Research-driven roadmap drain: 30+ fixes and features across security, fleet operations, coverage, and UX.
Highlights
Critical fixes
- Firewall phase no longer deletes the CCXProcess/AdobeIPCBroker rules created by earlier phases (they survived only with
-Only). - Hosts file modification now holds an exclusive lock across the whole read-modify-write and writes BOM-free UTF-8.
opm.dbtelemetry database is now cleaned (was gated on-PathType Container).- GrowthSDK retry loop now actually re-attempts the delete; legacy undo restores renamed startup shortcuts;
-Skipnow wins when combined with-Only. - Guard against the CVE-2025-54100
Invoke-WebRequestvector (-UseBasicParsingeverywhere).
New capabilities
- DNS-over-HTTPS bypass detection with a warning and
-StatusOnlyreporting. -LockHostsFile(opt-in): deny SYSTEM write so Adobe WAM can't re-inject its hosts entry.-AllUsers(opt-in): apply per-user telemetry policies to every profile (loaded + offline hives), reversible via-Undo.- Windows Application event log run-summaries (EventIDs 1000/2000/3000/4000) for SIEM/EDR.
- Intune detection/remediation script pair under
fleet/. - Non-blocking update check against GitHub Releases (24h cache).
- Refreshed telemetry domain inventory (Standard now blocks 60 domains); Aggressive adds recursive per-exe firewalling, DoT (port 853) blocking, and Acrobat/AcroRd32 outbound blocking.
Quality
-StatusOnlynow reports neutralization artifacts and watchdog run info; run summary is an aligned table; GUI adds the new opt-in checkboxes, a progress bar, and an update-available label, and no longer orphans child processes.- 112 Pester tests (was 82).
See CHANGELOG for the full list. Verify the download with SHA256SUMS.txt.