deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

new section

Browse Source
This commit is contained in:
Justin Hall
2019-05-06 12:24:44 -07:00
parent ec802e324e
commit 44bb04a93a
1 changed files with 38 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
View File

@ -108,26 +108,42 @@ They could also choose to create a catalog that captures information about the u
Beginning with Windows 10 version 1903, WDAC policies can contain path-based rules. Beginning with Windows 10 version 1903, WDAC policies can contain path-based rules.
- New-CIPolicy parameters - New-CIPolicy parameters
o FilePath: create path rules under path <path to scan> for anything not user-writeable (at the individual file level) - FilePath: create path rules under path <path to scan> for anything not user-writeable (at the individual file level)
New-CIPolicy -f .\mypolicy.xml -l FilePath -s <path to scan> -u ```console
 Optionally, add -UserWriteablePaths to ignore user writeability New-CIPolicy -f .\mypolicy.xml -l FilePath -s <path to scan> -u
o FilePathRule: create a rule where filepath string is directly set to value of <any path string> ```
New-CIPolicyRule -FilePathRule <any path string> Optionally, add -UserWriteablePaths to ignore user writeability
• Useful for wildcards like C:\foo\*
• Usage: same flow as per-app rules - FilePathRule: create a rule where filepath string is directly set to value of <any path string>
$rules = New-CIPolicyRule … ```console
$rules += New-CIPolicyRule New-CIPolicyRule -FilePathRule <any path string>
```
New-CIPolicy -Rules $rules -f .\mypolicy.xml -u Useful for wildcards like C:\foo\\*
• Wildcards supported:
o Suffix (ex. C:\foo\*) OR Prefix (ex. *\foo\bar.exe) - Usage: same flow as per-app rules
 One or the other, not both at the same time ```xml
 Does not support wildcard in the middle (ex. C:\*\foo.exe) $rules = New-CIPolicyRule …
o Examples: $rules += New-CIPolicyRule …
 %WINDIR%\...
 %SYSTEM32%\... ```
 %OSDRIVE%\...
• Disable default FilePath rule protection of enforcing user-writeability ```console
Set-RuleOption -o 18 .\policy.xml New-CIPolicyRule -f .\mypolicy.xml -u
o Adds “Disabled:Runtime FilePath Rule Protection” to the policy ```
- Wildcards supported:
Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe)
- One or the other, not both at the same time
- Does not support wildcard in the middle (ex. C:\\*\foo.exe)
- Examples:
- %WINDIR%\\...
- %SYSTEM32%\\...
- %OSDRIVE%\\...
- Disable default FilePath rule protection of enforcing user-writeability
For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
```console
Set-RuleOption -o 18 .\policy.xml
```