v2.2.4 — EDR/XDR Detection & Version Tooling

🔧 Enhancement Release

Third-party security product detection for ASR module and verification.

✨ What's New

EDR/XDR and Third-Party AV Detection (#15)

NoID Privacy now detects EDR/XDR products (CrowdStrike Falcon, SentinelOne, Carbon Black, etc.) that don't register in WMI's traditional AntiVirusProduct class but put Defender in Passive Mode.

3-layer detection approach:

Layer	Method	Catches
1	WMI SecurityCenter2 (existing)	Traditional AV: Bitdefender, Kaspersky, Avira, Norton, ESET, etc.
2	Get-MpComputerStatus.AMRunningMode (new)	Any product that puts Defender in Passive Mode
3	18 known EDR service names (new)	Provides specific product name in logs and UI

Behavior:

• ASR module gracefully skips when third-party product detected (Success = $true, not an error)
• Verify script counts ASR as 19/19 verified when third-party product is primary
• Policy report no longer counts ASR as failed when EDR/XDR is active

Supported EDR/XDR products (Layer 3 identification):
CrowdStrike Falcon, SentinelOne, Carbon Black Cloud, Cylance/Arctic Wolf Aurora, Trellix (HX/Agent/ATP), Palo Alto Cortex XDR, Bitdefender GravityZone, Kaspersky Endpoint Security, Broadcom/Symantec SEP, ESET Endpoint Security, Sophos Endpoint

Products not in this list are still detected via Layer 2 (Passive Mode) — the list only provides a human-readable name.

Version Management Tooling

• VERSION file as single source of truth for version numbers
• Tools/Bump-Version.ps1 — automated version bump across all 62 project files
  • DryRun mode for preview
  • CHANGELOG.md excluded (historical entries preserved)

📁 Files Changed

• Utils/Dependencies.ps1 — New Test-ThirdPartySecurityProduct, updated Test-WindowsDefenderAvailable with IsPassiveMode
• Modules/ASR/Public/Invoke-ASRRules.ps1 — 3-layer detection before Defender check, inline fallback for standalone mode
• Tools/Verify-Complete-Hardening.ps1 — 3-layer detection, ASR verified as skipped when third-party product active
• Tools/Bump-Version.ps1 — New file
• VERSION — New file
• 62 files updated with version bump (2.2.3 → 2.2.4)

🙏 Thanks

• @VM-Master for reporting the CrowdStrike Falcon detection issue and confirming the fix

Full Changelog: v2.2.3...v2.2.4

NoID Privacy v2.2.3

NoID Privacy v2.2.3

NoID Privacy v2.2.3 - Bugfix Release (Re-Release)

Critical Fixes + Complete Version Alignment

Re-Release Note: This release replaces the original v2.2.3 from January 7, 2026. It includes the same bugfixes plus complete version alignment across all framework files and an additional fix for the Recall storage size configuration.

---

Highlights

• Critical Bugfix - Restore Mode module selection now works correctly
• Critical Bugfix - Recall storage limit correctly set to 10 GB (was 10 MB)
• Complete Version Alignment - All framework files now consistently at v2.2.3
• 633 Security Settings across 7 independent modules
• 100% BAVR Coverage - Backup, Apply, Verify, Restore
• 100% Restore Accuracy - VM tested & verified
• GPL v3.0 License - Dual-licensing available
• Production-Ready - Tested on Windows 11 24H2/25H2

---

What's Fixed in v2.2.3

Restore Mode Module Selection Crash (Critical)

Before	After
Fatal error on any input	Works correctly

• Problem: Selecting [M] Restore only SELECTED modules and entering any module number caused a fatal PowerShell error
• Root Cause: .Split(',', ';', ' ') triggered wrong .NET overload Split(string, Int32), interpreting ; as count parameter instead of delimiter
• Fix: Replaced with native PowerShell -split '[,; ]' operator
• Affected File: NoIDPrivacy-Interactive.ps1 (line 822)
• Reported by: KatCat2

Recall Storage Size Bug (Critical)

Before	After
Value 10 (= 10 MB limit)	Value 10240 (= 10 GB limit)

• Problem: SetMaximumStorageSpaceForRecallSnapshots was set to 10 instead of 10240
• Root Cause: The Windows CSP stores this value in megabytes, so 10 GB = 10240 MB
• Fix: Changed Value 10 to Value 10240 in both Apply and Verify functions
• Affected File: Modules/AntiAI/Private/Set-RecallProtection.ps1

Complete Version Alignment

• All module headers, config JSONs, docs, and templates updated to v2.2.3
• Previous release had 13 files still referencing v2.2.2
• Historical annotations ("added in v2.2.2") intentionally preserved

---

Module Overview

Module	Settings	Description
SecurityBaseline	425	Microsoft Security Baseline 25H2
ASR	19	Attack Surface Reduction Rules
DNS	5	Secure DNS with DoH encryption
Privacy	78	Telemetry, Bloatware, OneDrive hardening
AntiAI	32	AI Lockdown (Recall, Copilot, Click to Do)
EdgeHardening	24	Microsoft Edge v139 Baseline
AdvancedSecurity	50	Beyond MS Baseline (15 features)
TOTAL	633	Complete Hardening

---

Quick Start

One-Liner Install:

```powershell
irm https://raw.githubusercontent.com/NexusOne23/noid-privacy/main/install.ps1 | iex
```

Manual Install:

1. Download Source code (zip) below
2. Extract to a folder
3. Run `Start-NoIDPrivacy.bat` as Administrator

Verify After Installation:

```powershell
.\Tools\Verify-Complete-Hardening.ps1

Expected output:

SecurityBaseline: 425/425 verified

ASR: 19/19 verified

DNS: 5/5 verified

Privacy: 78/78 verified

AntiAI: 32/32 verified

EdgeHardening: 24/24 verified

AdvancedSecurity: 50/50 verified

Total: 633/633 (100%)

```

---

System Requirements

Requirement	Specification
OS	Windows 11 24H2 (Build 26100+) or 25H2 (Build 26200+)
PowerShell	5.1+ (built-in)
Admin Rights	Required
TPM	2.0 (for BitLocker, Credential Guard, VBS)
RAM	8 GB minimum (16 GB recommended for VBS)

Note: Windows 11 23H2 and older are not supported. Please update to 24H2 or newer.

---

Antivirus Compatibility

Your Setup	What Happens	Coverage
Defender Active	All modules applied	633 settings (100%)
3rd-Party AV	ASR skipped, all other modules applied	614 settings (~97%)

---

Full Changelog

See CHANGELOG.md

---

License

Version	License
v1.8.3 and earlier	MIT License
v2.0.0 and later	GPL v3.0 + Commercial dual-licensing

See LICENSE

---

Code Quality & Testing

• Testing: Unit and integration tests available in `Tests/` directory
• Verification: 633 automated compliance checks in production
• VM Tested: Full Apply -> Verify -> Restore cycle verified
• Bugfix Verified: Manual module selection tested with single digits, commas, semicolons, and spaces
• Recall Fix Verified: Storage limit correctly set to 10240 MB (10 GB)
• Version Alignment: All framework files now have consistent version numbers
• Analysis: Run `.\Tests\Run-Tests.ps1` to validate yourself
• Report vulnerabilities: Security Advisories

---

Support & Community

• Documentation: README.md
• Discussions: GitHub Discussions
• Issues: GitHub Issues
• Commercial Licensing: Contact via Discussions

---

Important Warnings

• Create a system backup before running (CRITICAL!)
• Test in a VM first (recommended)
• Domain-joined systems: Coordinate with IT team
• Read documentation thoroughly

---

Made with a shield for the Windows Security Community

NexusOne23 - v2.2.3 - March 2026

NoID Privacy v2.2.2

🚀 NoID Privacy v2.2.2 - Performance Release

Major Performance Fix for Firewall Snapshot Operations

This is a performance release with a critical fix for slow firewall backup operations that could take 60-120 seconds.

🌟 Highlights

• ✅ Performance Fix - Firewall snapshot 60-120s → 2-5s
• ✅ 633 Security Settings across 7 independent modules
• ✅ 100% BAVR Coverage - Backup, Apply, Verify, Restore
• ✅ 100% Restore Accuracy - VM tested & verified
• ✅ Version Alignment - All 60+ framework files synchronized
• ✅ GPL v3.0 License - Dual-licensing available
• ✅ Production-Ready - Tested on Windows 11 24H2/25H2

---

⚡ What's New in v2.2.2

Firewall Snapshot Performance Fix (Critical)

Before	After
60-120 seconds	2-5 seconds

• Problem: Firewall rules backup took 60-120 seconds, especially in offline mode
• Root Cause: Get-NetFirewallPortFilter was called individually for each of ~300+ firewall rules (~200ms per call)
• Fix: Batch query approach - load all port filters once into hashtable, then fast lookup by InstanceID
• Affected Files:
  • Modules/AdvancedSecurity/Private/Backup-AdvancedSecuritySettings.ps1
  • Modules/AdvancedSecurity/Private/Disable-RiskyPorts.ps1

Version Alignment

• All 60+ framework files updated to v2.2.2
• Module manifests (.psd1), module loaders (.psm1), core scripts, utilities, tests, and documentation synchronized

---

📦 Module Overview

Module	Settings	Description
SecurityBaseline	425	Microsoft Security Baseline 25H2
ASR	19	Attack Surface Reduction Rules
DNS	5	Secure DNS with DoH encryption
Privacy	78	Telemetry, Bloatware, OneDrive hardening
AntiAI	32	AI Lockdown (Recall, Copilot, Click to Do)
EdgeHardening	24	Microsoft Edge v139 Baseline
AdvancedSecurity	50	Beyond MS Baseline (15 features)
TOTAL	633	Complete Hardening

---

🚀 Quick Start

One-Liner Install:

irm https://raw.githubusercontent.com/NexusOne23/noid-privacy/main/install.ps1 | iex

Manual Install:

1. Download Source code (zip) below
2. Extract to a folder
3. Run Start-NoIDPrivacy.bat as Administrator

Verify After Installation:

.\Tools\Verify-Complete-Hardening.ps1

# Expected output:
# SecurityBaseline: 425/425 verified
# ASR: 19/19 verified
# DNS: 5/5 verified
# Privacy: 78/78 verified
# AntiAI: 32/32 verified
# EdgeHardening: 24/24 verified
# AdvancedSecurity: 50/50 verified
# Total: 633/633 (100%)

---

🎯 System Requirements

Requirement	Specification
OS	Windows 11 24H2 (Build 26100+) or 25H2 (Build 26200+)
PowerShell	5.1+ (built-in)
Admin Rights	Required
TPM	2.0 (for BitLocker, Credential Guard, VBS)
RAM	8 GB minimum (16 GB recommended for VBS)

⚠️ Note: Windows 11 23H2 and older are not supported. Please update to 24H2 or newer.

---

🛡️ Antivirus Compatibility

Your Setup	What Happens	Coverage
Defender Active	All modules applied	633 settings (100%)
3rd-Party AV	ASR skipped, all other modules applied	614 settings (~97%)

---

📋 Full Changelog

See CHANGELOG.md

---

📜 License

Version	License
v1.8.3 and earlier	MIT License
v2.0.0 and later	GPL v3.0 + Commercial dual-licensing

See LICENSE

---

🔐 Code Quality & Testing

• Testing: Unit and integration tests available in Tests/ directory
• Verification: 633 automated compliance checks in production
• VM Tested: Full Apply → Verify → Restore cycle verified
• Performance: Firewall operations now complete in seconds, not minutes
• Version Alignment: All 60+ files now have consistent version numbers
• Analysis: Run .\Tests\Run-Tests.ps1 to validate yourself
• Report vulnerabilities: Security Advisories

---

💬 Support & Community

• 📖 Documentation: README.md
• 💬 Discussions: GitHub Discussions
• 🐛 Issues: GitHub Issues
• 💼 Commercial Licensing: Contact via Discussions

---

⚠️ Important Warnings

• ⚠️ Create a system backup before running (CRITICAL!)
• ⚠️ Test in a VM first (recommended)
• ⚠️ Domain-joined systems: Coordinate with IT team
• ⚠️ Read documentation thoroughly

---

Made with 🛡️ for the Windows Security Community

NexusOne23 • v2.2.2 • December 2025

NoID Privacy v2.2.0

🎉 NoID Privacy v2.2.0 - Production Release

Complete Windows 11 Security & Privacy Hardening Framework

This is the production-ready release of NoID Privacy v2.2.0 - featuring 633 security settings across 7 independent modules with 100% verified restore accuracy.

---

🌟 Highlights

• ✅ 633 Security Settings across 7 independent modules
• ✅ 100% BAVR Coverage - Backup, Apply, Verify, Restore
• ✅ Zero-Day Protection - CVE-2025-9491 (.lnk attack mitigation)
• ✅ 100% Restore Accuracy - VM tested & verified
• ✅ mitm6 Protection - IPv6 disable option (Maximum profile)
• ✅ GPL v3.0 License - Dual-licensing available
• ✅ Production-Ready - Tested on Windows 11 25H2

---

📦 What's Included

Module	Settings	Description
SecurityBaseline	425	Microsoft Security Baseline 25H2
ASR	19	Attack Surface Reduction Rules
DNS	5	Secure DNS with DoH encryption
Privacy	78	Telemetry, Bloatware, OneDrive hardening
AntiAI	32	AI Lockdown (Recall, Copilot, Click to Do)
EdgeHardening	24	Microsoft Edge v139 Baseline
AdvancedSecurity	50	Beyond MS Baseline (15 features)
TOTAL	633	Complete Hardening

---

🆕 What's New in v2.2.0

• IPv6 Disable - mitm6/DHCPv6 attack mitigation (Maximum profile)
• Click to Do Blocking - Windows 11 screenshot AI analysis disabled
• Settings Agent Disable - AI-powered Settings search blocked
• Explorer AI Actions - Context menu AI features removed
• Notepad AI Blocking - Write/Summarize/Rewrite/Explain disabled
• Paint AI Blocking - Cocreator/Generative Fill/Image Creator disabled
• Typing Data Protection - AllowLinguisticDataCollection disabled
• Enhanced Restore - 100% accuracy verified on fresh Windows 11 VM
• Auditor Fixes - Improved Verify, Restore, and Admin detection

---

🚀 Quick Start

One-Liner Install:

irm https://raw.githubusercontent.com/NexusOne23/noid-privacy/main/install.ps1 | iex

Manual Install:

1. Download Source code (zip) below
2. Extract to a folder
3. Run Start-NoIDPrivacy.bat as Administrator

Verify After Installation:

.\Tools\Verify-Complete-Hardening.ps1

# Expected output:
# SecurityBaseline: 425/425 verified
# ASR: 19/19 verified
# DNS: 5/5 verified
# Privacy: 78/78 verified
# AntiAI: 32/32 verified
# EdgeHardening: 24/24 verified
# AdvancedSecurity: 50/50 verified
# Total: 633/633 (100%)

---

🎯 System Requirements

Requirement	Specification
OS	Windows 11 24H2 (Build 26100+) or 25H2 (Build 26200+)
PowerShell	5.1+ (built-in)
Admin Rights	Required
TPM	2.0 (for BitLocker, Credential Guard, VBS)
RAM	8 GB minimum (16 GB recommended for VBS)

⚠️ Note: Windows 11 23H2 and older are not supported. Please update to 24H2 or newer.

---

🛡️ Antivirus Compatibility

Your Setup	What Happens	Coverage
Defender Active	All modules applied	633 settings (100%)
3rd-Party AV	ASR skipped, all other modules applied	614 settings (~97%)

---

📋 Full Changelog

See CHANGELOG.md

---

📜 License

Version	License
v1.8.3 and earlier	MIT License
v2.0.0 and later	GPL v3.0 + Commercial dual-licensing

See LICENSE

---

🔐 Code Quality & Testing

• Testing: Unit and integration tests available in Tests/ directory
• Verification: 633 automated compliance checks in production
• VM Tested: Full Apply → Verify → Restore cycle verified
• Analysis: Run .\Tests\Run-Tests.ps1 to validate yourself
• Report vulnerabilities: Security Advisories

---

💬 Support & Community

• 📖 Documentation: README.md
• 💬 Discussions: GitHub Discussions
• 🐛 Issues: GitHub Issues
• 💼 Commercial Licensing: Contact via Discussions

---

⚠️ Important Warnings

⚠️ Create a system backup before running (CRITICAL!)

⚠️ Test in a VM first (recommended)

⚠️ Domain-joined systems: Coordinate with IT team

⚠️ Read documentation thoroughly

---

Made with 🛡️ for the Windows Security Community

NexusOne23 • v2.2.0 • December 2025