deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #10589 from VLG17/patch-155

Browse Source 
add note
This commit is contained in:
Denise Vangel-MSFT
2022-06-06 08:20:08 -07:00
committed by GitHub
parent c1ca9fa231 c6ab5439a2
commit 358e165b68
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
View File

@ -14,7 +14,6 @@ author: jgeurten
ms.reviewer: jsuther1974 ms.reviewer: jsuther1974
ms.author: dansimp ms.author: dansimp
manager: dansimp manager: dansimp
ms.date: 03/22/2022
ms.technology: windows-sec ms.technology: windows-sec
--- ---
@ -45,6 +44,9 @@ To create effective WDAC deny policies, it's crucial to understand how WDAC pars
5. If no rule exists for the file and it's not allowed based on ISG or MI, then the file is blocked implicitly. 5. If no rule exists for the file and it's not allowed based on ISG or MI, then the file is blocked implicitly.
> [!NOTE]
> If your WDAC policy does not have an explicit rule to allow or deny a binary to run, then WDAC will make a call to the cloud to determine whether the binary is familiar and safe. However, if your policy already authorizes or denies the binary, then WDAC will not make a call to the cloud. For more details, see [How does the integration between WDAC and the Intelligent Security Graph work?](use-windows-defender-application-control-with-intelligent-security-graph.md#how-does-the-integration-between-wdac-and-the-intelligent-security-graph-work).
## Interaction with Existing Policies ## Interaction with Existing Policies
### Adding Allow Rules ### Adding Allow Rules