diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 1847f18727..d231f9eb3e 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -15335,6 +15335,11 @@ "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/exploit-protection", "redirect_document_id": false +}, +{ + "source_path": "windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create", + "redirect_document_id": false } ] } diff --git a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md index 268a9cf97b..d1fde8548c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md +++ b/windows/security/threat-protection/windows-defender-application-control/LOB-win32-apps-on-s.md @@ -23,7 +23,7 @@ ms.date: 10/30/2019 - Windows 10 -Beginning in Windows 10 (build 18363), Microsoft Intune enables customers to deploy and run business critical Win32 applications as well as Windows components that are normally blocked in S mode (ex. PowerShell.exe) on their Intune-managed Windows 10 in S mode (S mode) devices. +Beginning with the Windows 10 November 2019 update (build 18363), Microsoft Intune enables customers to deploy and run business critical Win32 applications as well as Windows components that are normally blocked in S mode (ex. PowerShell.exe) on their Intune-managed Windows 10 in S mode devices. With Intune, IT Pros can now configure their managed S mode devices using a Windows Defender Application Control (WDAC) supplemental policy that expands the S mode base policy to authorize the apps their business uses. This feature changes the S mode security posture from “every app is Microsoft-verified" to “every app is verified by Microsoft or your organization”. diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.md b/windows/security/threat-protection/windows-defender-application-control/TOC.md index 321aa58e14..40e42e3eb4 100644 --- a/windows/security/threat-protection/windows-defender-application-control/TOC.md +++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md @@ -13,7 +13,6 @@ ### [Types of devices](types-of-devices.md) ### Use WDAC with custom policies #### [Create an initial default policy](create-initial-default-policy.md) -#### [Create path-based rules](create-path-based-rules.md) #### [Microsoft recommended block rules](microsoft-recommended-block-rules.md) ### [Audit WDAC policies](audit-windows-defender-application-control-policies.md) ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md) diff --git a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md deleted file mode 100644 index 4ac0c9fa6e..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: Windows Defender Application Control path-based rules (Windows 10) -description: Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. -keywords: whitelisting, security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -audience: ITPro -ms.collection: M365-security-compliance -author: jsuther1974 -ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp -ms.date: 05/17/2019 ---- - -# Create Windows Defender Application Control path-based rules - -**Applies to:** - -- Windows 10 -- Windows Server 2016 - ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - -Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. - -- New-CIPolicy parameters - - FilePath: create path rules under path \ for anything not user-writeable (at the individual file level) - - ```powershell - New-CIPolicy -f .\mypolicy.xml -l FilePath -s -u - ``` - - Optionally, add -UserWriteablePaths to ignore user writeability - - - FilePathRule: create a rule where filepath string is directly set to value of \ - - ```powershell - New-CIPolicyRule -FilePathRule - ``` - - Useful for wildcards like C:\foo\\* - -- Usage follows the same flow as per-app rules: - - ```powershell - $rules = New-CIPolicyRule … - $rules += New-CIPolicyRule … - … - New-CIPolicyRule -f .\mypolicy.xml -u - ``` - -- Wildcards supported - - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe) - - One or the other, not both at the same time - - Does not support wildcard in the middle (ex. C:\\*\foo.exe) -- Supported Macros: - - %WINDIR%\\... - - %SYSTEM32%\\... - - %OSDRIVE%\\... - -- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: - - ```powershell - Set-RuleOption -o 18 .\policy.xml - ``` -