerPolicy; and
• PolicyManager

The use of theses Assembly Type will load into the default application domain the following Assemblies:

• Microsoft.Security.ApplicationId.PolicyManagement.PolicyEngineApi.Interop;
• Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager;
• Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel; and
• Microsoft.Security.ApplicationId.PolicyManagement.XmlHelper

In terms of operational security, there is no need to load and use theses Assemblies when they are only wrappers around the IAppIdPolicyHandler COM interface. My PR aim to use the IAppIdPolicyHandler directly in order to avoid unnecessary Assembly to be loaded.

As show below, this is the Assembly loaded by SharpAppLocker

Below the list of Assemblies loaded with my PR:

The Get-AppLockerPolicy PowerShell Cmdlet is nothing more than a wrapper around the aforementioned COM interface. The definition of the interface can be easily found by reverse engineering the following two .NET Framework Assemblies:

• Microsoft.Security.ApplicationId.PolicyManagement.PolicyManager; and
• Microsoft.Security.ApplicationId.PolicyManagement.PolicyModel

Please note that for the moment the output of the application will be a bit different due to the methods from the COM interface return (in a BSTR varaible) the policies in an XML format.

Example with XML output of local AppLocker policies. In this case this is just the default policies.

Another example with JSON output of effective AppLocker policies.

[Flangvik]

Appreciate the time and effort into this, great stuff! 🔥