paulwetter/DocumentConfigMgrCB

EDM Still Appears Broken

Opened this issue · 7 comments

From PR #54, this appears to still be broken. Its been a long time since that PR so I figured I'd drop an issue.

`Get-FilterEDM : Cannot bind argument to parameter 'EnhansedDetectionMethods' because it is null.
At C:\Users\McAdmin.Dudeface\Documents\WindowsPowerShell\Document-CMCB.ps1:8072 char:79

  • ... $HashedEDMs = Get-FilterEDM -EnhansedDetectionMethods $EDMs -RuleEx ...
  •                                                         ~~~~~
    
    • CategoryInfo : InvalidData: (:) [Get-FilterEDM], ParameterBindingValidationException
    • FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Get-FilterEDM

Get-FilterEDM : Cannot bind argument to parameter 'EnhansedDetectionMethods' because it is null.
At C:\Users\McAdmin.Dudeface\Documents\WindowsPowerShell\Document-CMCB.ps1:8072 char:79

  • ... $HashedEDMs = Get-FilterEDM -EnhansedDetectionMethods $EDMs -RuleEx ...`

Hey thank for the input. I’ll take a look. I’m still working on the EDMs after the fact. I found I’m not fully accounting for grouped rules. So will look at this with it. If you could figure out the app it was erroring on and share a screenshot of you detection method, that’d probably help me out. Thanks!

Quick test. I’m guessing a very generic msi, set up via the wizard?

Apologies at the delay. I'm at a brand new org, and they have a couple thousand applications, at least. There were a "handful" (I use the term in perspective of thousands) that appear to throw this error. I'll see if I can figure out exactly which ones are having the issue. I'll probably have to run the report again and output something if it fails.

No worries. I think I found a bug on the generic MSI apps. So, I’ll probably push that tonight and work on the other issues later. Look for an update tomorrow.

Try version 4.1.3, just posted (56b751e).
This should handle the apps built with the MSI wizard. These don't create an enhanced detection method element in the XML like pretty much all other DMs do.

I kicked it off on Friday before I left; it still threw the same error. I'll see if I can add a line in to output the software its working on so I know which ones are erring out, and can look at them, unless you want me to try something else.

Hi Paul,
I am still seeing this in v4.1.3 on Config manager 2111

Get-FilterEDM : Cannot bind argument to parameter 'EnhansedDetectionMethods' because it is null.
At C:\Temp\DocumentCMCB_v4.ps1:8160 char:79
+                         $HashedEDMs = Get-FilterEDM -EnhansedDetectionMethods $E ...
+                                                                               ~~
    + CategoryInfo          : InvalidData: (:) [Get-FilterEDM], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Get-FilterEDM

There is another error as well. I dont know if it is related or not.

Convert-HTMLTags : Cannot bind argument to parameter 'S' because it is an empty string.
At C:\Temp\DocumentCMCB_v4.ps1:692 char:77
+     $Paragraph = "<P class=`"$IndentClass`">$(Convert-HTMLTags -InputString $Tex ...
+                                                                             ~~~~
    + CategoryInfo          : InvalidData: (:) [Convert-HTMLTags], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,Convert-HTMLTags