Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature]: Add environment variable checks/fixes #457

Open
P0W3 opened this issue Dec 5, 2024 · 1 comment
Open

[Feature]: Add environment variable checks/fixes #457

P0W3 opened this issue Dec 5, 2024 · 1 comment
Labels
enhancement New feature or request

Comments

@P0W3
Copy link

P0W3 commented Dec 5, 2024
edited
Loading

Description

After using the script, the command is not working.

How can the bug be recreated?

I selected the “Disable Defender System Guard” script and ran it in the Command Prompt as an administrator.

Operating system

Windows 10 Home 22H2

Script file

privacy-script.txt

Screenshots

image

Additional information

Here is the log I got from the privacy.sexy (v0.13.7) website.

--- Disable System Guard kernel monitoring
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
--- Disable System Guard startup verification
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
--- Disable System Guard sandbox monitoring
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
Skipping, SgrmLpac.exe is not running.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
--- Disable System Guard communication hub
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
Skipping, SgrmBroker.exe is not running.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
--- Disable System Guard rule definitions
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
--- Disable System Guard rule scanner
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
'PowerShell' is not recognized as an internal or external command,
operable program or batch file.
Press any key to continue . . .

More Additional information

After fixing the “PowerShell” directory issue and launched the “.bat” file in the Command Prompt as an administrator, more buggy mess appeared here and there, including the “reg” parts.

--- Disable System Guard kernel monitoring
Disabling service: "SgrmAgent".
"SgrmAgent" is not running, no need to stop.
SgrmAgent is already disabled, no further action is needed
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Searching for items matching pattern: "C:\WINDOWS\System32\drivers\SgrmAgent.sys".
Initiating processing of 1 items from "C:\WINDOWS\System32\drivers\SgrmAgent.sys".
Processing file: "C:\WINDOWS\System32\drivers\SgrmAgent.sys".
Successfully processed "C:\WINDOWS\System32\drivers\SgrmAgent.sys".
Successfully processed 1 items and skipped 0 items.
--- Disable System Guard startup verification
reg : The term 'reg' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:86
+ ... ARE\Policies\Microsoft\Windows\DeviceGuard'; $data = '2'; reg add 'HK ...
+                                                               ~~~
    + CategoryInfo          : ObjectNotFound: (reg:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

reg : The term 'reg' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:105
+ ... \Control\DeviceGuard\Scenarios\SystemGuard'; $data = '0'; reg add 'HK ...
+                                                               ~~~
    + CategoryInfo          : ObjectNotFound: (reg:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

--- Disable System Guard sandbox monitoring
Searching for items matching pattern: "C:\WINDOWS\System32\SgrmLpac.exe".
Initiating processing of 1 items from "C:\WINDOWS\System32\SgrmLpac.exe".
Processing file: "C:\WINDOWS\System32\SgrmLpac.exe".
Successfully processed "C:\WINDOWS\System32\SgrmLpac.exe".
Successfully processed 1 items and skipped 0 items.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Skipping, SgrmLpac.exe is not running.
reg : The term 'reg' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:156
+ ... grmLpac.exe'; $data = 'C:\WINDOWS\System32\taskkill.exe'; reg add 'HK ...
+                                                               ~~~
    + CategoryInfo          : ObjectNotFound: (reg:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Adding block rule for "SgrmLpac.exe" under rule index "2".
Successfully blocked "SgrmLpac.exe" with rule index "2".
Skipping, no action needed: DisallowRun policy is already in place.
--- Disable System Guard communication hub
Disabling service: "SgrmBroker".
"SgrmBroker" is not running, no need to stop.
Successfully disabled the service. It will not start automatically on next boot.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Searching for items matching pattern: "C:\WINDOWS\System32\SgrmBroker.exe".
Initiating processing of 1 items from "C:\WINDOWS\System32\SgrmBroker.exe".
Processing file: "C:\WINDOWS\System32\SgrmBroker.exe".
Successfully processed "C:\WINDOWS\System32\SgrmBroker.exe".
Successfully processed 1 items and skipped 0 items.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Skipping, SgrmBroker.exe is not running.
reg : The term 'reg' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:158
+ ... mBroker.exe'; $data = 'C:\WINDOWS\System32\taskkill.exe'; reg add 'HK ...
+                                                               ~~~
    + CategoryInfo          : ObjectNotFound: (reg:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

Adding block rule for "SgrmBroker.exe" under rule index "3".
Successfully blocked "SgrmBroker.exe" with rule index "3".
Skipping, no action needed: DisallowRun policy is already in place.
--- Disable System Guard rule definitions
Searching for items matching pattern: "C:\WINDOWS\System32\Sgrm\SgrmAssertions.bin".
Initiating processing of 1 items from "C:\WINDOWS\System32\Sgrm\SgrmAssertions.bin".
Processing file: "C:\WINDOWS\System32\Sgrm\SgrmAssertions.bin".
Successfully processed "C:\WINDOWS\System32\Sgrm\SgrmAssertions.bin".
Successfully processed 1 items and skipped 0 items.
Searching for items matching pattern: "C:\WINDOWS\System32\Sgrm\SgrmAssertions.cat".
Initiating processing of 1 items from "C:\WINDOWS\System32\Sgrm\SgrmAssertions.cat".
Processing file: "C:\WINDOWS\System32\Sgrm\SgrmAssertions.cat".
Successfully processed "C:\WINDOWS\System32\Sgrm\SgrmAssertions.cat".
Successfully processed 1 items and skipped 0 items.
--- Disable System Guard rule scanner
Searching for items matching pattern: "C:\WINDOWS\System32\SgrmEnclave.dll".
Initiating processing of 1 items from "C:\WINDOWS\System32\SgrmEnclave.dll".
Processing file: "C:\WINDOWS\System32\SgrmEnclave.dll".
Successfully processed "C:\WINDOWS\System32\SgrmEnclave.dll".
Successfully processed 1 items and skipped 0 items.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Searching for items matching pattern: "C:\WINDOWS\System32\SgrmEnclave_secure.dll".
Initiating processing of 1 items from "C:\WINDOWS\System32\SgrmEnclave_secure.dll".
Processing file: "C:\WINDOWS\System32\SgrmEnclave_secure.dll".
Successfully processed "C:\WINDOWS\System32\SgrmEnclave_secure.dll".
Successfully processed 1 items and skipped 0 items.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Press any key to continue . . .

Yet More Additional Information

After I fixed more environment variable issues, the “.bat” script worked correctly.

--- Disable System Guard kernel monitoring
Disabling service: "SgrmAgent".
"SgrmAgent" is not running, no need to stop.
SgrmAgent is already disabled, no further action is needed
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Searching for items matching pattern: "C:\WINDOWS\System32\drivers\SgrmAgent.sys".
Skipping, no items available.
--- Disable System Guard startup verification
The operation completed successfully.
The operation completed successfully.
--- Disable System Guard sandbox monitoring
Searching for items matching pattern: "C:\WINDOWS\System32\SgrmLpac.exe".
Skipping, no items available.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Skipping, SgrmLpac.exe is not running.
The operation completed successfully.
Skipping, no action needed: 'SgrmLpac.exe' is already blocked under rule index "2".
Skipping, no action needed: DisallowRun policy is already in place.
--- Disable System Guard communication hub
Disabling service: "SgrmBroker".
"SgrmBroker" is not running, no need to stop.
"SgrmBroker" is already disabled from start, no further action is needed.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Searching for items matching pattern: "C:\WINDOWS\System32\SgrmBroker.exe".
Skipping, no items available.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Skipping, SgrmBroker.exe is not running.
The operation completed successfully.
Skipping, no action needed: 'SgrmBroker.exe' is already blocked under rule index "3".
Skipping, no action needed: DisallowRun policy is already in place.
--- Disable System Guard rule definitions
Searching for items matching pattern: "C:\WINDOWS\System32\Sgrm\SgrmAssertions.bin".
Skipping, no items available.
Searching for items matching pattern: "C:\WINDOWS\System32\Sgrm\SgrmAssertions.cat".
Skipping, no items available.
--- Disable System Guard rule scanner
Searching for items matching pattern: "C:\WINDOWS\System32\SgrmEnclave.dll".
Skipping, no items available.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Searching for items matching pattern: "C:\WINDOWS\System32\SgrmEnclave_secure.dll".
Skipping, no items available.
Skipping: Windows (10.0.19045) is below minimum 10.0.22621 (Windows11-22H2)
Press any key to continue . . .
@P0W3 P0W3 added the bug Something isn't working label Dec 5, 2024
@undergroundwires
Copy link
Owner

You solved it. You had issues with environment variables. It's not a bug as these variables exists on default installations, but we can add environment variable check.

The easiest option to implement would be a desktop application only feature where desktop application checks existence of PowerShell environment variable, if they're missing it asks to fix them for you, if it can.

For other environment variables such as reg and taskkill, I think we can just get rid off them. I.e. instead of reg we can use PowerShell registry cmdlents, and for taskkill, use Stop-Process cmdlet.

Any other ideas?

@undergroundwires undergroundwires changed the title [Bug]: Disable Defender System Guard Script Has Gone Wrong [Feature]: Add environment variable checks/fixes Dec 12, 2024
@undergroundwires undergroundwires added enhancement New feature or request and removed bug Something isn't working labels Dec 12, 2024
undergroundwires added a commit that referenced this issue Dec 16, 2024
@undergroundwires
win: add PowerShell verification in scripts #457
92ec138 
This commit introduces a check at the start of the batch files. It
exists with a clear error message if PowerShell is missing or not in
PATH.

This way, it prevents repeated `'PowerShell' is not recognized'` errors
and provides a more user-friendly failure mode.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@undergroundwires @P0W3