Update Program.cs

Program.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Diagnostics;
 using System.IO;
@@ -10,7 +10,6 @@
 using System.ComponentModel;
 using System.IO.Compression;
 
-
 namespace dAnSR
 {
     internal enum ASRAction
@@ -23,37 +22,51 @@ internal enum ASRAction
 
     internal struct ASRRule
     {
-        private static Dictionary<string, string> NameDict = new Dictionary<string, string>
+        // Case-insensitive mapping for GUIDs (updated to include all current ASR rules)
+        private static readonly Dictionary<string, string> NameDict = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase)
         {
             { "56a863a9-875e-4185-98a7-b882c64b5ce5", "Block abuse of exploited vulnerable signed drivers" },
             { "7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c", "Block Adobe Reader from creating child processes" },
             { "d4f940ab-401b-4efc-aadc-ad5f3c50688a", "Block all Office applications from creating child processes" },
             { "9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2", "Block credential stealing from the Windows local security authority subsystem (lsass.exe)" },
             { "be9ba2d9-53ea-4cdc-84e5-9b1eeee46550", "Block executable content from email client and webmail" },
-            { "01443614-cd74-433a-b99e-2ecdc07bfc25", "Block executable files from running unless they meet a prevalence or trusted list criterion" },
+            { "01443614-cd74-433a-b99e-2ecdc07bfc25", "Block executable files from running unless they meet a prevalence, age, or trusted list criterion" },
             { "5beb7efe-fd9a-4556-801d-275e5ffc04cc", "Block execution of potentially obfuscated scripts" },
             { "d3e037e1-3eb8-44c8-a917-57927947596d", "Block JavaScript or VBScript from launching downloaded executable content" },
             { "3b576869-a4ec-4529-8536-b80a7769e899", "Block Office applications from creating executable content" },
             { "75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84", "Block Office applications from injecting code into other processes" },
             { "26190899-1602-49e8-8b27-eb1d0a1ce869", "Block Office communication application from creating child processes" },
             { "e6db77e5-3df2-4cf1-b95a-636979351e5b", "Block persistence through WMI event subscription" },
             { "d1e49aac-8f56-4280-b9ba-993a6d77406c", "Block process creations originating from PSExec and WMI commands" },
+            { "33ddedf1-c6e0-47cb-833e-de6133960387", "Block rebooting machine in Safe Mode" },
             { "b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4", "Block untrusted and unsigned processes that run from USB" },
+            { "c0033c00-d16d-4114-a5a0-dc9b3a7d2ceb", "Block use of copied or impersonated system tools" },
+            { "a8f5898e-1dc8-49a9-9878-85004b8a61e6", "Block Webshell creation for Servers" },
             { "92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b", "Block Win32 API calls from Office macros" },
             { "c1db55ab-c21a-4637-bb3f-a12568109d35", "Use advanced protection against ransomware" }
         };
 
         public string Id;
         public ASRAction Action;
 
-        public override string ToString() => $"[{Id}] {NameDict[Id]}: {Action}";
+        public override string ToString()
+        {
+            if (NameDict.TryGetValue(Id, out var name))
+            {
+                return $"[{Id}] {name}: {Action}";
+            }
+            else
+            {
+                return $"[{Id}] <Unknown Rule>: {Action}";
+            }
+        }
     }
 
     internal class Program
     {
         [DllImport("dbghelp.dll", EntryPoint = "MiniDumpWriteDump", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode, ExactSpelling = true, SetLastError = true)]
         private static extern bool MiniDumpWriteDump(IntPtr hProcess, uint processId, SafeHandle hFile, uint dumpType, IntPtr expParam, IntPtr userStreamParam, IntPtr callbackParam);
-        
+
         private static bool IsCurrentDirectoryWritable()
         {
             try