deejayy/howto.txt

## howto.txt
Get-EventLog -Log Security -Newest 100 -InstanceId 5152 -Message "*%%14593*" | Sort-Object -Property TimeGenerated | Select-Object -ExpandProperty Message | ? { $_ -notlike "*svchost*" } | % { $_ -split "\r\n" } | ? { $_ -like "*Application Name*" -or $_ -like "*Destination*" } | % { $_ -replace "\\device\\harddiskvolume.",":" }

$path = Read-Host 'Path: '
$appName = Read-Host 'App name: '

$date = Get-Date -Format "yyyy-MM-dd"

Write-Output "XX $appName / $date"

New-NetFirewallRule -DisplayName "XX $appName / $date" -Direction Outbound -Program $path -Action Allow

--

Runner.bat:

@echo off

powershell.exe -Command "Start-Process powershell.exe -Verb RunAs D:\bin\batch\addfw.ps1"
	Get-EventLog -Log Security -Newest 100 -InstanceId 5152 -Message "%%14593" \| Sort-Object -Property TimeGenerated \| Select-Object -ExpandProperty Message \| ? { $_ -notlike "svchost" } \| % { $_ -split "\r\n" } \| ? { $_ -like "Application Name" -or $_ -like "Destination" } \| % { $_ -replace "\\device\\harddiskvolume.",":" }

	$path = Read-Host 'Path: '
	$appName = Read-Host 'App name: '

	$date = Get-Date -Format "yyyy-MM-dd"

	Write-Output "XX $appName / $date"

	New-NetFirewallRule -DisplayName "XX $appName / $date" -Direction Outbound -Program $path -Action Allow

	--

	Runner.bat:

	@echo off

	powershell.exe -Command "Start-Process powershell.exe -Verb RunAs D:\bin\batch\addfw.ps1"