From 560d09e0e55760ffc4b97bf4242133b7203d0af2 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Mon, 7 Jun 2021 15:26:17 -0700 Subject: [PATCH 1/2] Added a section for supplemental policies. --- .../select-types-of-rules-to-create.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index add268e0ee..f5e5b8c109 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -71,6 +71,16 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru | **18 Disabled:Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. NOTE: This option is only supported on Windows 10, version 1903, and above. | | **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries. NOTE: This option is only supported on Windows 10, version 1803, and above. | +### The following options are valid for supplemental policies. However, number 5 is not implemented as it is reserved for future work, and number 7 is not supported. +| Rule option | Description | +|------------ | ----------- | +| 5 | Enabled: Inherit Default Policy | +| **6** | **Enabled: Unsigned System Integrity Policy** | +| 7 | Allowed: Debug Policy Augmented | +| **13** | **Enabled: Managed Installer** | +| **14** | **Enabled: Intelligent Security Graph Authorization** | +| **18** | **Disabled: Runtime FilePath Rule Protection** | + ## Windows Defender Application Control file rule levels File rule levels allow administrators to specify the level at which they want to trust their applications. This level of trust could be as granular as the hash of each binary or as general as a CA certificate. You specify file rule levels when using WDAC PowerShell cmdlets to create and modify policies. From 066d6aafe79323432eec25fcd9b80bc49a6cc1cf Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 8 Jun 2021 09:38:41 -0700 Subject: [PATCH 2/2] Removed the heading format for the new text and also swapped out "number" for "option." --- .../select-types-of-rules-to-create.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md index f5e5b8c109..7a56e31130 100644 --- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md +++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md @@ -71,7 +71,8 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru | **18 Disabled:Runtime FilePath Rule Protection** | This option disables the default runtime check that only allows FilePath rules for paths that are only writable by an administrator. NOTE: This option is only supported on Windows 10, version 1903, and above. | | **19 Enabled:Dynamic Code Security** | Enables policy enforcement for .NET applications and dynamically loaded libraries. NOTE: This option is only supported on Windows 10, version 1803, and above. | -### The following options are valid for supplemental policies. However, number 5 is not implemented as it is reserved for future work, and number 7 is not supported. +The following options are valid for supplemental policies. However, option 5 is not implemented as it is reserved for future work, and option 7 is not supported. + | Rule option | Description | |------------ | ----------- | | 5 | Enabled: Inherit Default Policy |