toc improvements and collapse xml

windows/security/threat-protection/windows-defender-application-control/TOC.yml

@@ -6,307 +6,306 @@
   items:
     - name: WDAC and AppLocker Overview
       href: wdac-and-applocker-overview.md
+    - name: WDAC and AppLocker Feature Availability
+      href: feature-availability.md
+    - name: Virtualization-based protection of code integrity
+      href: ../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+- name: WDAC design guide
+  href: windows-defender-application-control-design-guide.md
+  items:
+    - name: Plan for WDAC policy lifecycle management
+      href: plan-windows-defender-application-control-management.md
+    - name: Design your WDAC policy
       items:
-        - name: WDAC and AppLocker Feature Availability
+        - name: Understand WDAC policy design decisions
-          href: feature-availability.md
+          href: understand-windows-defender-application-control-policy-design-decisions.md
-        - name: Virtualization-based protection of code integrity
+        - name: Understand WDAC policy rules and file rules
-          href: ../device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+          href: select-types-of-rules-to-create.md
-    - name: WDAC design guide
+          items:
-      href: windows-defender-application-control-design-guide.md
+            - name: Allow apps installed by a managed installer
+              href: configure-authorized-apps-deployed-with-a-managed-installer.md
+            - name: Allow reputable apps with Intelligent Security Graph (ISG)
+              href: use-windows-defender-application-control-with-intelligent-security-graph.md
+            - name: Allow COM object registration
+              href: allow-com-object-registration-in-windows-defender-application-control-policy.md
+            - name: Use WDAC with .NET hardening
+              href: use-windows-defender-application-control-with-dynamic-code-security.md
+            - name: Manage packaged apps with WDAC
+              href: manage-packaged-apps-with-windows-defender-application-control.md
+            - name: Use WDAC to control specific plug-ins, add-ins, and modules
+              href: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+            - name: Understand WDAC policy settings
+              href: understanding-wdac-policy-settings.md
+        - name: Use multiple WDAC policies
+          href: deploy-multiple-windows-defender-application-control-policies.md
+    - name: Create your WDAC policy
       items:
-        - name: Plan for WDAC policy lifecycle management
+        - name: Example WDAC base policies
-          href: plan-windows-defender-application-control-management.md
+          href: example-wdac-base-policies.md
-        - name: Design your WDAC policy
+        - name: Policy creation for common WDAC usage scenarios
+          href: types-of-devices.md
           items:
-            - name: Understand WDAC policy design decisions
+            - name: Create a WDAC policy for lightly managed devices
-              href: understand-windows-defender-application-control-policy-design-decisions.md
+              href: create-wdac-policy-for-lightly-managed-devices.md
-            - name: Understand WDAC policy rules and file rules
+            - name: Create a WDAC policy for fully managed devices
-              href: select-types-of-rules-to-create.md
+              href: create-wdac-policy-for-fully-managed-devices.md
-              items:
+            - name: Create a WDAC policy for fixed-workload devices
-                - name: Allow apps installed by a managed installer
+              href: create-initial-default-policy.md
-                  href: configure-authorized-apps-deployed-with-a-managed-installer.md
+            - name: Create a WDAC deny list policy
-                - name: Allow reputable apps with Intelligent Security Graph (ISG)
+              href: create-wdac-deny-policy.md
-                  href: use-windows-defender-application-control-with-intelligent-security-graph.md
+            - name: Microsoft recommended block rules
-                - name: Allow COM object registration
+              href: microsoft-recommended-block-rules.md
-                  href: allow-com-object-registration-in-windows-defender-application-control-policy.md
+            - name: Microsoft recommended driver block rules
-                - name: Use WDAC with .NET hardening
+              href: microsoft-recommended-driver-block-rules.md
-                  href: use-windows-defender-application-control-with-dynamic-code-security.md
+        - name: Use the WDAC Wizard tool
-                - name: Manage packaged apps with WDAC
+          href: wdac-wizard.md
-                  href: manage-packaged-apps-with-windows-defender-application-control.md
-                - name: Use WDAC to control specific plug-ins, add-ins, and modules
-                  href: use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
-                - name: Understand WDAC policy settings
-                  href: understanding-wdac-policy-settings.md
-            - name: Use multiple WDAC policies
-              href: deploy-multiple-windows-defender-application-control-policies.md
-        - name: Create your WDAC policy
           items:
-            - name: Example WDAC base policies
+            - name: Create a base WDAC policy with the Wizard
-              href: example-wdac-base-policies.md
+              href: wdac-wizard-create-base-policy.md
-            - name: Policy creation for common WDAC usage scenarios
+            - name: Create a supplemental WDAC policy with the Wizard
-              href: types-of-devices.md
+              href: wdac-wizard-create-supplemental-policy.md
-              items:
+            - name: Editing a WDAC policy with the Wizard
-                - name: Create a WDAC policy for lightly managed devices
+              href: wdac-wizard-editing-policy.md
-                  href: create-wdac-policy-for-lightly-managed-devices.md
+            - name: Merging multiple WDAC policies with the Wizard
-                - name: Create a WDAC policy for fully managed devices
+              href: wdac-wizard-merging-policies.md
-                  href: create-wdac-policy-for-fully-managed-devices.md
+- name: WDAC deployment guide
-                - name: Create a WDAC policy for fixed-workload devices
+  href: windows-defender-application-control-deployment-guide.md
-                  href: create-initial-default-policy.md
+  items:
-                - name: Create a WDAC deny list policy
+    - name: Deploy WDAC policies with MDM
-                  href: create-wdac-deny-policy.md
+      href: deployment/deploy-windows-defender-application-control-policies-using-intune.md
-                - name: Microsoft recommended block rules
+    - name: Deploy WDAC policies with Configuration Manager
-                  href: microsoft-recommended-block-rules.md
+      href: deployment/deploy-wdac-policies-with-memcm.md
-                - name: Microsoft recommended driver block rules
+    - name: Deploy WDAC policies with script
-                  href: microsoft-recommended-driver-block-rules.md
+      href: deployment/deploy-wdac-policies-with-script.md
-            - name: Use the WDAC Wizard tool
+    - name: Deploy WDAC policies with group policy
-              href: wdac-wizard.md
+      href: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
-              items:
+    - name: Audit WDAC policies
-                - name: Create a base WDAC policy with the Wizard
+      href: audit-windows-defender-application-control-policies.md
-                  href: wdac-wizard-create-base-policy.md
+    - name: Merge WDAC policies
-                - name: Create a supplemental WDAC policy with the Wizard
+      href: merge-windows-defender-application-control-policies.md
-                  href: wdac-wizard-create-supplemental-policy.md
+    - name: Enforce WDAC policies
-                - name: Editing a WDAC policy with the Wizard
+      href: enforce-windows-defender-application-control-policies.md
-                  href: wdac-wizard-editing-policy.md
+    - name: Use code signing to simplify application control for classic Windows applications
-                - name: Merging multiple WDAC policies with the Wizard
+      href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
-                  href: wdac-wizard-merging-policies.md
-    - name: WDAC deployment guide
-      href: windows-defender-application-control-deployment-guide.md
       items:
-        - name: Deploy WDAC policies with MDM
+        - name: "Optional: Use the WDAC Signing Portal in the Microsoft Store for Business"
-          href: deployment/deploy-windows-defender-application-control-policies-using-intune.md
+          href: use-device-guard-signing-portal-in-microsoft-store-for-business.md
-        - name: Deploy WDAC policies with Configuration Manager
+        - name: "Optional: Create a code signing cert for WDAC"
-          href: deployment/deploy-wdac-policies-with-memcm.md
+          href: create-code-signing-cert-for-windows-defender-application-control.md
-        - name: Deploy WDAC policies with script
+        - name: Deploy catalog files to support WDAC
-          href: deployment/deploy-wdac-policies-with-script.md
+          href: deploy-catalog-files-to-support-windows-defender-application-control.md
-        - name: Deploy WDAC policies with group policy
+    - name: Use signed policies to protect Windows Defender Application Control against tampering
-          href: deployment/deploy-windows-defender-application-control-policies-using-group-policy.md
+      href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
-        - name: Audit WDAC policies
+    - name: Disable WDAC policies
-          href: audit-windows-defender-application-control-policies.md
+      href: disable-windows-defender-application-control-policies.md
-        - name: Merge WDAC policies
+    - name: LOB Win32 Apps on S Mode
-          href: merge-windows-defender-application-control-policies.md
+      href: LOB-win32-apps-on-s.md
-        - name: Enforce WDAC policies
+- name: WDAC operational guide
-          href: enforce-windows-defender-application-control-policies.md
+  href: windows-defender-application-control-operational-guide.md
-        - name: Use code signing to simplify application control for classic Windows applications
+  items:
-          href: use-code-signing-to-simplify-application-control-for-classic-windows-applications.md
+    - name: Understanding Application Control event tags
-          items:
+      href: event-tag-explanations.md
-            - name: "Optional: Use the WDAC Signing Portal in the Microsoft Store for Business"
+    - name: Understanding Application Control event IDs
-              href: use-device-guard-signing-portal-in-microsoft-store-for-business.md
+      href: event-id-explanations.md
-            - name: "Optional: Create a code signing cert for WDAC"
+    - name: Query WDAC events with Advanced hunting
-              href: create-code-signing-cert-for-windows-defender-application-control.md
+      href: querying-application-control-events-centrally-using-advanced-hunting.md
-            - name: Deploy catalog files to support WDAC
+    - name: Known Issues
-              href: deploy-catalog-files-to-support-windows-defender-application-control.md
+      href: operations/known-issues.md
-        - name: Use signed policies to protect Windows Defender Application Control against tampering
+    - name: Managed installer and ISG technical reference and troubleshooting guide
-          href: use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+      href: configure-wdac-managed-installer.md
-        - name: Disable WDAC policies
+- name: WDAC AppId Tagging guide
-          href: disable-windows-defender-application-control-policies.md
+  href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
-        - name: LOB Win32 Apps on S Mode
+  items:
-          href: LOB-win32-apps-on-s.md
+    - name: Creating AppId Tagging Policies
-    - name: WDAC operational guide
+      href: AppIdTagging/design-create-appid-tagging-policies.md
-      href: windows-defender-application-control-operational-guide.md
+    - name: Deploying AppId Tagging Policies
+      href: AppIdTagging/deploy-appid-tagging-policies.md
+    - name: Testing and Debugging AppId Tagging Policies
+      href: AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
+- name: AppLocker
+  href: applocker\applocker-overview.md
+  items:
+    - name: Administer AppLocker
+      href: applocker\administer-applocker.md
       items:
-        - name: Understanding Application Control event tags
+        - name: Maintain AppLocker policies
-          href: event-tag-explanations.md
+          href: applocker\maintain-applocker-policies.md
-        - name: Understanding Application Control event IDs
+        - name: Edit an AppLocker policy
-          href: event-id-explanations.md
+          href: applocker\edit-an-applocker-policy.md
-        - name: Query WDAC events with Advanced hunting
+        - name: Test and update an AppLocker policy
-          href: querying-application-control-events-centrally-using-advanced-hunting.md
+          href: applocker\test-and-update-an-applocker-policy.md
-        - name: Known Issues
+        - name: Deploy AppLocker policies by using the enforce rules setting
-          href: operations/known-issues.md
+          href: applocker\deploy-applocker-policies-by-using-the-enforce-rules-setting.md
-        - name: Managed installer and ISG technical reference and troubleshooting guide
+        - name: Use the AppLocker Windows PowerShell cmdlets
-          href: configure-wdac-managed-installer.md
+          href: applocker\use-the-applocker-windows-powershell-cmdlets.md
-    - name: WDAC AppId Tagging guide
+        - name: Use AppLocker and Software Restriction Policies in the same domain
-      href: AppIdTagging/windows-defender-application-control-appid-tagging-guide.md
+          href: applocker\use-applocker-and-software-restriction-policies-in-the-same-domain.md
+        - name: Optimize AppLocker performance
+          href: applocker\optimize-applocker-performance.md
+        - name: Monitor app usage with AppLocker
+          href: applocker\monitor-application-usage-with-applocker.md
+        - name: Manage packaged apps with AppLocker
+          href: applocker\manage-packaged-apps-with-applocker.md
+        - name: Working with AppLocker rules
+          href: applocker\working-with-applocker-rules.md
+          items:
+            - name: Create a rule that uses a file hash condition
+              href: applocker\create-a-rule-that-uses-a-file-hash-condition.md
+            - name: Create a rule that uses a path condition
+              href: applocker\create-a-rule-that-uses-a-path-condition.md
+            - name: Create a rule that uses a publisher condition
+              href: applocker\create-a-rule-that-uses-a-publisher-condition.md
+            - name: Create AppLocker default rules
+              href: applocker\create-applocker-default-rules.md
+            - name: Add exceptions for an AppLocker rule
+              href: applocker\configure-exceptions-for-an-applocker-rule.md
+            - name: Create a rule for packaged apps
+              href: applocker\create-a-rule-for-packaged-apps.md
+            - name: Delete an AppLocker rule
+              href: applocker\delete-an-applocker-rule.md
+            - name: Edit AppLocker rules
+              href: applocker\edit-applocker-rules.md
+            - name: Enable the DLL rule collection
+              href: applocker\enable-the-dll-rule-collection.md
+            - name: Enforce AppLocker rules
+              href: applocker\enforce-applocker-rules.md
+            - name: Run the Automatically Generate Rules wizard
+              href: applocker\run-the-automatically-generate-rules-wizard.md
+        - name: Working with AppLocker policies
+          href: applocker\working-with-applocker-policies.md
+          items:
+            - name: Configure the Application Identity service
+              href: applocker\configure-the-application-identity-service.md
+            - name: Configure an AppLocker policy for audit only
+              href: applocker\configure-an-applocker-policy-for-audit-only.md
+            - name: Configure an AppLocker policy for enforce rules
+              href: applocker\configure-an-applocker-policy-for-enforce-rules.md
+            - name: Display a custom URL message when users try to run a blocked app
+              href: applocker\display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
+            - name: Export an AppLocker policy from a GPO
+              href: applocker\export-an-applocker-policy-from-a-gpo.md
+            - name: Export an AppLocker policy to an XML file
+              href: applocker\export-an-applocker-policy-to-an-xml-file.md
+            - name: Import an AppLocker policy from another computer
+              href: applocker\import-an-applocker-policy-from-another-computer.md
+            - name: Import an AppLocker policy into a GPO
+              href: applocker\import-an-applocker-policy-into-a-gpo.md
+            - name: Add rules for packaged apps to existing AppLocker rule-set
+              href: applocker\add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
+            - name: Merge AppLocker policies by using Set-ApplockerPolicy
+              href: applocker\merge-applocker-policies-by-using-set-applockerpolicy.md
+            - name: Merge AppLocker policies manually
+              href: applocker\merge-applocker-policies-manually.md
+            - name: Refresh an AppLocker policy
+              href: applocker\refresh-an-applocker-policy.md
+            - name: Test an AppLocker policy by using Test-AppLockerPolicy
+              href: applocker\test-an-applocker-policy-by-using-test-applockerpolicy.md
+    - name: AppLocker design guide
+      href: applocker\applocker-policies-design-guide.md
       items:
-        - name: Creating AppId Tagging Policies
+        - name: Understand AppLocker policy design decisions
-          href: AppIdTagging/design-create-appid-tagging-policies.md
+          href: applocker\understand-applocker-policy-design-decisions.md
-        - name: Deploying AppId Tagging Policies
+        - name: Determine your application control objectives
-          href: AppIdTagging/deploy-appid-tagging-policies.md
+          href: applocker\determine-your-application-control-objectives.md
-        - name: Testing and Debugging AppId Tagging Policies
+        - name: Create a list of apps deployed to each business group
-          href: AppIdTagging/debugging-operational-guide-appid-tagging-policies.md
+          href: applocker\create-list-of-applications-deployed-to-each-business-group.md
-    - name: AppLocker
+          items:
-      href: applocker\applocker-overview.md
+            - name: Document your app list
+              href: applocker\document-your-application-list.md
+        - name: Select the types of rules to create
+          href: applocker\select-types-of-rules-to-create.md
+          items:
+            - name: Document your AppLocker rules
+              href: applocker\document-your-applocker-rules.md
+        - name: Determine the Group Policy structure and rule enforcement
+          href: applocker\determine-group-policy-structure-and-rule-enforcement.md
+          items:
+            - name: Understand AppLocker enforcement settings
+              href: applocker\understand-applocker-enforcement-settings.md
+            - name: Understand AppLocker rules and enforcement setting inheritance in Group Policy
+              href: applocker\understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+            - name: Document the Group Policy structure and AppLocker rule enforcement
+              href: applocker\document-group-policy-structure-and-applocker-rule-enforcement.md
+        - name: Plan for AppLocker policy management
+          href: applocker\plan-for-applocker-policy-management.md
+    - name: AppLocker deployment guide
+      href: applocker\applocker-policies-deployment-guide.md
       items:
-        - name: Administer AppLocker
+        - name: Understand the AppLocker policy deployment process
-          href: applocker\administer-applocker.md
+          href: applocker\understand-the-applocker-policy-deployment-process.md
+        - name: Requirements for Deploying AppLocker Policies
+          href: applocker\requirements-for-deploying-applocker-policies.md
+        - name: Use Software Restriction Policies and AppLocker policies
+          href: applocker\using-software-restriction-policies-and-applocker-policies.md
+        - name: Create Your AppLocker policies
+          href: applocker\create-your-applocker-policies.md
           items:
-            - name: Maintain AppLocker policies
+            - name: Create Your AppLocker rules
-              href: applocker\maintain-applocker-policies.md
+              href: applocker\create-your-applocker-rules.md
-            - name: Edit an AppLocker policy
+        - name: Deploy the AppLocker policy into production
-              href: applocker\edit-an-applocker-policy.md
+          href: applocker\deploy-the-applocker-policy-into-production.md
-            - name: Test and update an AppLocker policy
-              href: applocker\test-and-update-an-applocker-policy.md
-            - name: Deploy AppLocker policies by using the enforce rules setting
-              href: applocker\deploy-applocker-policies-by-using-the-enforce-rules-setting.md
-            - name: Use the AppLocker Windows PowerShell cmdlets
-              href: applocker\use-the-applocker-windows-powershell-cmdlets.md
-            - name: Use AppLocker and Software Restriction Policies in the same domain
-              href: applocker\use-applocker-and-software-restriction-policies-in-the-same-domain.md
-            - name: Optimize AppLocker performance
-              href: applocker\optimize-applocker-performance.md
-            - name: Monitor app usage with AppLocker
-              href: applocker\monitor-application-usage-with-applocker.md
-            - name: Manage packaged apps with AppLocker
-              href: applocker\manage-packaged-apps-with-applocker.md
-            - name: Working with AppLocker rules
-              href: applocker\working-with-applocker-rules.md
-              items:
-                - name: Create a rule that uses a file hash condition
-                  href: applocker\create-a-rule-that-uses-a-file-hash-condition.md
-                - name: Create a rule that uses a path condition
-                  href: applocker\create-a-rule-that-uses-a-path-condition.md
-                - name: Create a rule that uses a publisher condition
-                  href: applocker\create-a-rule-that-uses-a-publisher-condition.md
-                - name: Create AppLocker default rules
-                  href: applocker\create-applocker-default-rules.md
-                - name: Add exceptions for an AppLocker rule
-                  href: applocker\configure-exceptions-for-an-applocker-rule.md
-                - name: Create a rule for packaged apps
-                  href: applocker\create-a-rule-for-packaged-apps.md
-                - name: Delete an AppLocker rule
-                  href: applocker\delete-an-applocker-rule.md
-                - name: Edit AppLocker rules
-                  href: applocker\edit-applocker-rules.md
-                - name: Enable the DLL rule collection
-                  href: applocker\enable-the-dll-rule-collection.md
-                - name: Enforce AppLocker rules
-                  href: applocker\enforce-applocker-rules.md
-                - name: Run the Automatically Generate Rules wizard
-                  href: applocker\run-the-automatically-generate-rules-wizard.md
-            - name: Working with AppLocker policies
-              href: applocker\working-with-applocker-policies.md
-              items:
-                - name: Configure the Application Identity service
-                  href: applocker\configure-the-application-identity-service.md
-                - name: Configure an AppLocker policy for audit only
-                  href: applocker\configure-an-applocker-policy-for-audit-only.md
-                - name: Configure an AppLocker policy for enforce rules
-                  href: applocker\configure-an-applocker-policy-for-enforce-rules.md
-                - name: Display a custom URL message when users try to run a blocked app
-                  href: applocker\display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md
-                - name: Export an AppLocker policy from a GPO
-                  href: applocker\export-an-applocker-policy-from-a-gpo.md
-                - name: Export an AppLocker policy to an XML file
-                  href: applocker\export-an-applocker-policy-to-an-xml-file.md
-                - name: Import an AppLocker policy from another computer
-                  href: applocker\import-an-applocker-policy-from-another-computer.md
-                - name: Import an AppLocker policy into a GPO
-                  href: applocker\import-an-applocker-policy-into-a-gpo.md
-                - name: Add rules for packaged apps to existing AppLocker rule-set
-                  href: applocker\add-rules-for-packaged-apps-to-existing-applocker-rule-set.md
-                - name: Merge AppLocker policies by using Set-ApplockerPolicy
-                  href: applocker\merge-applocker-policies-by-using-set-applockerpolicy.md
-                - name: Merge AppLocker policies manually
-                  href: applocker\merge-applocker-policies-manually.md
-                - name: Refresh an AppLocker policy
-                  href: applocker\refresh-an-applocker-policy.md
-                - name: Test an AppLocker policy by using Test-AppLockerPolicy
-                  href: applocker\test-an-applocker-policy-by-using-test-applockerpolicy.md
-        - name: AppLocker design guide
-          href: applocker\applocker-policies-design-guide.md
           items:
-            - name: Understand AppLocker policy design decisions
+            - name: Use a reference device to create and maintain AppLocker policies
-              href: applocker\understand-applocker-policy-design-decisions.md
+              href: applocker\use-a-reference-computer-to-create-and-maintain-applocker-policies.md
-            - name: Determine your application control objectives
-              href: applocker\determine-your-application-control-objectives.md
-            - name: Create a list of apps deployed to each business group
-              href: applocker\create-list-of-applications-deployed-to-each-business-group.md
               items:
-                - name: Document your app list
+                - name: Determine which apps are digitally signed on a reference device
-                  href: applocker\document-your-application-list.md
+                  href: applocker\determine-which-applications-are-digitally-signed-on-a-reference-computer.md
-            - name: Select the types of rules to create
+                - name: Configure the AppLocker reference device
-              href: applocker\select-types-of-rules-to-create.md
+                  href: applocker\configure-the-appLocker-reference-device.md
-              items:
+    - name: AppLocker technical reference
-                - name: Document your AppLocker rules
+      href: applocker\applocker-technical-reference.md
-                  href: applocker\document-your-applocker-rules.md
+      items:
-            - name: Determine the Group Policy structure and rule enforcement
+        - name: What Is AppLocker?
-              href: applocker\determine-group-policy-structure-and-rule-enforcement.md
+          href: applocker\what-is-applocker.md
-              items:
+        - name: Requirements to use AppLocker
-                - name: Understand AppLocker enforcement settings
+          href: applocker\requirements-to-use-applocker.md
-                  href: applocker\understand-applocker-enforcement-settings.md
+        - name: AppLocker policy use scenarios
-                - name: Understand AppLocker rules and enforcement setting inheritance in Group Policy
+          href: applocker\applocker-policy-use-scenarios.md
-                  href: applocker\understand-applocker-rules-and-enforcement-setting-inheritance-in-group-policy.md
+        - name: How AppLocker works
-                - name: Document the Group Policy structure and AppLocker rule enforcement
+          href: applocker\how-applocker-works-techref.md
-                  href: applocker\document-group-policy-structure-and-applocker-rule-enforcement.md
-            - name: Plan for AppLocker policy management
-              href: applocker\plan-for-applocker-policy-management.md
-        - name: AppLocker deployment guide
-          href: applocker\applocker-policies-deployment-guide.md
           items:
-            - name: Understand the AppLocker policy deployment process
+            - name: Understanding AppLocker rule behavior
-              href: applocker\understand-the-applocker-policy-deployment-process.md
+              href: applocker\understanding-applocker-rule-behavior.md
-            - name: Requirements for Deploying AppLocker Policies
+            - name: Understanding AppLocker rule exceptions
-              href: applocker\requirements-for-deploying-applocker-policies.md
+              href: applocker\understanding-applocker-rule-exceptions.md
-            - name: Use Software Restriction Policies and AppLocker policies
+            - name: Understanding AppLocker rule collections
-              href: applocker\using-software-restriction-policies-and-applocker-policies.md
+              href: applocker\understanding-applocker-rule-collections.md
-            - name: Create Your AppLocker policies
+            - name: Understanding AppLocker allow and deny actions on rules
-              href: applocker\create-your-applocker-policies.md
+              href: applocker\understanding-applocker-allow-and-deny-actions-on-rules.md
+            - name: Understanding AppLocker rule condition types
+              href: applocker\understanding-applocker-rule-condition-types.md
               items:
-                - name: Create Your AppLocker rules
+                - name: Understanding the publisher rule condition in AppLocker
-                  href: applocker\create-your-applocker-rules.md
+                  href: applocker\understanding-the-publisher-rule-condition-in-applocker.md
-            - name: Deploy the AppLocker policy into production
+                - name: Understanding the path rule condition in AppLocker
-              href: applocker\deploy-the-applocker-policy-into-production.md
+                  href: applocker\understanding-the-path-rule-condition-in-applocker.md
+                - name: Understanding the file hash rule condition in AppLocker
+                  href: applocker\understanding-the-file-hash-rule-condition-in-applocker.md
+            - name: Understanding AppLocker default rules
+              href: applocker\understanding-applocker-default-rules.md
               items:
-                - name: Use a reference device to create and maintain AppLocker policies
+                - name: Executable rules in AppLocker
-                  href: applocker\use-a-reference-computer-to-create-and-maintain-applocker-policies.md
+                  href: applocker\executable-rules-in-applocker.md
-                  items:
+                - name: Windows Installer rules in AppLocker
-                    - name: Determine which apps are digitally signed on a reference device
+                  href: applocker\windows-installer-rules-in-applocker.md
-                      href: applocker\determine-which-applications-are-digitally-signed-on-a-reference-computer.md
+                - name: Script rules in AppLocker
-                    - name: Configure the AppLocker reference device
+                  href: applocker\script-rules-in-applocker.md
-                      href: applocker\configure-the-appLocker-reference-device.md
+                - name: DLL rules in AppLocker
-        - name: AppLocker technical reference
+                  href: applocker\dll-rules-in-applocker.md
-          href: applocker\applocker-technical-reference.md
+                - name: Packaged apps and packaged app installer rules in AppLocker
+                  href: applocker\packaged-apps-and-packaged-app-installer-rules-in-applocker.md
+        - name: AppLocker architecture and components
+          href: applocker\applocker-architecture-and-components.md
+        - name: AppLocker processes and interactions
+          href: applocker\applocker-processes-and-interactions.md
+        - name: AppLocker functions
+          href: applocker\applocker-functions.md
+        - name: Security considerations for AppLocker
+          href: applocker\security-considerations-for-applocker.md
+        - name: Tools to Use with AppLocker
+          href: applocker\tools-to-use-with-applocker.md
           items:
-            - name: What Is AppLocker?
+            - name: Using Event Viewer with AppLocker
-              href: applocker\what-is-applocker.md
+              href: applocker\using-event-viewer-with-applocker.md
-            - name: Requirements to use AppLocker
+        - name: AppLocker Settings
-              href: applocker\requirements-to-use-applocker.md
+          href: applocker\applocker-settings.md
-            - name: AppLocker policy use scenarios
-              href: applocker\applocker-policy-use-scenarios.md
-            - name: How AppLocker works
-              href: applocker\how-applocker-works-techref.md
-              items:
-                - name: Understanding AppLocker rule behavior
-                  href: applocker\understanding-applocker-rule-behavior.md
-                - name: Understanding AppLocker rule exceptions
-                  href: applocker\understanding-applocker-rule-exceptions.md
-                - name: Understanding AppLocker rule collections
-                  href: applocker\understanding-applocker-rule-collections.md
-                - name: Understanding AppLocker allow and deny actions on rules
-                  href: applocker\understanding-applocker-allow-and-deny-actions-on-rules.md
-                - name: Understanding AppLocker rule condition types
-                  href: applocker\understanding-applocker-rule-condition-types.md
-                  items:
-                    - name: Understanding the publisher rule condition in AppLocker
-                      href: applocker\understanding-the-publisher-rule-condition-in-applocker.md
-                    - name: Understanding the path rule condition in AppLocker
-                      href: applocker\understanding-the-path-rule-condition-in-applocker.md
-                    - name: Understanding the file hash rule condition in AppLocker
-                      href: applocker\understanding-the-file-hash-rule-condition-in-applocker.md
-                - name: Understanding AppLocker default rules
-                  href: applocker\understanding-applocker-default-rules.md
-                  items:
-                    - name: Executable rules in AppLocker
-                      href: applocker\executable-rules-in-applocker.md
-                    - name: Windows Installer rules in AppLocker
-                      href: applocker\windows-installer-rules-in-applocker.md
-                    - name: Script rules in AppLocker
-                      href: applocker\script-rules-in-applocker.md
-                    - name: DLL rules in AppLocker
-                      href: applocker\dll-rules-in-applocker.md
-                    - name: Packaged apps and packaged app installer rules in AppLocker
-                      href: applocker\packaged-apps-and-packaged-app-installer-rules-in-applocker.md
-            - name: AppLocker architecture and components
-              href: applocker\applocker-architecture-and-components.md
-            - name: AppLocker processes and interactions
-              href: applocker\applocker-processes-and-interactions.md
-            - name: AppLocker functions
-              href: applocker\applocker-functions.md
-            - name: Security considerations for AppLocker
-              href: applocker\security-considerations-for-applocker.md
-            - name: Tools to Use with AppLocker
-              href: applocker\tools-to-use-with-applocker.md
-              items:
-                - name: Using Event Viewer with AppLocker
-                  href: applocker\using-event-viewer-with-applocker.md
-            - name: AppLocker Settings
-              href: applocker\applocker-settings.md

windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md

@@ -15,21 +15,21 @@ author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 09/29/2021
+ms.date: 08/11/2022
 ---
 
 # Microsoft recommended block rules
 
 **Applies to:**
 
--   Windows 10
+- Windows 10
--   Windows 11
+- Windows 11
--   Windows Server 2016 and above
+- Windows Server 2016 and above
 
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control. 
+Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control.
 
 Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including Windows Defender Application Control:
 
@@ -87,27 +87,25 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 |---|---|
 | `Alex Ionescu` | `@aionescu`|
 | `Brock Mammen`| |
-| `Casey Smith` | `@subTee` | 
+| `Casey Smith` | `@subTee` |
 | `James Forshaw` | `@tiraniddo` |
 | `Jimmy Bayne` | `@bohops` |
 | `Kim Oppalfens` | `@thewmiguy` |
 | `Lasse Trolle Borup` | `Langkjaer Cyber Defence` |
 | `Lee Christensen` | `@tifkin_` |
-| `Matt Graeber` | `@mattifestation` | 
+| `Matt Graeber` | `@mattifestation` |
-| `Matt Nelson` | `@enigma0x3` | 
+| `Matt Nelson` | `@enigma0x3` |
 | `Oddvar Moe` | `@Oddvarmoe` |
 | `Philip Tsukerman` | `@PhilipTsukerman` |
 | `Vladas Bulavas` | `Kaspersky Lab` |
 | `William Easton` | `@Strawgate` |
 
-<br />
+> [!NOTE]
-
+> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
-> [!Note]
-> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. 
 
 Certain software applications may allow other code to run by design. Such applications should be blocked by your Windows Defender Application Control policy. In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add *deny* rules to your application control policies for that application’s previous, less secure versions.
 
-Microsoft recommends that you install the latest security updates. The June 2017 Windows updates resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control. These modules can't be blocked by name or version, and therefore must be blocked by their corresponding hashes. 
+Microsoft recommends that you install the latest security updates. The June 2017 Windows updates resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control. These modules can't be blocked by name or version, and therefore must be blocked by their corresponding hashes.
 
 For October 2017, we're announcing an update to system.management.automation.dll in which we're revoking older versions by hash values, instead of version rules.
 
@@ -119,6 +117,10 @@ Microsoft recommends that you block the following Microsoft-signed applications
 
 Select the correct version of each .dll for the Windows release you plan to support, and remove the other versions. Ensure that you also uncomment them in the signing scenarios section.
 
+<br>
+<details>
+  <summary>Expand this section to see the WDAC policy XML</summary>
+
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
@@ -905,8 +907,8 @@ Select the correct version of each .dll for the Windows release you plan to supp
           <FileRuleRef RuleID="ID_DENY_WSLCONFIG" />
           <FileRuleRef RuleID="ID_DENY_WSLHOST" />
           <!-- uncomment the relevant line(s) below if you have uncommented them in the rule definitions above
-          <FileRuleRef RuleID="ID_DENY_MSXML3" /> 
+          <FileRuleRef RuleID="ID_DENY_MSXML3" />
-          <FileRuleRef RuleID="ID_DENY_MSXML6" /> 
+          <FileRuleRef RuleID="ID_DENY_MSXML6" />
           <FileRuleRef RuleID="ID_DENY_JSCRIPT9" />
           -->
           <FileRuleRef RuleID="ID_DENY_D_1" />
@@ -1524,9 +1526,10 @@ Select the correct version of each .dll for the Windows release you plan to supp
   <HvciOptions>0</HvciOptions>
 </SiPolicy>
 ```
-<br />
 
-> [!Note]
+</details>
+
+> [!NOTE]
 > To create a policy that works on both Windows 10, version 1803 and version 1809, you can create two different policies, or merge them into one broader policy.
 
 ## More information