Windows Defender Application Control (WDAC) Basics
ฝัง
- เผยแพร่เมื่อ 20 ก.ค. 2021
- Windows Defender Application Control is a way to whitelist applications and DLLs on your Windows 10 Professional and Enterprise environments. This video demonstrates the basic operation and configuration of WDAC on a stand alone Windows 10 Enterprise workstation.
- วิทยาศาสตร์และเทคโนโลยี
Good quick intro. Thanks.
Love the first principles approach to this
Thanks Rob, do you have a good source on whitelisting additional programs in the XML file?
I don't whitelist I blacklist, far easier to manage.
Cool. All very clear but I'm not really sure why I'm running the ConvertFrom-CIPolicy PS - what is it actually doing?
Converts an .xml file that contains a Code Integrity policy into binary format.
How would you add exceptions (whitelist) software such as Adobe Acrobat Reader?
Create a suitable policy and apply that. The policy would provide customised handing for Acrobat executables based on their location or executable file properties.
Followed similar steps. But unable to see putty is blocked by wdac on windows 11. Are there any extra configurations needed ?
R U using W11 Enterprise? It won't work stand alone on anythign else.
How/Where do you create the code Integrity policy? Where did you get your example policies in the video?
What if I wanted to white-list putty.exe, can that be done by hash or anything?
Example policies are here - C:\Windows\schemas\CodeIntegrity\ExamplePolicies. You can whitelist anything you wish.
See this on how to create policies - techcommunity.microsoft.com/t5/core-infrastructure-and-security/deploying-windows-10-application-control-policy/ba-p/2486267
Is this applicable for windows 10 home edition?
No. Business versions only as far as I know, although someone did say here that with the latest latest update to Windows 11 it will be but I'd suggest no as it is too complex for home users
How do i remove this permanently? It automatically blocks everything. Including powershell and CMD and prevents all diver installations. Its bricked the computer. All i can do is run Microsoft edge and the windows store.
learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies
I've been getting an Error Your Organization has used WDAC to block this app on my virtual box . I tried everything and It's still not working any ideas?
Clearly there is a policy in play. Look at the MS guide to troublehooting WDAC. Note many things can apply a WDAC policy.
Is there a way to block an app and prompt the user send a message to the administrator requesting whitelist? I believe my previous employer had something that did this, but I cant for the life of me remember what it was. I believe it started with "bit" like "bitlocker"...
Not with MDAC no. There is no user interaction.
@@directorcia Do you know of a way to do this? It would help a ton!
@@PhrostyGaming Third Party app
ConvertFrom-CIPolicy -XmlFilePath 'c:\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Enforced.xml' -BinaryFilePath c:\Windows\System32\CodeIntegrity\SIPolicy.p7b
WDAC you state is more secure than Applocker.
Is WDAC more secure than Whitelisting in SRP via Group Politics ?
Yes as WDAC is applied prior to system boot.
@@directorcia I have Win 10 Pro build 19043 .1526 and i see it's supported. Once i enabled "Turn on script execution" in the Windows Components\Windows Power Shell in Group Policy and i noticed the ` character at the end of top 2 lines of text , the script ran correctly however nothing has changed and windows defender is enabled . Any ideas why that didn't work
Trying to help my 88 yr old mother who almost lost everything to scammers by protecting her from herself.
@@nvidiashield495 I wouldn’t be doing wdac for your mother. It is designed for commercial machines. Use app locker for her if u must.
@@directorcia applocker as you know is for Enterprise and she has Pro. She only needs to run a few windows programs and browse the internet. I also enjoy learning and I’m trying this on my machine and it has pro also. Once I test this out on my pc I’ll find what works best for her .
Thanks Robert
Ok I got it working via group policy under system\Device guard\deploy windows Defender App control.Great video and thanks for your time.
Note: just notes for myself. I know your aware already of GPO’s