Yesterday, I was working with PowerShellEditorServices to develop a tool. Internally, it uses named pipes to communicate between the client and server. They are both running locally.
At some point, the server named pipe stopped responding. Then I started to notice a bunch of issues with my system.
First, the PowerShell VS Code extension will also not connect. It hangs just like my test app. It also uses Named Pipes by default along with PowerShellEditorServices.
Second, running Get-ExecutionPolicy in PowerShell 7.3.8, returns the following.
get-executionPolicy: The 'get-executionPolicy' command was found in the module 'Microsoft.PowerShell.Security', but the module could not be loaded due to the following error: [The following error occurred while loading the extended type data file:
, C:\program files\powershell\7\Modules\Microsoft.PowerShell.Security\Security.types.ps1xml: The file was skipped because of the following validation exception: File C:\program files\powershell\7\Modules\Microsoft.PowerShell.Security\Security.types.ps1xml cannot be loaded because its operation is blocked by software restriction policies, such as those created by using Group Policy..
]
For more information, run 'Import-Module Microsoft.PowerShell.Security'.
If I start PowerShell as administrator, I can run this command successfully. Additionally, Windows PowerShell does not suffer from these issues.
Finally, I've noticed that the Visual Studio shortcut on my taskbar does not work. It is set to run as administrator and when clicked, it says the application was blocked by my administrator (I'm a local administrator).
This seems like an App Locker, Defender or GP issue but I am running outside of a domain and have not configured any of this. It almost seems like Windows thought I was doing something suspicious and has now locked down my machine in some way.
I can't find anything in Event Logs to indicate why this is happening.
Windows 11 Version 22H2 (OS Build 22621.2428) PowerShell 7.3.8
EDIT: I've realized that some Microsoft certificates are not trusted. I tried both pwsh.exe and devenv.exe. git credential manager, on the other hand, is Valid.
adamr ~ 0ms⠀ Get-AuthenticodeSignature "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.exe" | Format-List
SignerCertificate : [Subject]
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Issuer]
CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Serial Number]
330000034D4E91A61A28B0788F00000000034D
[Not Before]
3/16/2023 1:43:28 PM
[Not After]
3/14/2024 1:43:28 PM
[Thumbprint]
6E78B3DCE2998F6C2457C3E54DA90A01034916AE
TimeStamperCertificate : [Subject]
CN=Microsoft Time-Stamp Service, OU=Thales TSS ESN:FC41-4BD4-D220, OU=Microsoft Ireland
Operations Limited, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Issuer]
CN=Microsoft Time-Stamp PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Serial Number]
33000001B9F6000D65544FBC030001000001B9
[Not Before]
9/20/2022 3:22:17 PM
[Not After]
12/14/2023 2:22:17 PM
[Thumbprint]
C7621E187864E7C310933CD25A49C670B8DF813A
Status : NotTrusted
StatusMessage : File C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.exe is
signed but the signer is not trusted on this system.
Path : C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\IDE\devenv.exe
SignatureType : Authenticode
IsOSBinary : False
adamr ~ 61ms⠀ Get-AuthenticodeSignature "C:\Program Files\PowerShell\7\pwsh.exe" | Format-List
SignerCertificate : [Subject]
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Issuer]
CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Serial Number]
330000034D4E91A61A28B0788F00000000034D
[Not Before]
3/16/2023 1:43:28 PM
[Not After]
3/14/2024 1:43:28 PM
[Thumbprint]
6E78B3DCE2998F6C2457C3E54DA90A01034916AE
TimeStamperCertificate : [Subject]
CN=Microsoft Time-Stamp Service, OU=nShield TSS ESN:8D00-05E0-D947, OU=Microsoft America
Operations, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Issuer]
CN=Microsoft Time-Stamp PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Serial Number]
33000001CD55072AE7CAC1991D0001000001CD
[Not Before]
5/25/2023 2:12:05 PM
[Not After]
2/1/2024 1:12:05 PM
[Thumbprint]
68A9F7A6D8A2B3B916632126227C6A2554E77204
Status : NotTrusted
StatusMessage : File C:\Program Files\PowerShell\7\pwsh.exe is signed but the signer is not trusted on this
system.
Path : C:\Program Files\PowerShell\7\pwsh.exe
SignatureType : Authenticode
IsOSBinary : False
adamr ~ 19ms⠀ Get-AuthenticodeSignature "C:\Program Files\PowerShell\7-preview\pwsh.exe" | Format-List31
SignerCertificate : [Subject]
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Issuer]
CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Serial Number]
330000034D4E91A61A28B0788F00000000034D
[Not Before]
3/16/2023 1:43:28 PM
[Not After]
3/14/2024 1:43:28 PM
[Thumbprint]
6E78B3DCE2998F6C2457C3E54DA90A01034916AE
TimeStamperCertificate : [Subject]
CN=Microsoft Time-Stamp Service, OU=nShield TSS ESN:A000-05E0-D947, OU=Microsoft America
Operations, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Issuer]
CN=Microsoft Time-Stamp PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Serial Number]
33000001D07708AAEFA317C6DD0001000001D0
[Not Before]
5/25/2023 2:12:14 PM
[Not After]
2/1/2024 1:12:14 PM
[Thumbprint]
BCB7C853F0A2945FDD6553916A44FF427EEF4C89
Status : NotTrusted
StatusMessage : File C:\Program Files\PowerShell\7-preview\pwsh.exe is signed but the signer is not trusted
on this system.
Path : C:\Program Files\PowerShell\7-preview\pwsh.exe
SignatureType : Authenticode
IsOSBinary : False
adamr ~ 18ms⠀ Get-AuthenticodeSignature "C:\Program Files\JetBrains\Rider\r2r\2023.2.1R\91943D6DE4B105C375F
B095E3498CF0\git-credential-manager.exe" | Format-List
SignerCertificate : [Subject]
CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Issuer]
CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Serial Number]
33000001519E8D8F4071A30E41000000000151
[Not Before]
5/2/2019 4:37:46 PM
[Not After]
5/2/2020 4:37:46 PM
[Thumbprint]
62009AAABDAE749FD47D19150958329BF6FF4B34
TimeStamperCertificate : [Subject]
CN=Microsoft Time-Stamp Service, OU=Thales TSS ESN:12BC-E3AE-74EB, OU=Microsoft America
Operations, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Issuer]
CN=Microsoft Time-Stamp PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
[Serial Number]
33000000F8C25F33D0B58F15040000000000F8
[Not Before]
10/24/2018 4:14:29 PM
[Not After]
1/10/2020 3:14:29 PM
[Thumbprint]
FA730D24002085268FD7E5261FDF819EF3031B99
Status : Valid
StatusMessage : Signature verified.
Path : C:\Program
Files\JetBrains\Rider\r2r\2023.2.1R\91943D6DE4B105C375FB095E3498CF0\git-credential-manager.exe
SignatureType : Authenticode
IsOSBinary : False
