new section

windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md

@@ -108,26 +108,42 @@ They could also choose to create a catalog that captures information about the u
 Beginning with Windows 10 version 1903, WDAC policies can contain path-based rules.
 
 - New-CIPolicy parameters
-o	FilePath: create path rules under path <path to scan> for anything not user-writeable (at the individual file level)
-New-CIPolicy -f .\mypolicy.xml -l FilePath -s <path to scan> -u
-	Optionally, add -UserWriteablePaths to ignore user writeability
-o	FilePathRule: create a rule where filepath string is directly set to value of <any path string>
-New-CIPolicyRule -FilePathRule <any path string>
-•	Useful for wildcards like C:\foo\*
-•	Usage: same flow as per-app rules
-$rules = New-CIPolicyRule …
-$rules += New-CIPolicyRule …
-…
-New-CIPolicy -Rules $rules -f .\mypolicy.xml -u
-•	 Wildcards supported:
-o	Suffix (ex. C:\foo\*) OR Prefix (ex. *\foo\bar.exe)
-	One or the other, not both at the same time
-	Does not support wildcard in the middle (ex. C:\*\foo.exe)
-o	Examples:
-	%WINDIR%\...
-	%SYSTEM32%\...
-	%OSDRIVE%\...
-•	Disable default FilePath rule protection of enforcing user-writeability
-Set-RuleOption -o 18 .\policy.xml
-o	Adds “Disabled:Runtime FilePath Rule Protection” to the policy
+  - FilePath: create path rules under path <path to scan> for anything not user-writeable (at the individual file level)
+    ```console
+    New-CIPolicy -f .\mypolicy.xml -l FilePath -s <path to scan> -u
+    ```
+    Optionally, add -UserWriteablePaths to ignore user writeability
+
+  - FilePathRule: create a rule where filepath string is directly set to value of <any path string>
+    ```console
+    New-CIPolicyRule -FilePathRule <any path string>
+    ```
+    Useful for wildcards like C:\foo\\*
+
+- Usage: same flow as per-app rules
+  ```xml
+  $rules = New-CIPolicyRule …
+  $rules += New-CIPolicyRule …
+  …
+  ```
+  
+  ```console
+  New-CIPolicyRule -f .\mypolicy.xml -u
+  ```
+
+- Wildcards supported:
+  Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe)
+  - One or the other, not both at the same time
+  - Does not support wildcard in the middle (ex. C:\\*\foo.exe)
+  - Examples:
+    - %WINDIR%\\...
+    - %SYSTEM32%\\...
+    - %OSDRIVE%\\...
+
+- Disable default FilePath rule protection of enforcing user-writeability
+  For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
+  ```console
+  Set-RuleOption -o 18 .\policy.xml
+  ```
+