From 087c522d61678843302f41f2abe6140ce448ab95 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 24 May 2021 13:15:14 -0700 Subject: [PATCH] Task ID 29550212 Implemented last suggested edit to the "create eight hash rules" section. --- .../select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index 000dc79659..390b687187 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -135,7 +135,7 @@ During validation CI will choose which hashes to calculate depending on how the In the cmdlets, rather than try to predict which hash CI will use, we pre-calculate and use the four hashes (sha1/sha2 authenticode, and sha1/sha2 of first page). This is also resilient, if the signing status of the file changes and necessary for deny rules to ensure that changing/stripping the signature doesn’t result in a different hash than what was in the policy being used by CI. -### Why does scan create 8 hash rules for certain XML files? +### Why does scan create eight hash rules for certain XML files? Separate rules are created for UMCI and KMCI. In some cases, files which are purely user-mode or purely kernel-mode may still generate both sets, as CI cannot always precisely determine what is purely user vs. kernel mode and errs on the side of caution.