Merge pull request #2031 from microsoft/main

Release 3-7-24

Admin/Test-AMSI.ps1

@@ -197,8 +197,13 @@ begin {
             if ($IgnoreSSL -and ![System.Net.ServicePointManager]::ServerCertificateValidationCallback) {
                 Enable-TrustAnyCertificateCallback
             }
-            $StringDate = (Get-Date -Format yyyyMMddhhmmss)
-            Invoke-WebRequest https://$Server/ecp/CSS-Test-$StringDate.js -Method POST -Headers @{ "Host" = "$Server" } -WebSession $CookieContainer
+
+            $length = 10
+            $characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'.ToCharArray()
+            $randomString = -join ($characters | Get-Random -Count $length)
+            $UrlStem = "/ecp/Test-$randomString.js"
+            $urlRequest = "https://$Server$UrlStem"
+            Invoke-WebRequest -Uri $urlRequest -Method POST -Headers @{ "Host" = "$Server" } -WebSession $CookieContainer -DisableKeepAlive
         } catch [System.Net.WebException] {
             $Message = ($_.Exception.Message).ToString().Trim()
             $currentForegroundColor = $host.ui.RawUI.ForegroundColor
@@ -224,10 +229,10 @@ begin {
                     Write-Host "You can check your log files located in %ExchangeInstallPath%\Logging\HttpRequestFiltering\ in all server included in $Server endpoint"
                 }
                 $host.ui.RawUI.ForegroundColor = $currentForegroundColor
-                Write-Host  "You should find a request for CSS-Test-$StringDate.js in the HttpRequestFiltering logs"
+                Write-Host "You should find a request for $UrlStem in the HttpRequestFiltering logs"
                 if ($IsExchangeServer) {
                     Write-Host ""
-                    Write-Host "Looking for a request CSS-Test-$StringDate.js in the HttpRequestFiltering logs"
+                    Write-Host "Looking for a request $UrlStem in the HttpRequestFiltering logs"
                     $HttpRequestFilteringLogFolder = $null
 
                     if ($ExchangePath) {
@@ -246,7 +251,7 @@ begin {
                                 $file = Get-ChildItem $HttpRequestFilteringLogFolder -Filter "HttpRequestFiltering_*.log" | Sort-Object LastWriteTime -Descending | Select-Object -First 1 -Property *
                                 if ($file) {
                                     $found = $null
-                                    $found = $file | Get-Content | Select-String "/ecp/CSS-Test-$StringDate.js"
+                                    $found = $file | Get-Content | Select-String $UrlStem
                                     if ($found) {
                                         if ($found.Line -match "Detected") {
                                             Write-Host "We found the request Detected in HttpRequestFiltering logs: " -ForegroundColor Green

Diagnostics/AVTester/Test-ExchAVExclusions.ps1

@@ -330,20 +330,112 @@ while ($currentDiff -gt 0) {
         $ModuleAllowList = New-Object Collections.Generic.List[string]
 
         # cSpell:disable
-        $ModuleAllowList.add("Google.Protobuf.dll")
+
+        # No company name
+
+        #Exchange 2013
+        # Bin\Search\Ceres\HostController\Data\Repository\Journal\
+        $ModuleAllowList.add("Microsoft.Exchange.TransportFlow.50.dll")
+        $ModuleAllowList.add("Microsoft.ClientResourceView.FlowService.dll")
+        $ModuleAllowList.add("Microsoft.Exchange.TransportFlowMdm.50.dll")
+        $ModuleAllowList.add("Microsoft.Exchange.Search.Writer.50.dll")
+
+        $ModuleAllowList.add("FUSE.Paxos.Network.dll")
+        $ModuleAllowList.add("FUSE.Weld.Base.Portable.dll")
+        $ModuleAllowList.add("ParallelExtensionsExtras.dll")
+        $ModuleAllowList.add("Google.ProtocolBuffers.dll")
+
+        #Exchange 2016
+        # Bin\Search\Ceres\HostController\Data\Repository\Journal\
+        $ModuleAllowList.add("Microsoft.Exchange.TransportFlowMdm.105.dll")
+        $ModuleAllowList.add("Microsoft.Exchange.TransportFlow.105.dll")
+        $ModuleAllowList.add("Microsoft.Exchange.Search.Writer.109.dll")
+        $ModuleAllowList.add("Microsoft.Exchange.WatermarkCtsFlow.100.dll")
+
+        $ModuleAllowList.add("Bond.Precompiler.dll")
+        $ModuleAllowList.add("Microsoft.Applications.Telemetry.dll")
+        $ModuleAllowList.add("Microsoft.Applications.Telemetry.Server.dll")
         $ModuleAllowList.add("Microsoft.RightsManagementServices.Core.dll")
+        $ModuleAllowList.add("Microsoft.Search.ObjectStore.Client.dll")
+        $ModuleAllowList.add("ParallelExtensionsExtras.dll")
+        $ModuleAllowList.add("System.IdentityModel.Tokens.Jwt.dll")
+        $ModuleAllowList.add("Owin.dll")
+        $ModuleAllowList.add("Google.ProtocolBuffers.dll")
+
+        $ModuleAllowList.add("DiskLockerApi.dll")
+        $ModuleAllowList.add("ExDbFailureItemApi.dll")
+        $ModuleAllowList.add("ManagedBlingSigned.dll")
+        $ModuleAllowList.add("Microsoft.DSSMNativeSSELib.dll")
+
+        #Exchange 2019
+        $ModuleAllowList.add("Microsoft.Exchange.BigFunnelFlow.28.dll")
+        $ModuleAllowList.add("BigFunnel.NeuralTree.dll")
+
+        #.NET Foundation
+        $ModuleAllowList.add("Microsoft.AspNet.SignalR.Core.dll")
+        $ModuleAllowList.add("Microsoft.AspNet.SignalR.SystemWeb.dll")
+
+        #Microsoft Research Limited
+        $ModuleAllowList.add("Infer.Compiler.dll")
+        $ModuleAllowList.add("Infer.Runtime.dll")
+
+        #The Legion of the Bouncy Castle
+        $ModuleAllowList.add("BouncyCastle.Crypto.dll")
+
+        #Google Inc.
+        $ModuleAllowList.add("Google.Protobuf.dll")
+
+        #Newtonsoft
         $ModuleAllowList.add("Newtonsoft.Json.dll")
+        $ModuleAllowList.add("Newtonsoft.Json.Bson.dll")
+
+        #Marc Gravell
+        $ModuleAllowList.add("protobuf-net.dll")
+        $ModuleAllowList.add("protobuf-net.Core.dll")
+
+        #Matthew Manela
+        $ModuleAllowList.add("DiffPlex.dll")
+
+        #The Apache Software Foundation
+        $ModuleAllowList.add("log4net.dll")
+
+        #http://system.data.sqlite.org/
+        $ModuleAllowList.add("System.Data.SQLite.dll")
+
+        #Robert Simpson, et al.
+        $ModuleAllowList.add("SQLite.Interop.dll")
+
+        #Microsoft.Cloud.InstrumentationFramework.*
         $ModuleAllowList.add("Microsoft.Cloud.InstrumentationFramework.Events.dll")
-        $ModuleAllowList.add("HealthServicePerformance.dll")
-        $ModuleAllowList.add("InterceptCounters.dll")
-        $ModuleAllowList.add("MOMConnectorPerformance.dll")
-        $ModuleAllowList.add("ExDbFailureItemApi.dll")
+        $ModuleAllowList.add("Microsoft.Cloud.InstrumentationFramework.Health.dll")
         $ModuleAllowList.add("Microsoft.Cloud.InstrumentationFramework.Metrics.dll")
-        $ModuleAllowList.add("IfxMetrics.dll")
-        $ModuleAllowList.add("ManagedBlingSigned.dll")
-        $ModuleAllowList.add("l3codecp.acm")
-        $ModuleAllowList.add("System.IdentityModel.Tokens.jwt.dll")
+
+        #Windows
         $ModuleAllowList.add("prxyqry.DLL")
+        #Windows Fraunhofer IIS MPEG Audio Layer-3 ACM codec - MPEG Audio Layer-3 Codec for MSACM
+        $ModuleAllowList.add("l3codecp.acm")
+
+        # CompanyName allow list
+        $CompanyNameAllowList = New-Object Collections.Generic.List[string]
+        $CompanyNameAllowList.Add("Microsoft Corporation")
+        $CompanyNameAllowList.Add("Microsoft Corporation.")
+        $CompanyNameAllowList.Add("Microsoft")
+        $CompanyNameAllowList.Add("Microsoft Corp.")
+        $CompanyNameAllowList.Add("Microsoft CoreXT")
+        #$CompanyNameAllowList.Add("Microsoft Research Limited") #Only 2 modules
+
+        $CompanyNameAllowList.Add("Корпорация Майкрософт")
+        $CompanyNameAllowList.Add("Корпорація Майкрософт")
+        $CompanyNameAllowList.Add("Корпорація Майкрософт (Microsoft Corporation)")
+        $CompanyNameAllowList.Add("Корпорація Майкрософт (Microsoft Corporation)")
+        $CompanyNameAllowList.Add("Microsoft  корпорациясы")
+        $CompanyNameAllowList.Add("Корпорация Майкрософт.")
+
+        # CompanyName allow list
+        $FIPCompanyNameAllowList = New-Object Collections.Generic.List[string]
+        $FIPCompanyNameAllowList.Add("Oracle Corporation")
+        $FIPCompanyNameAllowList.Add("Oracle Corp.")
+
         # cSpell:enable
 
         Write-Verbose "Allow List Module Count: $($ModuleAllowList.count)"
@@ -360,11 +452,11 @@ while ($currentDiff -gt 0) {
 
             # Remove Microsoft modules
             Write-Verbose "Removing Microsoft Modules"
-            $ProcessModules = $ProcessModules | Where-Object { $_.FileVersionInfo.CompanyName -ne "Microsoft Corporation." -and $_.FileVersionInfo.CompanyName -ne "Microsoft" -and $_.FileVersionInfo.CompanyName -ne "Microsoft Corporation" }
+            $ProcessModules = $ProcessModules | Where-Object { $_.FileVersionInfo.CompanyName -notin $CompanyNameAllowList }
 
             # Remove Oracle modules on FIPS
             Write-Verbose "Removing Oracle Modules"
-            $ProcessModules = $ProcessModules | Where-Object { (-not($_.FileName -like "*\FIP-FS\Bin\*" -and $_.FileVersionInfo.CompanyName -eq "Oracle Corporation")) }
+            $ProcessModules = $ProcessModules | Where-Object { (-not($_.FileName -like "*\FIP-FS\Bin\*" -and ($_.FileVersionInfo.CompanyName -in $FIPCompanyNameAllowList))) }
 
             # Clear out modules from the allow list
             Write-Verbose "Removing Allow Modules"

docs/Admin/Test-ExchangePropertyPermissions.md

@@ -1,6 +1,6 @@
 # Test-ExchangePropertyPermissions
 
-Download the latest release: [Update-Engines.ps1](https://github.com/microsoft/CSS-Exchange/releases/latest/download/Update-Engines.ps1)
+Download the latest release: [Test-ExchangePropertyPermissions.ps1](https://github.com/microsoft/CSS-Exchange/releases/latest/download/Test-ExchangePropertyPermissions.ps1)
 
 ## Syntax
 

docs/Security/ExchangeExtendedProtectionManagement.md

@@ -18,6 +18,12 @@ elevated Exchange Management Shell (EMS) command prompt.
 
 #### Examples:
 
+This syntax will process the prerequisites check only against the servers that you provided. This will execute the same checks as if you were attempting to configure Extended Protection.
+
+```powershell
+PS C:\> .\ExchangeExtendedProtectionManagement.ps1 -PrerequisitesCheckOnly
+```
+
 This syntax enables Extended Protection on all Exchange Servers that are online that we can reach.
 
 ```powershell
@@ -103,12 +109,6 @@ This syntax will disable Extended Protection configuration for all the Exchange
 PS C:\> .\ExchangeExtendedProtectionManagement.ps1 -DisableExtendedProtection
 ```
 
-This syntax will process the prerequisites check only against the servers that you provided. This will execute the same checks as if you were attempting to configure Extended Protection.
-
-```powershell
-PS C:\> .\ExchangeExtendedProtectionManagement.ps1 -PrerequisitesCheckOnly
-```
-
 ## Parameters
 
 Parameter | Description