Skip to content

v2.5.0

Latest

Choose a tag to compare

@SysAdminDoc SysAdminDoc released this 02 Jul 05:04

Research-driven roadmap drain: 30+ fixes and features across security, fleet operations, coverage, and UX.

Highlights

Critical fixes

  • Firewall phase no longer deletes the CCXProcess/AdobeIPCBroker rules created by earlier phases (they survived only with -Only).
  • Hosts file modification now holds an exclusive lock across the whole read-modify-write and writes BOM-free UTF-8.
  • opm.db telemetry database is now cleaned (was gated on -PathType Container).
  • GrowthSDK retry loop now actually re-attempts the delete; legacy undo restores renamed startup shortcuts; -Skip now wins when combined with -Only.
  • Guard against the CVE-2025-54100 Invoke-WebRequest vector (-UseBasicParsing everywhere).

New capabilities

  • DNS-over-HTTPS bypass detection with a warning and -StatusOnly reporting.
  • -LockHostsFile (opt-in): deny SYSTEM write so Adobe WAM can't re-inject its hosts entry.
  • -AllUsers (opt-in): apply per-user telemetry policies to every profile (loaded + offline hives), reversible via -Undo.
  • Windows Application event log run-summaries (EventIDs 1000/2000/3000/4000) for SIEM/EDR.
  • Intune detection/remediation script pair under fleet/.
  • Non-blocking update check against GitHub Releases (24h cache).
  • Refreshed telemetry domain inventory (Standard now blocks 60 domains); Aggressive adds recursive per-exe firewalling, DoT (port 853) blocking, and Acrobat/AcroRd32 outbound blocking.

Quality

  • -StatusOnly now reports neutralization artifacts and watchdog run info; run summary is an aligned table; GUI adds the new opt-in checkboxes, a progress bar, and an update-available label, and no longer orphans child processes.
  • 112 Pester tests (was 82).

See CHANGELOG for the full list. Verify the download with SHA256SUMS.txt.