deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

new section

Browse Source
This commit is contained in:
Justin Hall
2019-05-06 12:24:44 -07:00
parent ec802e324e
commit 44bb04a93a
1 changed files with 38 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
View File

@ -108,26 +108,42 @@ They could also choose to create a catalog that captures information about the u
Beginning with Windows 10 version 1903, WDAC policies can contain path-based rules.
- New-CIPolicy parameters
o FilePath: create path rules under path <path to scan> for anything not user-writeable (at the individual file level)
- FilePath: create path rules under path <path to scan> for anything not user-writeable (at the individual file level)
```console
New-CIPolicy -f .\mypolicy.xml -l FilePath -s <path to scan> -u
 Optionally, add -UserWriteablePaths to ignore user writeability
o FilePathRule: create a rule where filepath string is directly set to value of <any path string>
```
Optionally, add -UserWriteablePaths to ignore user writeability
- FilePathRule: create a rule where filepath string is directly set to value of <any path string>
```console
New-CIPolicyRule -FilePathRule <any path string>
• Useful for wildcards like C:\foo\*
• Usage: same flow as per-app rules
```
Useful for wildcards like C:\foo\\*
- Usage: same flow as per-app rules
```xml
$rules = New-CIPolicyRule …
$rules += New-CIPolicyRule …
New-CIPolicy -Rules $rules -f .\mypolicy.xml -u
• Wildcards supported:
o Suffix (ex. C:\foo\*) OR Prefix (ex. *\foo\bar.exe)
 One or the other, not both at the same time
 Does not support wildcard in the middle (ex. C:\*\foo.exe)
o Examples:
 %WINDIR%\...
 %SYSTEM32%\...
 %OSDRIVE%\...
• Disable default FilePath rule protection of enforcing user-writeability
Set-RuleOption -o 18 .\policy.xml
o Adds “Disabled:Runtime FilePath Rule Protection” to the policy
```
```console
New-CIPolicyRule -f .\mypolicy.xml -u
```
- Wildcards supported:
Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe)
- One or the other, not both at the same time
- Does not support wildcard in the middle (ex. C:\\*\foo.exe)
- Examples:
- %WINDIR%\\...
- %SYSTEM32%\\...
- %OSDRIVE%\\...
- Disable default FilePath rule protection of enforcing user-writeability
For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
```console
Set-RuleOption -o 18 .\policy.xml
```