deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

toc improvements and collapse xml

Browse Source
This commit is contained in:
Vinay Pamnani 2022-08-11 16:13:54 -04:00
parent c0f09e79fc
commit 0d74eefba5
2 changed files with 308 additions and 306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/threat-protection/windows-defender-application-control/TOC.yml
View File

@ -6,12 +6,11 @@
items: items:
- name: WDAC and AppLocker Overview - name: WDAC and AppLocker Overview
href: wdac-and-applocker-overview.md href: wdac-and-applocker-overview.md
items:
- name: WDAC and AppLocker Feature Availability - name: WDAC and AppLocker Feature Availability
href: feature-availability.md href: feature-availability.md
- name: Virtualization-based protection of code integrity - name: Virtualization-based protection of code integrity
href: ../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md href: ../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
- name: WDAC design guide - name: WDAC design guide
href: windows-defender-application-control-design-guide.md href: windows-defender-application-control-design-guide.md
items: items:
- name: Plan for WDAC policy lifecycle management - name: Plan for WDAC policy lifecycle management
@ -69,7 +68,7 @@
href: wdac-wizard-editing-policy.md href: wdac-wizard-editing-policy.md
- name: Merging multiple WDAC policies with the Wizard - name: Merging multiple WDAC policies with the Wizard
href: wdac-wizard-merging-policies.md href: wdac-wizard-merging-policies.md
- name: WDAC deployment guide - name: WDAC deployment guide
href: windows-defender-application-control-deployment-guide.md href: windows-defender-application-control-deployment-guide.md
items: items:
- name: Deploy WDAC policies with MDM - name: Deploy WDAC policies with MDM
@ -101,7 +100,7 @@
href: disable-windows-defender-application-control-policies.md href: disable-windows-defender-application-control-policies.md
- name: LOB Win32 Apps on S Mode - name: LOB Win32 Apps on S Mode
href: LOB-win32-apps-on-s.md href: LOB-win32-apps-on-s.md
- name: WDAC operational guide - name: WDAC operational guide
href: windows-defender-application-control-operational-guide.md href: windows-defender-application-control-operational-guide.md
items: items:
- name: Understanding Application Control event tags - name: Understanding Application Control event tags
@ -114,7 +113,7 @@
href: operations/known-issues.md href: operations/known-issues.md
- name: Managed installer and ISG technical reference and troubleshooting guide - name: Managed installer and ISG technical reference and troubleshooting guide
href: configure-wdac-managed-installer.md href: configure-wdac-managed-installer.md
- name: WDAC AppId Tagging guide - name: WDAC AppId Tagging guide
href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
items: items:
- name: Creating AppId Tagging Policies - name: Creating AppId Tagging Policies
@ -123,7 +122,7 @@
href: AppIdTagging/deploy-appid-tagging-policies.md href: AppIdTagging/deploy-appid-tagging-policies.md
- name: Testing and Debugging AppId Tagging Policies - name: Testing and Debugging AppId Tagging Policies
href: AppIdTagging/debugging-operational-guide-appid-tagging-policies.md href: AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
- name: AppLocker - name: AppLocker
href: applocker\applocker-overview.md href: applocker\applocker-overview.md
items: items:
- name: Administer AppLocker - name: Administer AppLocker

21
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
View File

@ -15,16 +15,16 @@ author: jsuther1974
ms.reviewer: isbrahm ms.reviewer: isbrahm
ms.author: dansimp ms.author: dansimp
manager: dansimp manager: dansimp
ms.date: 09/29/2021 ms.date: 08/11/2022
--- ---
# Microsoft recommended block rules # Microsoft recommended block rules
**Applies to:** **Applies to:**
- Windows 10 - Windows 10
- Windows 11 - Windows 11
- Windows Server 2016 and above - Windows Server 2016 and above
>[!NOTE] >[!NOTE]
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md). >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
@ -100,9 +100,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
| `Vladas Bulavas` | `Kaspersky Lab` | | `Vladas Bulavas` | `Kaspersky Lab` |
| `William Easton` | `@Strawgate` | | `William Easton` | `@Strawgate` |
<br /> > [!NOTE]
> [!Note]
> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
Certain software applications may allow other code to run by design. Such applications should be blocked by your Windows Defender Application Control policy. In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add *deny* rules to your application control policies for that applications previous, less secure versions. Certain software applications may allow other code to run by design. Such applications should be blocked by your Windows Defender Application Control policy. In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add *deny* rules to your application control policies for that applications previous, less secure versions.
@ -119,6 +117,10 @@ Microsoft recommends that you block the following Microsoft-signed applications
Select the correct version of each .dll for the Windows release you plan to support, and remove the other versions. Ensure that you also uncomment them in the signing scenarios section. Select the correct version of each .dll for the Windows release you plan to support, and remove the other versions. Ensure that you also uncomment them in the signing scenarios section.
<br>
<details>
<summary>Expand this section to see the WDAC policy XML</summary>
```xml ```xml
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy"> <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
@ -1524,9 +1526,10 @@ Select the correct version of each .dll for the Windows release you plan to supp
<HvciOptions>0</HvciOptions> <HvciOptions>0</HvciOptions>
</SiPolicy> </SiPolicy>
``` ```
<br />
> [!Note] </details>
> [!NOTE]
> To create a policy that works on both Windows 10, version 1803 and version 1809, you can create two different policies, or merge them into one broader policy. > To create a policy that works on both Windows 10, version 1803 and version 1809, you can create two different policies, or merge them into one broader policy.
## More information ## More information