Skip to content

Disable AMSI content logging in release#26235

Merged
iSazonov merged 1 commit into
PowerShell:masterfrom
xtqqczze:GH21497
Dec 3, 2025
Merged

Disable AMSI content logging in release#26235
iSazonov merged 1 commit into
PowerShell:masterfrom
xtqqczze:GH21497

Conversation

@xtqqczze
Copy link
Copy Markdown
Contributor

@xtqqczze xtqqczze commented Oct 17, 2025

@xtqqczze xtqqczze changed the title Disale AMSI content logging in release Disable AMSI content logging in release Oct 18, 2025
@iSazonov
Copy link
Copy Markdown
Collaborator

iSazonov commented Oct 18, 2025

WG conclusion was to remove the code at all.

@xtqqczze
Copy link
Copy Markdown
Contributor Author

xtqqczze commented Oct 18, 2025

WG conclusion was to remove the code at all.

Removing the test code only in release builds seems consistent with the intent of the WG’s decision.

@xtqqczze xtqqczze marked this pull request as ready for review October 18, 2025 13:12
@TravisEz13 TravisEz13 added WG-Security security related areas such as JEA Needs-Triage The issue is new and needs to be triaged by a work group. labels Oct 18, 2025
@TravisEz13 TravisEz13 requested a review from Copilot October 20, 2025 18:15
Copilot AI reviewed Oct 20, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR disables AMSI (Anti-Malware Scan Interface) content logging in release builds by wrapping debug-only code in #if DEBUG directives. This addresses performance and security concerns where environment variable-based debugging features should not be active in production releases.

Key changes:

  • Wrapped the DumpLogAMSIContent lazy initialization in #if DEBUG
  • Wrapped all console logging statements and the generic exception handler that reference DumpLogAMSIContent in #if DEBUG

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

Comment thread src/System.Management.Automation/engine/runtime/Operations/MiscOps.cs Outdated
@xtqqczze
Copy link
Copy Markdown
Contributor Author

xtqqczze commented Oct 20, 2025

WG conclusion was to remove the code at all.

@TravisEz13 Do you think we should keep this in debug, or remove completely?

SydneyhSmith
SydneyhSmith approved these changes Oct 20, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@SydneyhSmith SydneyhSmith left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewed by security WG

@xtqqczze xtqqczze mentioned this pull request Oct 20, 2025
Open
@iSazonov iSazonov added the CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log label Oct 21, 2025
@microsoft-github-policy-service microsoft-github-policy-service Bot added the Review - Needed The PR is being reviewed label Oct 28, 2025
@iSazonov iSazonov requested a review from TravisEz13 October 28, 2025 11:53
@xtqqczze
Copy link
Copy Markdown
Contributor Author

xtqqczze commented Nov 12, 2025

@iSazonov Please approve workflows.

@TravisEz13
Copy link
Copy Markdown
Member

TravisEz13 commented Nov 24, 2025

@powershell/WG-Security approved for merge into master

@TravisEz13 TravisEz13 removed Review - Needed The PR is being reviewed Needs-Triage The issue is new and needs to be triaged by a work group. labels Nov 24, 2025
@microsoft-github-policy-service microsoft-github-policy-service Bot added the Review - Needed The PR is being reviewed label Dec 2, 2025
@iSazonov iSazonov self-assigned this Dec 3, 2025
@microsoft-github-policy-service microsoft-github-policy-service Bot removed the Review - Needed The PR is being reviewed label Dec 3, 2025
@iSazonov iSazonov merged commit 11f91df into PowerShell:master Dec 3, 2025
39 checks passed
@xtqqczze xtqqczze deleted the GH21497 branch December 3, 2025 16:31
SIRMARGIN pushed a commit to SIRMARGIN/PowerShell that referenced this pull request Dec 12, 2025
@xtqqczze @SIRMARGIN
Disable AMSI content logging in release (PowerShell#26235)
3ffa4dc
kilasuit pushed a commit to kilasuit/PowerShell that referenced this pull request Jan 2, 2026
@xtqqczze @kilasuit
Disable AMSI content logging in release (PowerShell#26235)
2ef6a76
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@iSazonov iSazonov iSazonov approved these changes

@TravisEz13 TravisEz13 Awaiting requested review from TravisEz13

+1 more reviewer

@SydneyhSmith SydneyhSmith SydneyhSmith approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@iSazonov iSazonov

Labels

CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log WG-Security security related areas such as JEA

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

__PSDumpAMSILogContent debug logging sent to stdout

5 participants

@xtqqczze @iSazonov @TravisEz13 @SydneyhSmith