Skip to content

chlaplan/MDE-Monitoring-App

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
 
 
Controls
Controls
 
 
Converters
Converters
 
 
Data
Data
 
 
MDE_Monitoring_App
MDE_Monitoring_App
 
 
Models
Models
 
 
Parser
Parser
 
 
QuestPDF/Infrastructure
QuestPDF/Infrastructure
 
 
Resources
Resources
 
 
Screenshots
Screenshots
 
 
Services
Services
 
 
ViewModels
ViewModels
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
AdvancedNetworkingWindow.xaml
AdvancedNetworkingWindow.xaml
 
 
AdvancedNetworkingWindow.xaml.cs
AdvancedNetworkingWindow.xaml.cs
 
 
App.xaml
App.xaml
 
 
App.xaml.cs
App.xaml.cs
 
 
AssemblyInfo.cs
AssemblyInfo.cs
 
 
ComplianceManagerViewModel.cs
ComplianceManagerViewModel.cs
 
 
ComplianceManagerWindow.xaml
ComplianceManagerWindow.xaml
 
 
ComplianceManagerWindow.xaml.cs
ComplianceManagerWindow.xaml.cs
 
 
CompliancePolicy.config.json
CompliancePolicy.config.json
 
 
MDE Monitoring App.csproj
MDE Monitoring App.csproj
 
 
MDE Monitoring App.sln
MDE Monitoring App.sln
 
 
MainViewModel.cs
MainViewModel.cs
 
 
MainWindow.xaml
MainWindow.xaml
 
 
MainWindow.xaml.cs
MainWindow.xaml.cs
 
 
README.md
README.md
 
 
app.manifest
app.manifest
 
 

Repository files navigation

Microsoft makes no guarantees-no warranties, support, maintenance, performance assurances, or commitments regarding security, compliance, or fitness for a particular purpose.

MDE Monitoring App (WPF / .NET 8)

Lightweight desktop dashboard for quickly inspecting Microsoft Defender / endpoint security posture (local or remote).

Core Features

  • Overview: Defender versions, realtime protection, signature ages, tamper & cloud states.
  • Device Control: USB / storage allow & deny events.
  • Firewall: Recent DROP packets with fast text filter.
  • Defender Logs: Operational events (severity color coded).
  • Policies: Interpreted registry + ASR rule expansion, exclusions summaries.
  • WDAC Policies: Auto-discovery (local & remote), summary counts, per‑policy XML export (single or all), large FileRules lazy/paged loading.
  • Compliance Snapshot: JSON-driven policy baseline → pass/fail %.
  • WFP Summary: Filter counts + top rule names.
  • App Control (CI / AppLocker) Events.
  • PDF Report Export: Full snapshot (optional remote capability annotation).
  • Remote Mode: UNC / WinRM / optional PsExec fallback for WDAC, WFP, policies.
  • Performance: Background collection, UI virtualization, deferred heavy detail loading.

Quick Start

Download latest ZIP file from releases https://aka.ms/MDETool

WDAC Workflow

  • Press Reload WDAC Policies
  • Expand a policy row to view first slice of FileRules
  • Click Show All for full enumeration
  • Export selected or all XML

Export

  • PDF: Toolbar button (includes WDAC XML, compliance, filters)
  • WDAC XML: Buttons (selected / all)

Remote Collection Tips

  • Set target host, toggle PsExec if admin share blocked
  • Ensure Remote Registry / WinRM enabled for richer data

Screenshots

Overview Policies Placeholder WDAC Placeholder Compliance Placeholder

Configuration Files

  • Data/DefenderPolicyDefinitions.json (policy interpretation)
  • CompliancePolicy.config.json (baseline rules)

Minimal Troubleshooting

Symptom Hint
Empty WDAC list No *.cip in CodeIntegrity\CiPolicies\Active or access denied
Missing ASR rules ASRRules value not deployed
High WFP count warning >10K filters (investigate layering)
PDF missing sections Load data first (Refresh)

About

Troubleshooting MDE Workstations

Resources

Readme
Activity

Stars

40 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases 8

MDE Monitoring App 1.6.1 Latest
Nov 5, 2025
+ 7 releases

Packages

No packages published

Languages