Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
win: improve directory cleanup security
This commit improves the security, reliability, and robustness of directory cleanup operations on Windows. The focus is shifted from deleting entire directories to purging their contents, addressing potential unintended side effects. Previously, numerous directories were removed, which could destabilize system behavior. This improvement has crucial security implications. The prior approach involved changing ownership and assigning permissions to the directory itself, leading to an altered and potentially less secure OS security posture. Directory removal improvements include: - Output user-friendly messages. - Improved ownership and permission handling for file deletion. - Explicit shared functions for enhanced reliability/security. - Centralized way to delete glob (wildcard) patterns in Windows. Notable script improvements: - 'Clear Steam dumps, logs, and traces': - Convert the script to a category to provide more granularity. - Improve cache cleaning, ensuring the entire cache directory is cleared, not just the log files. - 'Clear "Temporary Internet Files" (browser cache)': - Add more documentation. - Grant necessary permissions to folders, fixing errors due to lack of permissions before. - 'Clear Windows Update Medic Service logs': - Remove redundant permission grants, as they are unnecessary in recent Windows versions. - 'Clear Server-initiated Healing Events system logs', 'Clear Windows Update events logs': - Merge due to identical functionalities. - Add more documentation. - 'Clear Defender scan (protection) history': - Remove the execution with `TrustedInstallerPrivileges`, uniformly using `grantPermissions` as with other scripts. This addresses the false-positive alerts from Microsoft Defender, as discussed in #264. - 'Clear "Temporary Internet Files" (browser cache)': - Retain `INetCache` and `Temporary Internet Files` directories, purging only their contents. This approach aims to resolve the issue mentioned in #145, where the absence of these folders could prevent Microsoft Office applications from launching.
- Loading branch information