adamgrosstx / fu.whyamiblocked Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
The portions of Results.txt that are written by Get-BlocksFromBin using Out-File are encoded as UTF16 as that's the default encoding of the cmdlet, whereas the other text written by Add-Content is the encoding of the source file which is UTF8.
This can be fixed by adding an -Encoding UTF8
argument to all uses of Out-File.
Hi, i'm encountering an error on my machine:
The value "{fa1d81f1-57b7-4907-970a-a37d80d41304}" of Type "System.String" can not convert into type of "System.Collections.ArrayList"
In C:\Program Files\WindowsPowerShell\Modules\FU.WhyAmIBlocked\1.0.0.2\Public\Get-Blocks.ps1:101 Zeichen:9
$Script:BlockList = Get-BlocksFromXML -FileList $HumanReadabl ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Running the script with Admin privileques on Win 10 1909, german language enabled.
Running Import-Module FU.WhyAmIBlocked
displays:
Python 2.7.16
Import-Module : Python is not installed. Install Pyton before proceeding.
At line:1 char:1
+ Import-Module FU.WhyAmIBlocked
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Python is not i...ore proceeding.:String) [Import-Module], RuntimeException
+ FullyQualifiedErrorId : Python is not installed. Install Pyton before proceeding.,Microsoft.PowerShell.Commands.ImportModuleCommand
I believe this is because (some?) Python 2 versions output python --version
to err instead of out.
Using this as the check should work for this version:
$PythonVersion = "$(python --version 2>&1)"
wrote report.txt
what to do ????
mydearcomputer - 10/06/2022 15:51:00
Found 2 .bin file(s).
Directory: C:\FeatureUpdateBlocks\KAVIOLINA_20221006_035100\Bin
Mode LastWriteTime Length Name
-a---- 3.8.2022. 5:23 2451616 AppCompatAppraiser_APPRAISER_TelemetryBaseline_NI22H2.bin
-a---- 6.10.2022. 9:17 2067173 AppCompatAppraiser_APPRAISER_TelemetryBaseline_UNV.bin
C:\FeatureUpdateBlocks\KAVIOLINA_20221006_035100\XML\AppCompatAppraiser_APPRAISER_TelemetryBaseline_NI22H2.bin_HUMANREADABLE.XML
Name Value Ordinal
SdbAppName VMware Workstation Pro 2
SdbEntryGuid {4b9bb66d-2725-4274-b331-54a1950c6b8a} 2
SdbBlockType BlockUpgrade 2
SdbAppGuid {7ebb75d7-6f34-42fb-8468-162a6c4f70c3} 2
All SDB Entries For: C:\FeatureUpdateBlocks
For: C:\FeatureUpdateBlocks
Entry 0 :
Name Value Ordinal
SdbAppName BattlEye Anticheat 2
SdbEntryGuid {3f6b2bc0-2675-4416-82e8-89943adc24b6} 2
SdbBlockType ApphelpHardBlock 2
SdbAppGuid {24260bae-f74b-4ce0-b2b4-3335da5c63d4} 2
Entry 1 :
Name Value Ordinal
SdbAppName Microsoft Office 2
SdbEntryGuid {fe2a6f06-be2c-4ece-a9a6-b6a4f635b129} 2
SdbAppGuid {38feba87-6d1f-496a-bf6b-ad0b622807cd} 2
Entry 2 :
Name Value Ordinal
SdbAppName Microsoft Office 2
SdbEntryGuid {6d94f994-e6ae-4f1c-b286-61d63872c3db} 2
SdbAppGuid {38feba87-6d1f-496a-bf6b-ad0b622807cd} 2
Entry 3 :
Name Value Ordinal
SdbAppName Microsoft Office 2
SdbEntryGuid {27398951-0ddc-413f-8ca5-aa8bb300c1a4} 2
SdbAppGuid {38feba87-6d1f-496a-bf6b-ad0b622807cd} 2
Entry 4 :
Name Value Ordinal
SdbAppName Microsoft Office 2
SdbEntryGuid {3ee1a465-60ad-43f2-b1bb-be6e5cf99cd3} 2
SdbAppGuid {38feba87-6d1f-496a-bf6b-ad0b622807cd} 2
Entry 5 :
Name Value Ordinal
SdbAppName Microsoft Office 2
SdbAppName Microsoft Office 3
SdbEntryGuid {44beb94e-be85-4e88-b9fa-c328358e860b} 2
SdbEntryGuid {00ae5524-e38d-42b5-818c-ee370ecd3484} 3
SdbAppGuid {38feba87-6d1f-496a-bf6b-ad0b622807cd} 2
SdbAppGuid {38feba87-6d1f-496a-bf6b-ad0b622807cd} 3
Entry 6 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 3
SdbAppName VMware Workstation Pro 2
SdbAppName VMware Workstation Pro 4
SdbAppName P0 VMware Workstation Pro (No-Op) 3
SdbEntryGuid {4b9bb66d-2725-4274-b331-54a1950c6b8a} 2
SdbEntryGuid {47d17d36-ec23-4f12-813a-7257ce075443} 3
SdbEntryGuid {66f21bbc-149a-411b-8e11-880af7c1266c} 4
SdbBlockType BlockUpgrade 2
SdbBlockType ApphelpSoftBlock 4
SdbAppGuid {7ebb75d7-6f34-42fb-8468-162a6c4f70c3} 2
SdbAppGuid {257bb53b-2403-49c0-adb8-27c5d512de01} 3
SdbAppGuid {7ebb75d7-6f34-42fb-8468-162a6c4f70c3} 4
Entry 7 :
Name Value Ordinal
SdbAppName Microsoft Office 2
SdbEntryGuid {8023de0f-0909-4d2a-b36a-8d2fc7de7465} 2
SdbAppGuid {38feba87-6d1f-496a-bf6b-ad0b622807cd} 2
Entry 8 :
Name Value Ordinal
SdbAppName VC Runtime 1
SdbEntryGuid {00b0c9b2-3f04-4795-a8ac-5b7bd5ea2ea8} 1
SdbAppGuid {03760bce-35d7-47a3-b83b-de673fdb6ab4} 1
Entry 9 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 2
SdbAppName P0 No-Op Market Share 2
SdbEntryGuid {414c4ccb-8364-4037-9b10-3570049ca91b} 2
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 2
Entry 10 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 3
SdbAppName P0 No-Op Market Share 3
SdbEntryGuid {69997fb5-bfc0-4c4c-bb42-18aae2f79d49} 3
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 3
Entry 11 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 4
SdbAppName P0 No-Op Market Share 4
SdbEntryGuid {1be0c418-68f8-4ed9-9020-41bac0ab27b1} 4
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 4
Entry 12 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 5
SdbAppName P0 No-Op Market Share 5
SdbEntryGuid {4dac7c1a-1692-46d5-9e01-bcc3405aea42} 5
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 5
Entry 13 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 6
SdbAppName P0 No-Op Market Share 6
SdbEntryGuid {80976924-e397-4385-865c-20b51fbb4d85} 6
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 6
Entry 14 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 7
SdbAppName P0 No-Op Market Share 7
SdbEntryGuid {5a5ca179-84f7-4c60-8d20-b7e4a98ccde2} 7
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 7
Entry 15 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 8
SdbAppName P0 No-Op Market Share 8
SdbEntryGuid {ec0a42c4-6d39-40c3-8190-296f37d269c5} 8
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 8
Entry 16 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 9
SdbAppName P0 No-Op Market Share 9
SdbEntryGuid {6cf87ca8-d96e-4b68-95ba-aa20229d51aa} 9
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 9
Entry 17 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 10
SdbAppName P0 No-Op Market Share 10
SdbEntryGuid {d8bfb02a-340a-4f5b-97f5-31624cf9adae} 10
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 10
Entry 18 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 11
SdbAppName P0 No-Op Market Share 11
SdbEntryGuid {eacdca70-886f-4e01-9331-92b9609b7b83} 11
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 11
Entry 19 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 12
SdbAppName P0 No-Op Market Share 12
SdbEntryGuid {c3323135-d1bd-4c6c-8498-29d452fd0b5a} 12
SdbAppGuid {e90e4301-4eed-4786-b0a7-a46d21ce0fce} 12
Entry 20 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 13
SdbAppName P0 [AV Health] Avast Antivirus 13
SdbEntryGuid {623fed2f-7af2-489d-afdf-1337381a306d} 13
SdbAppGuid {9d9be83e-7d7a-421b-9b12-928f7194812f} 13
Entry 21 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 14
SdbAppName P0 [AV Health] Avast Antivirus 14
SdbEntryGuid {efa677e8-2f2d-4833-a5b1-0d8bd7e1da04} 14
SdbAppGuid {9d9be83e-7d7a-421b-9b12-928f7194812f} 14
Entry 22 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 15
SdbAppName P0 [AV Health] Trend Micro Security Agent 15
SdbEntryGuid {467735e2-f95a-4c9a-9a13-f303bdfd4e14} 15
SdbAppGuid {f030eda4-77cd-498a-9d1b-8307e5741185} 15
Entry 23 :
Name Value Ordinal
SdbAppraiserData TelemetryOnly 16
SdbAppName P0 [AV Health] Trend Micro Security Agent 16
SdbEntryGuid {218177cc-b09b-4e34-ba11-1943f8573cd5} 16
SdbAppGuid {f030eda4-77cd-498a-9d1b-8307e5741185} 16
Entry 24 :
Name Value Ordinal
SdbAppName Migrate Appraiser Markers 17
SdbEntryGuid {3b262b50-25ce-4ad9-8aad-0cf9e3d134c6} 17
SdbAppGuid {3cd1024d-65c0-4c5f-96c9-80bbcf1e9d8b} 17
C:\FeatureUpdateBlocks\KAVIOLINA_20221006_035100\XML\AppCompatAppraiser_APPRAISER_TelemetryBaseline_UNV.bin_HUMANREADABLE.XML
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser\SEC
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser\GWX
Update Help/Docs after changes in #6 are validated.
Hi,
After I run Get-FUBlocks on a local device (and it finds a block) and I try Export-BypassBlock, I get the error "The term 'Export-BypassBlock' is not recognized as the name of a cmdlet"
Am I doing something wrong?
(I am testing on a 1903 machine that has a upgrade block from Trend AV. My aim is to figure out the registry bypass so that the 20 x 1903 machines for this client will upgrade)
After running Get-FUBlocks
(version 1.0.0.3) it states "Appraiser Database matches can be found: C:\FeatureUpdateBlocks\LOVELACE\Match.txt"
Unfortunately, this file does not exist. If I inspect Results.txt, I can see it's being blocked by "Windows Searchbox":
Matching GatedBlock....FOUND!
GatedBlock:
==========
Name Value Ordinal
---- ----- -------
SdbAppraiserData GatedBlock 3
SdbAppName Windows Searchbox 3
SdbEntryGuid {5e757e51-cc84-4a4a-ae70-d69a6a2b37f1} 3
SdbAppGuid {1b07f560-9ebf-461e-a71b-f3b2c7af46af} 3
Not sure if it matters, but the tmp\AllMatches.json
file is basically empty:
{
}
While waiting for #2 to be solved, I tried manually looking up this entry in the SDB manually as suggested by your comment here and found no matching entry. At the time I assumed I was doing something wrong, but now I'm wondering if this block is just weird.
Testing on a Surface Pro X fails when attempting to convert the BIN files to XML.
The files are output incorrectly if there are multiple bypass block keys.
When executing Get-FUBlocks
i am getting the following error message:
WARNING: Access to the path 'C:\Windows\appcompat\appraiser\Appraiser_AlternateData.cab' is denied.
Copy-Item : Access to the path 'C:\Windows\appcompat\appraiser\Appraiser_AlternateData.cab' is denied.
At C:\Users\Daniel\Documents\WindowsPowerShell\Modules\FU.WhyAmIBlocked\1.0.0.5\Public\Get-Blocks.ps1:146 char:25
+ ... $File | Copy-Item -Destination "$($DestPath)\$($Key)_$($File.Name ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Copy-Item], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.CopyItemCommand
How would I get the script working?
You have to run Initialize-FUModule after importing. If you fail to, it should prompt but doesn't.
Here is my PowerShell output
PowerShell 7.2.6
Copyright (c) Microsoft Corporation.
https://aka.ms/powershell
Type 'help' to get help.
PS C:\Users\richs> Install-Module FU.WhyAmIBlocked -Scope CurrentUser
PS C:\Users\richs> Import-Module FU.WhyAmIBlocked
Write-Error: Failed to import function
C:\Users\richs\OneDrive\Documents\PowerShell\Modules\FU.WhyAmIBlocked\1.0.0.8\Public\ConvertFrom-BinToXML.ps1: At C:\Users\richs\OneDrive\Documents\PowerShell\Modules\FU.WhyAmIBlocked\1.0.0.8\Public\ConvertFrom-BinToXML.ps1:1 char:1
+ <#
+ ~~
This script contains malicious content and has been blocked by your antivirus software.
Write-Error: Failed to import function
C:\Users\richs\OneDrive\Documents\PowerShell\Modules\FU.WhyAmIBlocked\1.0.0.8\Public\Expand-SDB.ps1: At C:\Users\richs\OneDrive\Documents\PowerShell\Modules\FU.WhyAmIBlocked\1.0.0.8\Public\Expand-SDB.ps1:1 char:1
+
This script contains malicious content and has been blocked by your antivirus software.
PS C:\Users\richs>`
Here is the report from my AntiVirus software:
`PowerShell tried to load a malicious resource detected as Heur.BZC.ZFV.Linx.51.36DA30A5 and was blocked. Your device is safe.
Not sure how to proceed. Please advise
The latest SDB file is somehow incompatible and it errors out. This includes Windows 10/11.
PS C:\Windows\system32> Get-FUBlocks
+ Creating Output Folders .. √
+ Getting .source files..
++ copying C:\Windows\appcompat\appraiser\Appraiser_AlternateData.cab to C:\FeatureUpdateBlocks\COMPUTERA\CABs√
++ copying C:\Windows\appcompat\appraiser\APPRAISER_TelemetryBaseline_NI23H2.bin to C:\FeatureUpdateBlocks\COMPUTERA\Bin√
++ copying C:\Windows\appcompat\appraiser\APPRAISER_TelemetryBaseline_UNV.bin to C:\FeatureUpdateBlocks\COMPUTERA\Bin√
++ copying C:\Windows\System32\appraiser\appraiser.sdb to C:\FeatureUpdateBlocks\COMPUTERA\AppraiserData\System32Appraiser√
++ copying C:\Windows\System32\appraiser\backup.sdb to C:\FeatureUpdateBlocks\COMPUTERA\AppraiserData\System32Appraiser√
++ copying C:\Windows\System32\appraiser\restore.sdb to C:\FeatureUpdateBlocks\COMPUTERA\AppraiserData\System32Appraiser√
++ copying C:\Windows\System32\appraiser\Appraiser_Data.ini to C:\FeatureUpdateBlocks\COMPUTERA\AppraiserData\System32Appraiser√
+ Converting C:\FeatureUpdateBlocks\COMPUTERA\Bin\AppCompatAppraiser_APPRAISER_TelemetryBaseline_NI23H2.bin to .xml .. √
+ Converting C:\FeatureUpdateBlocks\COMPUTERA\Bin\AppCompatAppraiser_APPRAISER_TelemetryBaseline_UNV.bin to .xml .. √
+ Finding block entries in C:\FeatureUpdateBlocks\COMPUTERA\XML\AppCompatAppraiser_APPRAISER_TelemetryBaseline_NI23H2.bin_HUMANREADABLE.XML files.. √
+ Finding block entries in C:\FeatureUpdateBlocks\COMPUTERA\XML\AppCompatAppraiser_APPRAISER_TelemetryBaseline_UNV.bin_HUMANREADABLE.XML files.. √
+ Results output to C:\FeatureUpdateBlocks\COMPUTERA\Results.txt.. √
+ Extracting C:\FeatureUpdateBlocks\COMPUTERA\CABs\AppCompatAppraiser_Appraiser_AlternateData.cab.. √
+ Finding .sdb files.. √
+ Expanding C:\FeatureUpdateBlocks\COMPUTERA\AppraiserData\AppCompatAppraiser_Appraiser_AlternateData\appraiser.sdb to C:\FeatureUpdateBlocks\COMPUTERA\AppraiserData\AppCompatAppraiser_Appraiser_AlternateData\appraiser.sdb_Expanded_ver_2674.sdb.. √
+ Converting sdb to xml.. √
√
+ Expanding C:\FeatureUpdateBlocks\COMPUTERA\AppraiserData\AppCompatAppraiser_Appraiser_AlternateData\backup.sdb to C:\FeatureUpdateBlocks\COMPUTERA\AppraiserData\AppCompatAppraiser_Appraiser_AlternateData\backup.sdb_Expanded_ver_2674.sdb.. WARNING: Invalid SDB File speficied.
+ Converting sdb to xml.. Error: Could not load file or assembly 'C:\FeatureUpdateBlocks\COMPUTERA\AppraiserData\AppCompatAppraiser_Appraiser_AlternateData\backup.sdb_Expanded_ver_2674.sdb' or one of its dependencies. The system cannot find the file specified.
Copy-Item : Cannot find path 'C:\FeatureUpdateBlocks\COMPUTERA\AppCompatAppraiser_Appraiser_AlternateData_backup.sdb_ver_2674.XML' because it does not exist.
At C:\Program Files\WindowsPowerShell\Modules\FU.WhyAmIBlocked\1.0.0.9\Public\Export-FUXMLFromSDB.ps1:119 char:40
+ ... LFileName | Copy-Item -Destination $XMLFileName.Replace(".XML","_ORIG ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\FeatureUpdat...db_ver_2674.XML:String) [Copy-Item], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.CopyItemCommand
Get-Content : Cannot find path 'C:\FeatureUpdateBlocks\COMPUTERA\AppCompatAppraiser_Appraiser_AlternateData_backup.sdb_ver_2674.XML' because it does not exist.
At C:\Program Files\WindowsPowerShell\Modules\FU.WhyAmIBlocked\1.0.0.9\Public\Export-FUXMLFromSDB.ps1:120 char:41
+ ... [xml]$Content = Get-Content -Path $XMLFileName -Raw
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:\FeatureUpdat...db_ver_2674.XML:String) [Get-Content], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.GetContentCommand
WARNING: You cannot call a method on a null-valued expression.
+ No blocks Found. Congratulations!!.. √
Appraiser Results can be found: C:\FeatureUpdateBlocks\COMPUTERA\Results.txt
This is incorrect:
+ Converting sdb to xml.. √
+ No blocks Found. Congratulations!!.. √
Appraiser Results can be found: C:\FeatureUpdateBlocks\THEBEAST_20200731_122125\Results.txt
Appraiser Database matches can be found: C:\FeatureUpdateBlocks\THEBEAST_20200731_122125\Match.txt
solved
In cases where no bypass registry key exists, the bypass block files get the wrong values.
`New-Item -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS" -Force | Out-Null
#Bypass Block for UCI64A audio driver - Lenovo - {53fb042f-b2cf-4c1e-9931-929b3c7907b4}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer SystemProductName" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for UCI64A audio driver - Toshiba - {7797c164-22ff-4c60-837e-0b92f8051920}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer SystemProductName" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for Synaptics Block Removals - Toshiba - {3b9bb7f3-6e81-4f69-8eba-84cad1b9284e}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for Synaptics Block Removals - Toshiba - {ef42540e-3475-4dc8-a345-fc39f9f19e84}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for UCI64A audio driver - Toshiba - {b695b9e5-60dc-4827-9a59-1ee9ec837ecd}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer SystemProductName" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for UCI64A audio driver - Asus - {2ffe2850-3452-461c-bc5e-98db33db8e42}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer SystemProductName" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for UCI64A audio driver - DELL - {de87448d-8a9d-4cf2-8ceb-3035dc3fd999}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for UCI64A audio driver - HP - {691d652a-ea4b-4573-8c60-661049a36185}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer SystemProductName" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for Synaptics Block Removals - Toshiba - {3a92ffef-d0e2-40fa-a68e-253b73dd9cd2}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemProductName SystemProductName SystemProductName SystemProductName SystemProductName" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for UCI64A audio driver - LG - {d7fbc618-fee7-4f1c-8122-a1dc1f5b6f4d}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer SystemProductName" -Value "" -PropertyType DWord -Force | Out-Null
#Bypass Block for UCI64A audio driver - Diverse OEMs - {6a902cd3-e5d7-4ca6-b2e2-bc2b73c5513a}
New-ItemProperty -Path "HKLM:\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS" -Name "SystemManufacturer SystemManufacturer SystemManufacturer SystemManufacturer SystemManufacturer SystemManufacturer SystemManufacturer" -Value "" -PropertyType DWord -Force | Out-Null
`
`
Windows Registry Editor Version 5.00
; Bypass Block for UCI64A audio driver - Lenovo - {53fb042f-b2cf-4c1e-9931-929b3c7907b4}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer SystemProductName"=dword:00000001
; Bypass Block for UCI64A audio driver - Toshiba - {7797c164-22ff-4c60-837e-0b92f8051920}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer SystemProductName"=dword:00000001
; Bypass Block for Synaptics Block Removals - Toshiba - {3b9bb7f3-6e81-4f69-8eba-84cad1b9284e}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer"=dword:00000001
; Bypass Block for Synaptics Block Removals - Toshiba - {ef42540e-3475-4dc8-a345-fc39f9f19e84}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer"=dword:00000001
; Bypass Block for UCI64A audio driver - Toshiba - {b695b9e5-60dc-4827-9a59-1ee9ec837ecd}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer SystemProductName"=dword:00000001
; Bypass Block for UCI64A audio driver - Asus - {2ffe2850-3452-461c-bc5e-98db33db8e42}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer SystemProductName"=dword:00000001
; Bypass Block for UCI64A audio driver - DELL - {de87448d-8a9d-4cf2-8ceb-3035dc3fd999}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer"=dword:00000001
; Bypass Block for UCI64A audio driver - HP - {691d652a-ea4b-4573-8c60-661049a36185}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer SystemProductName"=dword:00000001
; Bypass Block for Synaptics Block Removals - Toshiba - {3a92ffef-d0e2-40fa-a68e-253b73dd9cd2}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS]
"SystemProductName SystemProductName SystemProductName SystemProductName SystemProductName"=dword:00000001
; Bypass Block for UCI64A audio driver - LG - {d7fbc618-fee7-4f1c-8122-a1dc1f5b6f4d}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer SystemProductName"=dword:00000001
; Bypass Block for UCI64A audio driver - Diverse OEMs - {6a902cd3-e5d7-4ca6-b2e2-bc2b73c5513a}
[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS HARDWARE\DESCRIPTION\System\BIOS]
"SystemManufacturer SystemManufacturer SystemManufacturer SystemManufacturer SystemManufacturer SystemManufacturer SystemManufacturer"=dword:00000001
`
Thanks @tabs-not-spaces for reporting this.
AppCompatAppraiser_Appraiser_AlternateData_appraiser.sdb_ver_2383_Matches_BypassFUBlock.ps1.txt
AppCompatAppraiser_Appraiser_AlternateData_appraiser.sdb_ver_2383_Matches_BypassFUBlock.reg.txt
where/what format do bypass files come out?
The script output is below, but I can't seem to generate/find the bypassblocker remediation files.
++ Finding block entries in C:\FeatureUpdateBlocks\MJ-MJD82PRJSISQ_20211004_094943\AppCompatAppraiser_Appraiser_AlternateData_appraiser.sdb_ver_2507.XML..
++No Matches Found in C:\FeatureUpdateBlocks\MJ-MJD82PRJSISQ_20211004_094943\AppCompatAppraiser_Appraiser_AlternateData_appraiser.sdb_ver_2507.XML.
++ Finding block entries in C:\FeatureUpdateBlocks\MJ-MJD82PRJSISQ_20211004_094943\System32Appraiser_System32Appraiser_appraiser.sdb_ver_2450.XML..
++No Matches Found in C:\FeatureUpdateBlocks\MJ-MJD82PRJSISQ_20211004_094943\System32Appraiser_System32Appraiser_appraiser.sdb_ver_2450.XML.
This is the upgrade block I am trying to fix (from results.txt):
BlockUpgrade:
Name Value Ordinal
SdbAppName Trend Micro Worry-Free Business Security Services 2
SdbEntryGuid {de250f35-1cdf-46ba-8882-24d66a5eb66c} 2
SdbBlockType BlockUpgrade 2
SdbAppGuid {5f0a8e35-214a-408a-a260-4b61f6fb5089} 2
When I run Get-FUBlocks
, I get the following error:
PS C:\Users\tag> Get-FUBlocks
+ Creating Output Folders .. √
+ Getting .source files..
++ copying C:\Windows\appcompat\appraiser\APPRAISER_TelemetryBaseline_UNV.bin to C:\FeatureUpdateBlocks\PC_20221025_024930\Bin√
++ copying C:\Windows\System32\appraiser\appraiser.sdb to C:\FeatureUpdateBlocks\PC_20221025_024930\AppraiserData\System32Appraiser√
++ copying C:\Windows\System32\appraiser\Appraiser_Data.ini to C:\FeatureUpdateBlocks\PC_20221025_024930\AppraiserData\System32Appraiser√
WARNING: The term 'ConvertFrom-FUBinToXML' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
ConvertFrom-FUBinToXML : The term 'ConvertFrom-FUBinToXML' is not recognized as the name of a cmdlet, function, script file,
or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At C:\Users\tag\Google Drive\WindowsPowerShell\Modules\FU.WhyAmIBlocked\1.0.0.9\Public\Get-FUBlocks.ps1:166 char:13
+ ConvertFrom-FUBinToXML -FileList $BinFiles -OutputPath $X ...
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (ConvertFrom-FUBinToXML:String) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : CommandNotFoundException
OS: Windows 11 Pro 21H2 build 22000.1098
Hi Adam,
As per our discussion on Discord, could you please add native support for multiple devices?
Thanks.
Adrian O.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.