fix Invoke-Process function

metablaster · Dec 17, 2023 · d154653 · d154653
1 parent dc3f039
commit d154653
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 6 deletions.
diff --git a/Modules/Ruleset.Utility/Public/Invoke-Process.ps1 b/Modules/Ruleset.Utility/Public/Invoke-Process.ps1
@@ -200,7 +200,7 @@ function Invoke-Process
 			$ArgumentList,
 			$Async,
 			$Domain,
-			[string] $InvocationName = $MyInvocation.InvocationName
+			$InvocationName
 		)
 
 		$CommandName = Split-Path -Path $Path -Leaf
@@ -629,18 +629,18 @@ function Invoke-Process
 	} # [ScriptBlock] $Code
 
 	Invoke-Command @SessionParams -ArgumentList $Path, $NoNewWindow, $WorkingDirectory,
-	$LoadUserProfile, $Timeout, $Raw, $RunAsCredential, $ArgumentList, $Async, $Domain -ScriptBlock $Code
+	$LoadUserProfile, $Timeout, $Raw, $RunAsCredential, $ArgumentList, $Async, $Domain, $MyInvocation.InvocationName -ScriptBlock $Code
 	return
 
 	# Inactive code
 	if ($Domain -ne [System.Environment]::MachineName)
 	{
 		Invoke-Command @SessionParams -ArgumentList $Path, $NoNewWindow, $WorkingDirectory,
-		$LoadUserProfile, $Timeout, $Raw, $RunAsCredential, $ArgumentList, $Async -ScriptBlock $Code
+		$LoadUserProfile, $Timeout, $Raw, $RunAsCredential, $ArgumentList, $Async, $Domain, $MyInvocation.InvocationName -ScriptBlock $Code
 	}
 	else
 	{
 		# TODO: Invoking scriptblock, if there is an error entire scriptblock will be print to console in red in Windows PS
-		& $Code $Path $NoNewWindow $WorkingDirectory $LoadUserProfile $Timeout $Raw $RunAsCredential $ArgumentList $Async
+		& $Code $Path $NoNewWindow $WorkingDirectory $LoadUserProfile $Timeout $Raw $RunAsCredential $ArgumentList $Async $Domain $MyInvocation.InvocationName
 	}
 }
diff --git a/Rules/IPv4/Outbound/CoreNetworking.ps1 b/Rules/IPv4/Outbound/CoreNetworking.ps1
@@ -176,6 +176,20 @@ New-NetFirewallRule -DisplayName "DNS to gateway" `
 	-Description "Allow DNS (Domain Name System) requests by System to default gateway." |
 Format-RuleOutput
 
+# TODO: It's unknown which service initiates DNS to gateway but svchost is used
+# To reproduce connect WLAN when adapter DNS is set to default gateway
+New-NetFirewallRule -DisplayName "DNS to gateway" `
+	-Platform $Platform -PolicyStore $PolicyStore -Profile $LocalProfile `
+	-Service Any -Program Any -Group $Group `
+	-Enabled True -Action Allow -Direction $Direction -Protocol UDP `
+	-LocalAddress Any -RemoteAddress DefaultGateway4 `
+	-LocalPort Any -RemotePort 53 `
+	-LocalUser $NetworkService `
+	-InterfaceType $DefaultInterface `
+	-LocalOnlyMapping $false -LooseSourceMapping $false `
+	-Description "Allow DNS (Domain Name System) requests by NETWORK SERVICE to default gateway." |
+Format-RuleOutput
+
 $DnsAccounts = $UsersGroupSDDL
 Merge-SDDL ([ref] $DnsAccounts) -From $AdminGroupSDDL -Unique
 

diff --git a/Rules/IPv4/Outbound/WindowsServices.ps1 b/Rules/IPv4/Outbound/WindowsServices.ps1
@@ -430,6 +430,7 @@ Format-RuleOutput
 
 # BITS to Router info: https://docs.microsoft.com/en-us/windows/win32/bits/network-bandwidth
 # NOTE: Port was 48300, but other random ports can be used too
+# TODO: BITS can't connect to router according to administrative event log
 New-NetFirewallRule -DisplayName "Router capability check (BITS)" `
 	-Platform $Platform -PolicyStore $PolicyStore -Profile $DefaultProfile `
 	-Service BITS -Program $ServiceHost -Group $Group `

diff --git a/Scripts/Grant-Logs.ps1 b/Scripts/Grant-Logs.ps1
@@ -132,7 +132,7 @@ Write-Verbose -Message "[$ThisScript] Verifying firewall log file location"
 if (!(Compare-Path -Path $FirewallLogsFolder -ReferencePath "$ProjectRoot\*" -Loose))
 {
 	# Continue only if firewall logs go to location inside repository
-	Write-Warning -Message "[$ThisScript] Not settings permissions on $FirewallLogsFolder"
+	Write-Warning -Message "[$ThisScript] Not setting permissions on $FirewallLogsFolder"
 	return
 }
 

diff --git a/Scripts/Security/Set-ATP.ps1 b/Scripts/Security/Set-ATP.ps1
@@ -496,7 +496,9 @@ if ($PSCmdlet.ShouldProcess("Microsoft Defender Antivirus", "Configure Advanced
 
 		#
 		# Scheduled scan settings (used to automate full scans at least once a month)
-		# TODO: Figure out how to stop scheduled scan
+		# NOTE: To stop scheduled scan open Compunter management and expand:
+		# System Tools -> Task Scheduler -> Task Scheduler Library -> Microsoft -> Windows -> Windows Defender
+		# End task: Windows Defender Scheduled Scan
 		#
 
 		Write-Information -MessageData "INFO: Specify the scan type to use for a scheduled scan"

diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md
@@ -34,6 +34,7 @@ Here is a list of changes for each of the releases.
   - Added rules for Microsoft PowerToys
   - Updated rule for curl which ships with Git for automatic updates
   - Updated rules for sysinternals suite to handle it if installed trough MS Store
+  - Added unfinished (weak) DNS to gateway rule
 
 - Modules