I created this App Control System Tray Tool to facilitate more efficient changing of App Control policies. Specifically, I wanted a way to quickly switch between Enforced Mode and Audit Mode so that I could review logs and change rules in the policies as necessary. Since this has really helped benefit my application allowlisting journey, I wanted to share it so that others could also benefit.
AppControlTray.exe - System tray tool which run unelevated at all times.
AppControlHelper.exe - Command line-only tool which runs only specific elevated commands from AppControlTray related to CiTool commands and Event Viewer.
AppControlTask.exe - Command line-only tool which runs only specific unelevated commands from AppControlTray related to Scheduled Tasks, Toast Notifications and policy conversion.
At the moment, this tray tool only supports Multiple Policy Format since that is what I have always used since inception. Although at some point it could be extended to support Single Policy Format as well.
This tray tool makes use of compiled policy binaries (*.cip) that you would ideally already have. There are some included just for simple testing purposes.
To add new policies or update existing policies, simply select the tray menu option Add or Update Policies. This will bring up a standard file selection dialog which you can use to select any number of policy files. The selection will be parsed and those policies will be applied immediately via CiTool -up for each policy selected.
To remove policies, select the tray menu option Remove Policies. You can select as many policies for removal as you want. Those selections will be parsed and the policies will be removed immediately via CiTool -rp for each policy selected.
To compile the script, you need to use SciTE4AutoIt3 which is available here: https://www.autoitscript.com/site/autoit-script-editor/downloads/
The example policies included in this are just for testing purposes and should not be used other than for testing.
The policies basically allow for everything to run. There is one Deny rule for the purpose of testing this tray tool
which is *\test\speedyfox.exe so that you can test the tray tool going from Audit Mode to Enforced Mode and vice versa.
This is implemented now with the simple Enable Notifications option now on the system tray menu to enable/disable toast notifications.
Toast notifications are implemented using KDE's Snoretoast app: https://invent.kde.org/libraries/snoretoast