This commit improves the security, reliability, and robustness of
directory cleanup operations on Windows.
The focus is shifted from deleting entire directories to purging their
contents, addressing potential unintended side effects. Previously,
numerous directories were removed, which could destabilize system
behavior.
This improvement has crucial security implications. The prior approach
involved changing ownership and assigning permissions to the directory
itself, leading to an altered and potentially less secure OS security
posture.
Directory removal improvements include:
- Output user-friendly messages.
- Improved ownership and permission handling for file deletion.
- Explicit shared functions for enhanced reliability/security.
- Centralized way to delete glob (wildcard) patterns in Windows.
Notable script improvements:
- 'Clear Steam dumps, logs, and traces':
- Convert the script to a category to provide more granularity.
- Improve cache cleaning, ensuring the entire cache directory is
cleared, not just the log files.
- 'Clear "Temporary Internet Files" (browser cache)':
- Add more documentation.
- Grant necessary permissions to folders, fixing errors due to
lack of permissions before.
- 'Clear Windows Update Medic Service logs':
- Remove redundant permission grants, as they are unnecessary in
recent Windows versions.
- 'Clear Server-initiated Healing Events system logs',
'Clear Windows Update events logs':
- Merge due to identical functionalities.
- Add more documentation.
- 'Clear Defender scan (protection) history':
- Remove the execution with `TrustedInstallerPrivileges`, uniformly
using `grantPermissions` as with other scripts. This addresses the
false-positive alerts from Microsoft Defender, as discussed in #264.
- 'Clear "Temporary Internet Files" (browser cache)':
- Retain `INetCache` and `Temporary Internet Files` directories,
purging only their contents. This approach aims to resolve the issue
mentioned in #145, where the absence of these folders could prevent
Microsoft Office applications from launching.
- Simplify `README.md` by creating and moving some documentation to
`architecture.md`.
- Add more documentation for state handling between layers.
- Improve some documentation to use clearer language.
