diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index 52aec39ca6..dcad6a2586 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -6,307 +6,306 @@
items:
- name: WDAC and AppLocker Overview
href: wdac-and-applocker-overview.md
+ - name: WDAC and AppLocker Feature Availability
+ href: feature-availability.md
+ - name: Virtualization-based protection of code integrity
+ href: ../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+- name: WDAC design guide
+ href: windows-defender-application-control-design-guide.md
+ items:
+ - name: Plan for WDAC policy lifecycle management
+ href: plan-windows-defender-application-control-management.md
+ - name: Design your WDAC policy
items:
- - name: WDAC and AppLocker Feature Availability
- href: feature-availability.md
- - name: Virtualization-based protection of code integrity
- href: ../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
- - name: WDAC design guide
- href: windows-defender-application-control-design-guide.md
+ - name: Understand WDAC policy design decisions
+ href: understand-windows-defender-application-control-policy-design-decisions.md
+ - name: Understand WDAC policy rules and file rules
+ href: select-types-of-rules-to-create.md
+ items:
+ - name: Allow apps installed by a managed installer
+ href: configure-authorized-apps-deployed-with-a-managed-installer.md
+ - name: Allow reputable apps with Intelligent Security Graph (ISG)
+ href: use-windows-defender-application-control-with-intelligent-security-graph.md
+ - name: Allow COM object registration
+ href: allow-com-object-registration-in-windows-defender-application-control-policy.md
+ - name: Use WDAC with .NET hardening
+ href: use-windows-defender-application-control-with-dynamic-code-security.md
+ - name: Manage packaged apps with WDAC
+ href: manage-packaged-apps-with-windows-defender-application-control.md
+ - name: Use WDAC to control specific plug-ins, add-ins, and modules
+ href: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+ - name: Understand WDAC policy settings
+ href: understanding-wdac-policy-settings.md
+ - name: Use multiple WDAC policies
+ href: deploy-multiple-windows-defender-application-control-policies.md
+ - name: Create your WDAC policy
items:
- - name: Plan for WDAC policy lifecycle management
- href: plan-windows-defender-application-control-management.md
- - name: Design your WDAC policy
+ - name: Example WDAC base policies
+ href: example-wdac-base-policies.md
+ - name: Policy creation for common WDAC usage scenarios
+ href: types-of-devices.md
items:
- - name: Understand WDAC policy design decisions
- href: understand-windows-defender-application-control-policy-design-decisions.md
- - name: Understand WDAC policy rules and file rules
- href: select-types-of-rules-to-create.md
- items:
- - name: Allow apps installed by a managed installer
- href: configure-authorized-apps-deployed-with-a-managed-installer.md
- - name: Allow reputable apps with Intelligent Security Graph (ISG)
- href: use-windows-defender-application-control-with-intelligent-security-graph.md
- - name: Allow COM object registration
- href: allow-com-object-registration-in-windows-defender-application-control-policy.md
- - name: Use WDAC with .NET hardening
- href: use-windows-defender-application-control-with-dynamic-code-security.md
- - name: Manage packaged apps with WDAC
- href: manage-packaged-apps-with-windows-defender-application-control.md
- - name: Use WDAC to control specific plug-ins, add-ins, and modules
- href: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
- - name: Understand WDAC policy settings
- href: understanding-wdac-policy-settings.md
- - name: Use multiple WDAC policies
- href: deploy-multiple-windows-defender-application-control-policies.md
- - name: Create your WDAC policy
+ - name: Create a WDAC policy for lightly managed devices
+ href: create-wdac-policy-for-lightly-managed-devices.md
+ - name: Create a WDAC policy for fully managed devices
+ href: create-wdac-policy-for-fully-managed-devices.md
+ - name: Create a WDAC policy for fixed-workload devices
+ href: create-initial-default-policy.md
+ - name: Create a WDAC deny list policy
+ href: create-wdac-deny-policy.md
+ - name: Microsoft recommended block rules
+ href: microsoft-recommended-block-rules.md
+ - name: Microsoft recommended driver block rules
+ href: microsoft-recommended-driver-block-rules.md
+ - name: Use the WDAC Wizard tool
+ href: wdac-wizard.md
items:
- - name: Example WDAC base policies
- href: example-wdac-base-policies.md
- - name: Policy creation for common WDAC usage scenarios
- href: types-of-devices.md
- items:
- - name: Create a WDAC policy for lightly managed devices
- href: create-wdac-policy-for-lightly-managed-devices.md
- - name: Create a WDAC policy for fully managed devices
- href: create-wdac-policy-for-fully-managed-devices.md
- - name: Create a WDAC policy for fixed-workload devices
- href: create-initial-default-policy.md
- - name: Create a WDAC deny list policy
- href: create-wdac-deny-policy.md
- - name: Microsoft recommended block rules
- href: microsoft-recommended-block-rules.md
- - name: Microsoft recommended driver block rules
- href: microsoft-recommended-driver-block-rules.md
- - name: Use the WDAC Wizard tool
- href: wdac-wizard.md
- items:
- - name: Create a base WDAC policy with the Wizard
- href: wdac-wizard-create-base-policy.md
- - name: Create a supplemental WDAC policy with the Wizard
- href: wdac-wizard-create-supplemental-policy.md
- - name: Editing a WDAC policy with the Wizard
- href: wdac-wizard-editing-policy.md
- - name: Merging multiple WDAC policies with the Wizard
- href: wdac-wizard-merging-policies.md
- - name: WDAC deployment guide
- href: windows-defender-application-control-deployment-guide.md
+ - name: Create a base WDAC policy with the Wizard
+ href: wdac-wizard-create-base-policy.md
+ - name: Create a supplemental WDAC policy with the Wizard
+ href: wdac-wizard-create-supplemental-policy.md
+ - name: Editing a WDAC policy with the Wizard
+ href: wdac-wizard-editing-policy.md
+ - name: Merging multiple WDAC policies with the Wizard
+ href: wdac-wizard-merging-policies.md
+- name: WDAC deployment guide
+ href: windows-defender-application-control-deployment-guide.md
+ items:
+ - name: Deploy WDAC policies with MDM
+ href: deployment/deploy-windows-defender-application-control-policies-using-intune.md
+ - name: Deploy WDAC policies with Configuration Manager
+ href: deployment/deploy-wdac-policies-with-memcm.md
+ - name: Deploy WDAC policies with script
+ href: deployment/deploy-wdac-policies-with-script.md
+ - name: Deploy WDAC policies with group policy
+ href: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
+ - name: Audit WDAC policies
+ href: audit-windows-defender-application-control-policies.md
+ - name: Merge WDAC policies
+ href: merge-windows-defender-application-control-policies.md
+ - name: Enforce WDAC policies
+ href: enforce-windows-defender-application-control-policies.md
+ - name: Use code signing to simplify application control for classic Windows applications
+ href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
items:
- - name: Deploy WDAC policies with MDM
- href: deployment/deploy-windows-defender-application-control-policies-using-intune.md
- - name: Deploy WDAC policies with Configuration Manager
- href: deployment/deploy-wdac-policies-with-memcm.md
- - name: Deploy WDAC policies with script
- href: deployment/deploy-wdac-policies-with-script.md
- - name: Deploy WDAC policies with group policy
- href: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
- - name: Audit WDAC policies
- href: audit-windows-defender-application-control-policies.md
- - name: Merge WDAC policies
- href: merge-windows-defender-application-control-policies.md
- - name: Enforce WDAC policies
- href: enforce-windows-defender-application-control-policies.md
- - name: Use code signing to simplify application control for classic Windows applications
- href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
- items:
- - name: "Optional: Use the WDAC Signing Portal in the Microsoft Store for Business"
- href: use-device-guard-signing-portal-in-microsoft-store-for-business.md
- - name: "Optional: Create a code signing cert for WDAC"
- href: create-code-signing-cert-for-windows-defender-application-control.md
- - name: Deploy catalog files to support WDAC
- href: deploy-catalog-files-to-support-windows-defender-application-control.md
- - name: Use signed policies to protect Windows Defender Application Control against tampering
- href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
- - name: Disable WDAC policies
- href: disable-windows-defender-application-control-policies.md
- - name: LOB Win32 Apps on S Mode
- href: LOB-win32-apps-on-s.md
- - name: WDAC operational guide
- href: windows-defender-application-control-operational-guide.md
+ - name: "Optional: Use the WDAC Signing Portal in the Microsoft Store for Business"
+ href: use-device-guard-signing-portal-in-microsoft-store-for-business.md
+ - name: "Optional: Create a code signing cert for WDAC"
+ href: create-code-signing-cert-for-windows-defender-application-control.md
+ - name: Deploy catalog files to support WDAC
+ href: deploy-catalog-files-to-support-windows-defender-application-control.md
+ - name: Use signed policies to protect Windows Defender Application Control against tampering
+ href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+ - name: Disable WDAC policies
+ href: disable-windows-defender-application-control-policies.md
+ - name: LOB Win32 Apps on S Mode
+ href: LOB-win32-apps-on-s.md
+- name: WDAC operational guide
+ href: windows-defender-application-control-operational-guide.md
+ items:
+ - name: Understanding Application Control event tags
+ href: event-tag-explanations.md
+ - name: Understanding Application Control event IDs
+ href: event-id-explanations.md
+ - name: Query WDAC events with Advanced hunting
+ href: querying-application-control-events-centrally-using-advanced-hunting.md
+ - name: Known Issues
+ href: operations/known-issues.md
+ - name: Managed installer and ISG technical reference and troubleshooting guide
+ href: configure-wdac-managed-installer.md
+- name: WDAC AppId Tagging guide
+ href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
+ items:
+ - name: Creating AppId Tagging Policies
+ href: AppIdTagging/design-create-appid-tagging-policies.md
+ - name: Deploying AppId Tagging Policies
+ href: AppIdTagging/deploy-appid-tagging-policies.md
+ - name: Testing and Debugging AppId Tagging Policies
+ href: AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
+- name: AppLocker
+ href: applocker\applocker-overview.md
+ items:
+ - name: Administer AppLocker
+ href: applocker\administer-applocker.md
items:
- - name: Understanding Application Control event tags
- href: event-tag-explanations.md
- - name: Understanding Application Control event IDs
- href: event-id-explanations.md
- - name: Query WDAC events with Advanced hunting
- href: querying-application-control-events-centrally-using-advanced-hunting.md
- - name: Known Issues
- href: operations/known-issues.md
- - name: Managed installer and ISG technical reference and troubleshooting guide
- href: configure-wdac-managed-installer.md
- - name: WDAC AppId Tagging guide
- href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
+ - name: Maintain AppLocker policies
+ href: applocker\maintain-applocker-policies.md
+ - name: Edit an AppLocker policy
+ href: applocker\edit-an-applocker-policy.md
+ - name: Test and update an AppLocker policy
+ href: applocker\test-and-update-an-applocker-policy.md
+ - name: Deploy AppLocker policies by using the enforce rules setting
+ href: applocker\deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+ - name: Use the AppLocker Windows PowerShell cmdlets
+ href: applocker\use-the-applocker-windows-powershell-cmdlets.md
+ - name: Use AppLocker and Software Restriction Policies in the same domain
+ href: applocker\use-applocker-and-software-restriction-policies-in-the-same-domain.md
+ - name: Optimize AppLocker performance
+ href: applocker\optimize-applocker-performance.md
+ - name: Monitor app usage with AppLocker
+ href: applocker\monitor-application-usage-with-applocker.md
+ - name: Manage packaged apps with AppLocker
+ href: applocker\manage-packaged-apps-with-applocker.md
+ - name: Working with AppLocker rules
+ href: applocker\working-with-applocker-rules.md
+ items:
+ - name: Create a rule that uses a file hash condition
+ href: applocker\create-a-rule-that-uses-a-file-hash-condition.md
+ - name: Create a rule that uses a path condition
+ href: applocker\create-a-rule-that-uses-a-path-condition.md
+ - name: Create a rule that uses a publisher condition
+ href: applocker\create-a-rule-that-uses-a-publisher-condition.md
+ - name: Create AppLocker default rules
+ href: applocker\create-applocker-default-rules.md
+ - name: Add exceptions for an AppLocker rule
+ href: applocker\configure-exceptions-for-an-applocker-rule.md
+ - name: Create a rule for packaged apps
+ href: applocker\create-a-rule-for-packaged-apps.md
+ - name: Delete an AppLocker rule
+ href: applocker\delete-an-applocker-rule.md
+ - name: Edit AppLocker rules
+ href: applocker\edit-applocker-rules.md
+ - name: Enable the DLL rule collection
+ href: applocker\enable-the-dll-rule-collection.md
+ - name: Enforce AppLocker rules
+ href: applocker\enforce-applocker-rules.md
+ - name: Run the Automatically Generate Rules wizard
+ href: applocker\run-the-automatically-generate-rules-wizard.md
+ - name: Working with AppLocker policies
+ href: applocker\working-with-applocker-policies.md
+ items:
+ - name: Configure the Application Identity service
+ href: applocker\configure-the-application-identity-service.md
+ - name: Configure an AppLocker policy for audit only
+ href: applocker\configure-an-applocker-policy-for-audit-only.md
+ - name: Configure an AppLocker policy for enforce rules
+ href: applocker\configure-an-applocker-policy-for-enforce-rules.md
+ - name: Display a custom URL message when users try to run a blocked app
+ href: applocker\display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+ - name: Export an AppLocker policy from a GPO
+ href: applocker\export-an-applocker-policy-from-a-gpo.md
+ - name: Export an AppLocker policy to an XML file
+ href: applocker\export-an-applocker-policy-to-an-xml-file.md
+ - name: Import an AppLocker policy from another computer
+ href: applocker\import-an-applocker-policy-from-another-computer.md
+ - name: Import an AppLocker policy into a GPO
+ href: applocker\import-an-applocker-policy-into-a-gpo.md
+ - name: Add rules for packaged apps to existing AppLocker rule-set
+ href: applocker\add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+ - name: Merge AppLocker policies by using Set-ApplockerPolicy
+ href: applocker\merge-applocker-policies-by-using-set-applockerpolicy.md
+ - name: Merge AppLocker policies manually
+ href: applocker\merge-applocker-policies-manually.md
+ - name: Refresh an AppLocker policy
+ href: applocker\refresh-an-applocker-policy.md
+ - name: Test an AppLocker policy by using Test-AppLockerPolicy
+ href: applocker\test-an-applocker-policy-by-using-test-applockerpolicy.md
+ - name: AppLocker design guide
+ href: applocker\applocker-policies-design-guide.md
items:
- - name: Creating AppId Tagging Policies
- href: AppIdTagging/design-create-appid-tagging-policies.md
- - name: Deploying AppId Tagging Policies
- href: AppIdTagging/deploy-appid-tagging-policies.md
- - name: Testing and Debugging AppId Tagging Policies
- href: AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
- - name: AppLocker
- href: applocker\applocker-overview.md
+ - name: Understand AppLocker policy design decisions
+ href: applocker\understand-applocker-policy-design-decisions.md
+ - name: Determine your application control objectives
+ href: applocker\determine-your-application-control-objectives.md
+ - name: Create a list of apps deployed to each business group
+ href: applocker\create-list-of-applications-deployed-to-each-business-group.md
+ items:
+ - name: Document your app list
+ href: applocker\document-your-application-list.md
+ - name: Select the types of rules to create
+ href: applocker\select-types-of-rules-to-create.md
+ items:
+ - name: Document your AppLocker rules
+ href: applocker\document-your-applocker-rules.md
+ - name: Determine the Group Policy structure and rule enforcement
+ href: applocker\determine-group-policy-structure-and-rule-enforcement.md
+ items:
+ - name: Understand AppLocker enforcement settings
+ href: applocker\understand-applocker-enforcement-settings.md
+ - name: Understand AppLocker rules and enforcement setting inheritance in Group Policy
+ href: applocker\understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+ - name: Document the Group Policy structure and AppLocker rule enforcement
+ href: applocker\document-group-policy-structure-and-applocker-rule-enforcement.md
+ - name: Plan for AppLocker policy management
+ href: applocker\plan-for-applocker-policy-management.md
+ - name: AppLocker deployment guide
+ href: applocker\applocker-policies-deployment-guide.md
items:
- - name: Administer AppLocker
- href: applocker\administer-applocker.md
+ - name: Understand the AppLocker policy deployment process
+ href: applocker\understand-the-applocker-policy-deployment-process.md
+ - name: Requirements for Deploying AppLocker Policies
+ href: applocker\requirements-for-deploying-applocker-policies.md
+ - name: Use Software Restriction Policies and AppLocker policies
+ href: applocker\using-software-restriction-policies-and-applocker-policies.md
+ - name: Create Your AppLocker policies
+ href: applocker\create-your-applocker-policies.md
items:
- - name: Maintain AppLocker policies
- href: applocker\maintain-applocker-policies.md
- - name: Edit an AppLocker policy
- href: applocker\edit-an-applocker-policy.md
- - name: Test and update an AppLocker policy
- href: applocker\test-and-update-an-applocker-policy.md
- - name: Deploy AppLocker policies by using the enforce rules setting
- href: applocker\deploy-applocker-policies-by-using-the-enforce-rules-setting.md
- - name: Use the AppLocker Windows PowerShell cmdlets
- href: applocker\use-the-applocker-windows-powershell-cmdlets.md
- - name: Use AppLocker and Software Restriction Policies in the same domain
- href: applocker\use-applocker-and-software-restriction-policies-in-the-same-domain.md
- - name: Optimize AppLocker performance
- href: applocker\optimize-applocker-performance.md
- - name: Monitor app usage with AppLocker
- href: applocker\monitor-application-usage-with-applocker.md
- - name: Manage packaged apps with AppLocker
- href: applocker\manage-packaged-apps-with-applocker.md
- - name: Working with AppLocker rules
- href: applocker\working-with-applocker-rules.md
- items:
- - name: Create a rule that uses a file hash condition
- href: applocker\create-a-rule-that-uses-a-file-hash-condition.md
- - name: Create a rule that uses a path condition
- href: applocker\create-a-rule-that-uses-a-path-condition.md
- - name: Create a rule that uses a publisher condition
- href: applocker\create-a-rule-that-uses-a-publisher-condition.md
- - name: Create AppLocker default rules
- href: applocker\create-applocker-default-rules.md
- - name: Add exceptions for an AppLocker rule
- href: applocker\configure-exceptions-for-an-applocker-rule.md
- - name: Create a rule for packaged apps
- href: applocker\create-a-rule-for-packaged-apps.md
- - name: Delete an AppLocker rule
- href: applocker\delete-an-applocker-rule.md
- - name: Edit AppLocker rules
- href: applocker\edit-applocker-rules.md
- - name: Enable the DLL rule collection
- href: applocker\enable-the-dll-rule-collection.md
- - name: Enforce AppLocker rules
- href: applocker\enforce-applocker-rules.md
- - name: Run the Automatically Generate Rules wizard
- href: applocker\run-the-automatically-generate-rules-wizard.md
- - name: Working with AppLocker policies
- href: applocker\working-with-applocker-policies.md
- items:
- - name: Configure the Application Identity service
- href: applocker\configure-the-application-identity-service.md
- - name: Configure an AppLocker policy for audit only
- href: applocker\configure-an-applocker-policy-for-audit-only.md
- - name: Configure an AppLocker policy for enforce rules
- href: applocker\configure-an-applocker-policy-for-enforce-rules.md
- - name: Display a custom URL message when users try to run a blocked app
- href: applocker\display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
- - name: Export an AppLocker policy from a GPO
- href: applocker\export-an-applocker-policy-from-a-gpo.md
- - name: Export an AppLocker policy to an XML file
- href: applocker\export-an-applocker-policy-to-an-xml-file.md
- - name: Import an AppLocker policy from another computer
- href: applocker\import-an-applocker-policy-from-another-computer.md
- - name: Import an AppLocker policy into a GPO
- href: applocker\import-an-applocker-policy-into-a-gpo.md
- - name: Add rules for packaged apps to existing AppLocker rule-set
- href: applocker\add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
- - name: Merge AppLocker policies by using Set-ApplockerPolicy
- href: applocker\merge-applocker-policies-by-using-set-applockerpolicy.md
- - name: Merge AppLocker policies manually
- href: applocker\merge-applocker-policies-manually.md
- - name: Refresh an AppLocker policy
- href: applocker\refresh-an-applocker-policy.md
- - name: Test an AppLocker policy by using Test-AppLockerPolicy
- href: applocker\test-an-applocker-policy-by-using-test-applockerpolicy.md
- - name: AppLocker design guide
- href: applocker\applocker-policies-design-guide.md
+ - name: Create Your AppLocker rules
+ href: applocker\create-your-applocker-rules.md
+ - name: Deploy the AppLocker policy into production
+ href: applocker\deploy-the-applocker-policy-into-production.md
items:
- - name: Understand AppLocker policy design decisions
- href: applocker\understand-applocker-policy-design-decisions.md
- - name: Determine your application control objectives
- href: applocker\determine-your-application-control-objectives.md
- - name: Create a list of apps deployed to each business group
- href: applocker\create-list-of-applications-deployed-to-each-business-group.md
+ - name: Use a reference device to create and maintain AppLocker policies
+ href: applocker\use-a-reference-computer-to-create-and-maintain-applocker-policies.md
items:
- - name: Document your app list
- href: applocker\document-your-application-list.md
- - name: Select the types of rules to create
- href: applocker\select-types-of-rules-to-create.md
- items:
- - name: Document your AppLocker rules
- href: applocker\document-your-applocker-rules.md
- - name: Determine the Group Policy structure and rule enforcement
- href: applocker\determine-group-policy-structure-and-rule-enforcement.md
- items:
- - name: Understand AppLocker enforcement settings
- href: applocker\understand-applocker-enforcement-settings.md
- - name: Understand AppLocker rules and enforcement setting inheritance in Group Policy
- href: applocker\understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
- - name: Document the Group Policy structure and AppLocker rule enforcement
- href: applocker\document-group-policy-structure-and-applocker-rule-enforcement.md
- - name: Plan for AppLocker policy management
- href: applocker\plan-for-applocker-policy-management.md
- - name: AppLocker deployment guide
- href: applocker\applocker-policies-deployment-guide.md
+ - name: Determine which apps are digitally signed on a reference device
+ href: applocker\determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+ - name: Configure the AppLocker reference device
+ href: applocker\configure-the-appLocker-reference-device.md
+ - name: AppLocker technical reference
+ href: applocker\applocker-technical-reference.md
+ items:
+ - name: What Is AppLocker?
+ href: applocker\what-is-applocker.md
+ - name: Requirements to use AppLocker
+ href: applocker\requirements-to-use-applocker.md
+ - name: AppLocker policy use scenarios
+ href: applocker\applocker-policy-use-scenarios.md
+ - name: How AppLocker works
+ href: applocker\how-applocker-works-techref.md
items:
- - name: Understand the AppLocker policy deployment process
- href: applocker\understand-the-applocker-policy-deployment-process.md
- - name: Requirements for Deploying AppLocker Policies
- href: applocker\requirements-for-deploying-applocker-policies.md
- - name: Use Software Restriction Policies and AppLocker policies
- href: applocker\using-software-restriction-policies-and-applocker-policies.md
- - name: Create Your AppLocker policies
- href: applocker\create-your-applocker-policies.md
+ - name: Understanding AppLocker rule behavior
+ href: applocker\understanding-applocker-rule-behavior.md
+ - name: Understanding AppLocker rule exceptions
+ href: applocker\understanding-applocker-rule-exceptions.md
+ - name: Understanding AppLocker rule collections
+ href: applocker\understanding-applocker-rule-collections.md
+ - name: Understanding AppLocker allow and deny actions on rules
+ href: applocker\understanding-applocker-allow-and-deny-actions-on-rules.md
+ - name: Understanding AppLocker rule condition types
+ href: applocker\understanding-applocker-rule-condition-types.md
items:
- - name: Create Your AppLocker rules
- href: applocker\create-your-applocker-rules.md
- - name: Deploy the AppLocker policy into production
- href: applocker\deploy-the-applocker-policy-into-production.md
+ - name: Understanding the publisher rule condition in AppLocker
+ href: applocker\understanding-the-publisher-rule-condition-in-applocker.md
+ - name: Understanding the path rule condition in AppLocker
+ href: applocker\understanding-the-path-rule-condition-in-applocker.md
+ - name: Understanding the file hash rule condition in AppLocker
+ href: applocker\understanding-the-file-hash-rule-condition-in-applocker.md
+ - name: Understanding AppLocker default rules
+ href: applocker\understanding-applocker-default-rules.md
items:
- - name: Use a reference device to create and maintain AppLocker policies
- href: applocker\use-a-reference-computer-to-create-and-maintain-applocker-policies.md
- items:
- - name: Determine which apps are digitally signed on a reference device
- href: applocker\determine-which-applications-are-digitally-signed-on-a-reference-computer.md
- - name: Configure the AppLocker reference device
- href: applocker\configure-the-appLocker-reference-device.md
- - name: AppLocker technical reference
- href: applocker\applocker-technical-reference.md
+ - name: Executable rules in AppLocker
+ href: applocker\executable-rules-in-applocker.md
+ - name: Windows Installer rules in AppLocker
+ href: applocker\windows-installer-rules-in-applocker.md
+ - name: Script rules in AppLocker
+ href: applocker\script-rules-in-applocker.md
+ - name: DLL rules in AppLocker
+ href: applocker\dll-rules-in-applocker.md
+ - name: Packaged apps and packaged app installer rules in AppLocker
+ href: applocker\packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+ - name: AppLocker architecture and components
+ href: applocker\applocker-architecture-and-components.md
+ - name: AppLocker processes and interactions
+ href: applocker\applocker-processes-and-interactions.md
+ - name: AppLocker functions
+ href: applocker\applocker-functions.md
+ - name: Security considerations for AppLocker
+ href: applocker\security-considerations-for-applocker.md
+ - name: Tools to Use with AppLocker
+ href: applocker\tools-to-use-with-applocker.md
items:
- - name: What Is AppLocker?
- href: applocker\what-is-applocker.md
- - name: Requirements to use AppLocker
- href: applocker\requirements-to-use-applocker.md
- - name: AppLocker policy use scenarios
- href: applocker\applocker-policy-use-scenarios.md
- - name: How AppLocker works
- href: applocker\how-applocker-works-techref.md
- items:
- - name: Understanding AppLocker rule behavior
- href: applocker\understanding-applocker-rule-behavior.md
- - name: Understanding AppLocker rule exceptions
- href: applocker\understanding-applocker-rule-exceptions.md
- - name: Understanding AppLocker rule collections
- href: applocker\understanding-applocker-rule-collections.md
- - name: Understanding AppLocker allow and deny actions on rules
- href: applocker\understanding-applocker-allow-and-deny-actions-on-rules.md
- - name: Understanding AppLocker rule condition types
- href: applocker\understanding-applocker-rule-condition-types.md
- items:
- - name: Understanding the publisher rule condition in AppLocker
- href: applocker\understanding-the-publisher-rule-condition-in-applocker.md
- - name: Understanding the path rule condition in AppLocker
- href: applocker\understanding-the-path-rule-condition-in-applocker.md
- - name: Understanding the file hash rule condition in AppLocker
- href: applocker\understanding-the-file-hash-rule-condition-in-applocker.md
- - name: Understanding AppLocker default rules
- href: applocker\understanding-applocker-default-rules.md
- items:
- - name: Executable rules in AppLocker
- href: applocker\executable-rules-in-applocker.md
- - name: Windows Installer rules in AppLocker
- href: applocker\windows-installer-rules-in-applocker.md
- - name: Script rules in AppLocker
- href: applocker\script-rules-in-applocker.md
- - name: DLL rules in AppLocker
- href: applocker\dll-rules-in-applocker.md
- - name: Packaged apps and packaged app installer rules in AppLocker
- href: applocker\packaged-apps-and-packaged-app-installer-rules-in-applocker.md
- - name: AppLocker architecture and components
- href: applocker\applocker-architecture-and-components.md
- - name: AppLocker processes and interactions
- href: applocker\applocker-processes-and-interactions.md
- - name: AppLocker functions
- href: applocker\applocker-functions.md
- - name: Security considerations for AppLocker
- href: applocker\security-considerations-for-applocker.md
- - name: Tools to Use with AppLocker
- href: applocker\tools-to-use-with-applocker.md
- items:
- - name: Using Event Viewer with AppLocker
- href: applocker\using-event-viewer-with-applocker.md
- - name: AppLocker Settings
- href: applocker\applocker-settings.md
+ - name: Using Event Viewer with AppLocker
+ href: applocker\using-event-viewer-with-applocker.md
+ - name: AppLocker Settings
+ href: applocker\applocker-settings.md
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 498ab02284..562849c65a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -15,21 +15,21 @@ author: jsuther1974
ms.reviewer: isbrahm
ms.author: dansimp
manager: dansimp
-ms.date: 09/29/2021
+ms.date: 08/11/2022
---
# Microsoft recommended block rules
**Applies to:**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
>[!NOTE]
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
-Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control.
+Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control.
Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including Windows Defender Application Control:
@@ -87,27 +87,25 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
|---|---|
| `Alex Ionescu` | `@aionescu`|
| `Brock Mammen`| |
-| `Casey Smith` | `@subTee` |
+| `Casey Smith` | `@subTee` |
| `James Forshaw` | `@tiraniddo` |
| `Jimmy Bayne` | `@bohops` |
| `Kim Oppalfens` | `@thewmiguy` |
| `Lasse Trolle Borup` | `Langkjaer Cyber Defence` |
| `Lee Christensen` | `@tifkin_` |
-| `Matt Graeber` | `@mattifestation` |
-| `Matt Nelson` | `@enigma0x3` |
+| `Matt Graeber` | `@mattifestation` |
+| `Matt Nelson` | `@enigma0x3` |
| `Oddvar Moe` | `@Oddvarmoe` |
| `Philip Tsukerman` | `@PhilipTsukerman` |
| `Vladas Bulavas` | `Kaspersky Lab` |
| `William Easton` | `@Strawgate` |
-
-
-> [!Note]
-> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
+> [!NOTE]
+> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
Certain software applications may allow other code to run by design. Such applications should be blocked by your Windows Defender Application Control policy. In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add *deny* rules to your application control policies for that application’s previous, less secure versions.
-Microsoft recommends that you install the latest security updates. The June 2017 Windows updates resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control. These modules can't be blocked by name or version, and therefore must be blocked by their corresponding hashes.
+Microsoft recommends that you install the latest security updates. The June 2017 Windows updates resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control. These modules can't be blocked by name or version, and therefore must be blocked by their corresponding hashes.
For October 2017, we're announcing an update to system.management.automation.dll in which we're revoking older versions by hash values, instead of version rules.
@@ -119,6 +117,10 @@ Microsoft recommends that you block the following Microsoft-signed applications
Select the correct version of each .dll for the Windows release you plan to support, and remove the other versions. Ensure that you also uncomment them in the signing scenarios section.
+
+
+ Expand this section to see the WDAC policy XML
+
```xml
@@ -905,8 +907,8 @@ Select the correct version of each .dll for the Windows release you plan to supp
@@ -1524,9 +1526,10 @@ Select the correct version of each .dll for the Windows release you plan to supp
0
```
-
-> [!Note]
+
+
+> [!NOTE]
> To create a policy that works on both Windows 10, version 1803 and version 1809, you can create two different policies, or merge them into one broader policy.
## More information