deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update metadata for WDAC vs AppLocker

Browse Source
This commit is contained in:
brbrahm 2020-09-28 11:54:40 -07:00
parent cb574ae1e1
commit 1427b6a227
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview.md
View File

@ -1,7 +1,7 @@
---
title: WDAC and AppLocker Overview
description: Compare Windows application control technologies.
keywords: security, malware
keywords: security, malware, whitelisting, allow-list, block-list
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.prod: w10
ms.mktglfcycl: deploy
@ -14,7 +14,7 @@ author: denisebmsft
ms.reviewer: isbrahm
ms.author: deniseb
manager: dansimp
ms.date: 04/15/2020
ms.date: 09/28/2020
ms.custom: asr
---
@ -29,16 +29,16 @@ Windows 10 includes two technologies that can be used for application control de
## Windows Defender Application Control
WDAC was introduced with Windows 10 and allows organizations to control what drivers and applications are allowed to run on their Windows 10 clients. WDAC was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria) defined by the Microsoft Security Response Center (MSRC).
WDAC was introduced with Windows 10 and allows organizations to control which drivers and applications are allowed to run on their Windows 10 clients. WDAC was designed as a security feature under the [servicing criteria](https://www.microsoft.com/msrc/windows-security-servicing-criteria) defined by the Microsoft Security Response Center (MSRC).
WDAC policies apply to the managed computer as a whole and affects all users of the device. WDAC rules can be defined based on:
- Attributes of the codesigning certificate(s) used to sign an app and its binaries;
- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file;
- The reputation of the app as determined by Microsoft's Intelligent Security Graph;
- The identity of the process that initiated the installation of the app and its binaries (managed installer);
- The path from which the app or file is launched (beginning with Windows 10 version 1903);
- The process that launched the app or binary.
- Attributes of the codesigning certificate(s) used to sign an app and its binaries
- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file
- The reputation of the app as determined by Microsoft's Intelligent Security Graph
- The identity of the process that initiated the installation of the app and its binaries (managed installer)
- The path from which the app or file is launched (beginning with Windows 10 version 1903)
- The process that launched the app or binary
Note that prior to Windows 10, version 1709, Windows Defender Application Control was known as configurable code integrity (CCI). WDAC was also one of the features which comprised the now-defunct term 'Device Guard'.
@ -50,13 +50,13 @@ WDAC policies can be applied to devices running any edition of Windows 10 or Win
## AppLocker
AppLocker was introduced with Windows 7 and allows organizations to control what applications are allowed to run on their Windows clients. AppLocker helps to prevent end users from running unapproved software on their computers, but it does not meet the servicing criteria for being a security feature.
AppLocker was introduced with Windows 7 and allows organizations to control which applications are allowed to run on their Windows clients. AppLocker helps to prevent end users from running unapproved software on their computers, but it does not meet the servicing criteria for being a security feature.
AppLocker policies can apply to all users on a computer or to individual users and groups. AppLocker rules can be defined based on:
- Attributes of the codesigning certificate(s) used to sign an app and its binaries;
- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file;
- The path from which the app or file is launched.
- Attributes of the codesigning certificate(s) used to sign an app and its binaries
- Attributes of the app's binaries that come from the signed metadata for the files, such as Original Filename and version, or the hash of the file
- The path from which the app or file is launched
### AppLocker System Requirements
@ -65,7 +65,7 @@ AppLocker policies can be deployed using Group Policy or MDM.
## Choose when to use WDAC or AppLocker
Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. AppLocker, on the other hand, will receive security fixes but no new feature improvements.
Generally, it is recommended that customers who are able to implement application control using WDAC rather than AppLocker do so. WDAC is undergoing continual improvements and will be getting added support from Microsoft management platforms. AppLocker is a legacy technology which will continue to receive security fixes but will not undergo new feature improvements.
In some cases, however, AppLocker may be the more appropriate technology for your organization. AppLocker is best when: