deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update select-types-of-rules-to-create.md

Browse Source
This commit is contained in:
MaratMussabekov 2019-07-12 11:53:02 +05:00 committed by GitHub
parent 7e6641ad00
commit 33e13b0fde
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
View File

@ -111,15 +111,16 @@ They could also choose to create a catalog that captures information about the u
Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules.
- New-CIPolicy parameters - New-CIPolicy parameter
- FilePath: create path rules under path \<path to scan> for anything not user-writeable (at the individual file level) - FilePath: create path rules under path \<path to scan> for anything not user-writeable (at the individual file level)
```powershell ```powershell
New-CIPolicy -f .\mypolicy.xml -l FilePath -s <path to scan> -u New-CIPolicy -FilePath .\mypolicy.xml -Level FileName -ScanPath <path to scan> -UserPEs
``` ```
Optionally, add -UserWriteablePaths to ignore user writeability Optionally, add -UserWriteablePaths to ignore user writeability
- New-CIPolicyRule parameter
- FilePathRule: create a rule where filepath string is directly set to value of \<any path string> - FilePathRule: create a rule where filepath string is directly set to value of \<any path string>
```powershell ```powershell
@ -134,7 +135,7 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD
$rules = New-CIPolicyRule … $rules = New-CIPolicyRule …
$rules += New-CIPolicyRule … $rules += New-CIPolicyRule …
New-CIPolicyRule -f .\mypolicy.xml -u New-CIPolicyRule -FilePath .\mypolicy.xml -UserPEs
``` ```
- Wildcards supported - Wildcards supported
@ -149,6 +150,6 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD
- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: - Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
```powershell ```powershell
Set-RuleOption -o 18 .\policy.xml Set-RuleOption -Option 18 .\policy.xml
``` ```