psfalcon icon indicating copy to clipboard operation
psfalcon copied to clipboard
verified publisher icon CrowdStrike

[ BUG ] `Edit-FalconDeviceControlPolicy` does not retain exception descriptions when adding additional exceptions

Open harrim4n opened this issue 2 years ago • 2 comments

Describe the bug When adding a new exception to a device policy which includes a description, the description of already existing exceptions is cleared.

To Reproduce I used a script which basically does the same as the sample file: https://github.com/CrowdStrike/psfalcon/blob/7976423c1e67eadfc5b829862f64eed3194a854a/samples/policies/add-a-list-of-combined_id-exceptions-to-a-device-control-policy.ps1 In line 26, add the "description" parameter and set it to some string (multiline in my case, not sure if relevant).

Expected behavior The existing exceptions should not be modified

Environment (please complete the following information):

  • OS: Debian 11
  • PowerShell: 7.3.3
  • PSFalcon: 2.2.4

Additional context

Transcript content

harrim4n avatar May 05 '23 16:05 harrim4n

Thank you for the report! I was able to re-create this behavior. I suspect this is API related and not restricted to Edit-FalconDeviceControlPolicy. Here's why I think that:

  • The script example you provided does not modify existing exceptions, it only adds new ones
  • Modifying the script to add a description with the new exception still erases any existing descriptions

I'll investigate further and see if I can get an internal issue opened to get it fixed.

bk-cs avatar May 05 '23 18:05 bk-cs

I have confirmed that this is an API issue and not restricted to PSFalcon. I've opened an internal ticket requesting a fix and I'll leave this issue open until I receive confirmation that it is resolved.

bk-cs avatar May 10 '23 16:05 bk-cs