From 201d8a8f0154d9c61ca46dfc30e405d4701b5287 Mon Sep 17 00:00:00 2001 From: brbrahm <43386070+brbrahm@users.noreply.github.com> Date: Thu, 31 Oct 2019 15:47:46 -0700 Subject: [PATCH] WDAC remove duplicate path-based rules Information is contained in select-types-of-rules-to-create.md --- .../create-path-based-rules.md | 72 ------------------- 1 file changed, 72 deletions(-) delete mode 100644 windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md diff --git a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md b/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md deleted file mode 100644 index 4ac0c9fa6e..0000000000 --- a/windows/security/threat-protection/windows-defender-application-control/create-path-based-rules.md +++ /dev/null @@ -1,72 +0,0 @@ ---- -title: Windows Defender Application Control path-based rules (Windows 10) -description: Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. -keywords: whitelisting, security, malware -ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -ms.localizationpriority: medium -audience: ITPro -ms.collection: M365-security-compliance -author: jsuther1974 -ms.reviewer: isbrahm -ms.author: dansimp -manager: dansimp -ms.date: 05/17/2019 ---- - -# Create Windows Defender Application Control path-based rules - -**Applies to:** - -- Windows 10 -- Windows Server 2016 - ->[!IMPORTANT] ->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. - -Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. - -- New-CIPolicy parameters - - FilePath: create path rules under path \ for anything not user-writeable (at the individual file level) - - ```powershell - New-CIPolicy -f .\mypolicy.xml -l FilePath -s -u - ``` - - Optionally, add -UserWriteablePaths to ignore user writeability - - - FilePathRule: create a rule where filepath string is directly set to value of \ - - ```powershell - New-CIPolicyRule -FilePathRule - ``` - - Useful for wildcards like C:\foo\\* - -- Usage follows the same flow as per-app rules: - - ```powershell - $rules = New-CIPolicyRule … - $rules += New-CIPolicyRule … - … - New-CIPolicyRule -f .\mypolicy.xml -u - ``` - -- Wildcards supported - - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe) - - One or the other, not both at the same time - - Does not support wildcard in the middle (ex. C:\\*\foo.exe) -- Supported Macros: - - %WINDIR%\\... - - %SYSTEM32%\\... - - %OSDRIVE%\\... - -- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: - - ```powershell - Set-RuleOption -o 18 .\policy.xml - ``` -