Windows Defender Application Control prevents Windows to boot after second restart (signed policy)

3

0

Hy everyone!

I want to lock down some Windows 10 Terminals so that they can only run approved Software but keep the possibility to update this software.

My plan was to make use of the new Feature of Windows 10 1903 that allows the use of Multiple CI Policies (as described here: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies ). To test this, I placed a signed policy under "C:\Windows\System32\CodeIntegrity\CIPolicies\Active\{PolicyID}.cip" in a VMware virtual Machine running Windows 10 1903. After the first boot, the policy gets activated and prevents all applications (except the permited ones) from being executed. However, if I reboot the system again, VMWare fails to boot Windows until I disable Secure Boot. (It seems like the OS is not installed, I land up in the UEFI Configuration) Using the same policy without the signature works fine, but I want to make sure that the administrators on those terminals don't tamper with the policy or delete it, that's why I want to sign the policy.

To sign it, I generated a CodeSigning Certificate as described here: https://blogs.technet.microsoft.com/ukplatforms/2017/05/04/create-code-integrity-signing-certificate/ After that, I added the certificate to the policy using following command:

Add-SignerRule -FilePath .\policy.xml -CertificatePath .\codeSigningCertificate.cer -Update

With the Signer Rule in place, I removed the Option to accept unsigned policies using:

Set-RuleOption -FilePath .\policy.xml -Option 6 -Delete

Then I converted the policy to the binary format using:

ConvertFrom-CIPolicy -XmlFilePath .\policy.xml -BinaryFilePath .\policy.cip

Finally, to sign the Policy, I used the signtool with following parameters:

signtool.exe sign -v /n CodeSigningCertificate -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 .\policy.cip

I copied the resulting "policy.cip.p7" file to a fresh installation under "C:\Windows\System32\CodeIntegrity\CIPolicies\Active\{PolicyID}.cip" and got the described behavior.

Here's some stuff I also tried:

Using "C:\Windows\System32\CodeIntegrity\SIPolicy.p7b" to deploy one policy: That worked fine, but Windows did not care when I deleted the policy. It just got deactivated. My understanding of using a signed policy is, that Windows should throw some kind of error or prevent a boot when someone tampers with it.

Checking if the virtual Machine supports the Device Guard functionality: I used the dgreadiness tool to test if the VM meets the criteria to use device guard. The tool reported the following lines:

PS C:\Users\User\Downloads\dgreadiness_v3.6> .\DG_Readiness_Tool_v3.6.ps1 -Capable
###########################################################################
Readiness Tool Version 3.4 Release.
Tool to check if your device is capable to run Device Guard and Credential Guard.
###########################################################################
###########################################################################
OS and Hardware requirements for enabling Device Guard and Credential Guard
 1. OS SKUs: Available only on these OS Skus - Enterprise, Server, Education, Enterprise IoT, Pro, and Home
 2. Hardware: Recent hardware that supports virtualization extension with SLAT
To learn more please visit: https://aka.ms/dgwhcr
###########################################################################

Checking if the device is DG/CG Capable
 ====================== Step 1 Driver Compat ======================
Driver verifier already enabled
Verifying each module please wait ....
Completed scan. List of Compatible Modules can be found at C:\DGLogs\DeviceGuardCheckLog.txt
No Incompatible Drivers found
 ====================== Step 2 Secure boot present ======================
Secure Boot is present
 ====================== Step 3 MS UEFI HSTI tests ======================
Copying HSTITest.dll
HSTI Duple Count: 0
HSTI Blob size: 0
String:
HSTIStatus: False
HSTI is absent
 ====================== Step 4 OS Architecture ======================
64 bit arch.....
 ====================== Step 5 Supported OS SKU ======================
This PC edition is Supported for DeviceGuard
 ====================== Step 6 Virtualization Firmware ======================
Virtualization firmware check passed
 ====================== Step 7 TPM version ======================
get-tpm : Object was not found. (Exception from HRESULT: 0x80090011)
At C:\Users\User\Downloads\dgreadiness_v3.6\DG_Readiness_Tool_v3.6.ps1:818 char:21
+     $TPMLockout = $(get-tpm).LockoutCount
+                     ~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-Tpm], TpmWmiException
    + FullyQualifiedErrorId : Microsoft.Tpm.Commands.TpmWmiException,Microsoft.Tpm.Commands.GetTpmCommand

TPM is absent or not ready for use
 ====================== Step 8 Secure MOR ======================
Secure MOR is available
 ====================== Step 9 NX Protector ======================
NX Protector is available
 ====================== Step 10 SMM Mitigation ======================
SMM Mitigation is available
 ====================== End Check ======================
 ====================== Summary ======================
Device Guard / Credential Guard can be enabled on this machine.

The following additional qualifications, if present, can enhance the security of Device Guard / Credential Guard on this system:
HSTI is absent
TPM is absent or not ready for use

To learn more about required hardware and software please visit: https://aka.ms/dgwhc

Installing the CA of the code signing certificate as a trusted root certificate to the machines Certificate Store: This did not change anything on the behavior.

Does someone have any suggestions what I can do about this or has some ideas what I did wrong?

Thanks for your Help

Martin

gotti

Posted 2019-10-11T07:24:49.623

Reputation: 31

You didn't use the exact procedure for signing the policy as described in Microsoft's Use signed policies to protect Windows Defender Application Control against tampering.

– harrymc – 2019-10-14T09:22:52.637

I forgot to add the step where I converted the xml file to the binary format. (It is now included in the question) On the part with the signer rule: I intentionaly only added the update signer rule as I want this certificate to only sign the policy. However I also tried adding all Rules (Update, Kernel, User) to the policy with the same result. – gotti – 2019-10-14T11:01:03.623

You still are not following the exact steps and variables that need to be set. I don't know if this matters, but as there is a problem it's better to be exact. There is an alternate procedure (almost the same) found in this article.

– harrymc – 2019-10-14T12:32:35.403

You are right. Those variables are just placeholders for the files. However, just to be sure, I tried it now using the said variables and got the same result. To summerize the tutorial: 1. I tried it using the variables, 2&3 the certificat is in the user trust store and exported (those are not commande, I did it via the GUI), 4 is just changing the work dir, 5 was done accordingly (allthough the wanted result is just using the -update switch), 6-8 was done exactly as in the tutorial – gotti – 2019-10-14T13:14:54.270

9 was done like it is described here as I don't have a domain and the local group policy depoly would not work (also I want to make use of this multiple policy feature later on)

– gotti – 2019-10-14T13:15:41.387

You might be up against an undocumented "feature". Some mentions I have seen talked about an option in the bios to clear all previous secure boot settings. Other mentions said to disable or reset the Trusted Platform Module (TPM). – harrymc – 2019-10-14T13:45:22.537

Answers

0

It seems that the use of multiple CI Policies as described here does not fully work yet. In order to solve the windows not booting problem, the base policy has to have the GUID set to {A244370E-44C9-4C06-B551-F6016E563076}. This is als the GUID used in the example Policies found under "C:\Windows\schemas\CodeIntegrity\ExamplePolicies". When using this GUID the policy activates and the signature gets validated correct. As long as no other valid policy with a higher Version number gets deployed, the old policy is active, even if someone deletes the policy file. So the policy is safe from beeing tampered with.

However, there are some functions described in the link that do not work as intended (maybe the feature is not ready to be fully used yet):

  • Use multiple Base Policies: With a second base policy in place, Windows would show an error during boot stating, that there was a problem validating a signature.
  • Tampering with the supplimental policies: Windows would check the Signature of the supplimental policies but would also be OK if someone removes them or replaces them with an older version.

With those shortcomings, I don't really see a use of the multiple Policy feature for now.

What I will be using instead is one CIPolicy with a rule for an own code signing certificate. That way I can sign security catalogs holding informations about permited programs as suggested by harrymc and described here. This seems to work more stable and easy to use.

gotti

Posted 2019-10-11T07:24:49.623

Reputation: 31

Using the first release of a new Microsoft feature never ended well... Question: What shall we do about your bounty, as you have accepted a link that I suggested? – harrymc – 2019-10-15T13:55:32.743

Yep that's true ... How is this normally handled? Is there some way to share it or something like that? – gotti – 2019-10-15T14:16:02.623

The reputation of the bounty is lost for you, but you can still mark your answer as accepted for future readers (although that won't bring any reputation). I can put up a short answer for the purpose of the bounty, if that is acceptable. – harrymc – 2019-10-15T14:38:10.060

of course, do I have to accept your answer or how can I make sure you get the bounty? (Sorry, I never used the bounty system before) – gotti – 2019-10-15T14:44:31.963

Acceptation and bounty are independent. For example, when the bounty is given by another, the situation is that the original poster can accept but not award, while the other can award but not accept. – harrymc – 2019-10-15T14:47:07.857

ok, i accepted the answer, but I wasn't the one adding the bounty – gotti – 2019-10-15T14:56:39.883

Ah, complications. So we'll have to wait and see what @user2974830 has to say about it. – harrymc – 2019-10-15T14:58:30.670

Finally, @user2974830 has nothing to say to anybody. – harrymc – 2019-10-22T12:27:49.390

Asked: 2019-10-11T07:24:49.623

Viewed: 239 times

Active: 2019-10-16T14:12:31.893