From 4466a082bca38c76ae91d2796cb2b4f025139fd3 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 2 Sep 2021 11:46:05 +0530 Subject: [PATCH] Task - 5358645: Clean-up work Clean -up work and minor updates to improve acrolinx score. --- .../event-id-explanations.md | 2 +- .../event-tag-explanations.md | 2 +- ...ion-control-events-centrally-using-advanced-hunting.md | 2 +- ...nder-application-control-with-dynamic-code-security.md | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md index f8b093734a..a87cd17fec 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-id-explanations.md @@ -1,5 +1,5 @@ --- -title: Understanding Application Control event IDs (Windows 10) +title: Understanding Application Control event IDs (Windows) description: Learn what different Windows Defender Application Control event IDs signify. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index 9eb35220b5..f5d7d82e37 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -1,5 +1,5 @@ --- -title: Understanding Application Control event tags (Windows 10) +title: Understanding Application Control event tags (Windows) description: Learn what different Windows Defender Application Control event tags signify. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb diff --git a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md index ed001ad80e..134acc8d1f 100644 --- a/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md +++ b/windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md @@ -1,5 +1,5 @@ --- -title: Query Application Control events with Advanced Hunting (Windows 10) +title: Query Application Control events with Advanced Hunting (Windows) description: Learn how to query Windows Defender Application Control events across your entire organization by using Advanced Hunting. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md index 9670e64011..f1f66a910c 100644 --- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md +++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md @@ -1,5 +1,5 @@ --- -title: Windows Defender Application Control and .NET Hardening (Windows 10) +title: Windows Defender Application Control and .NET Hardening (Windows) description: Dynamic Code Security is an application control feature that can verify code loaded by .NET at runtime. keywords: security, malware ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb @@ -21,14 +21,14 @@ ms.technology: mde # Windows Defender Application Control and .NET hardening Historically, Windows Defender Application Control (WDAC) has restricted the set of applications, libraries, and scripts that are allowed to run to those approved by an organization. -Security researchers have found that some .NET applications may be used to circumvent those controls by using .NET’s capabilities to load libraries from external sources or generate new code on the fly. -Beginning with Windows 10, version 1803, WDAC features a new capability, called *Dynamic Code Security* to verify code loaded by .NET at runtime. +Security researchers have found that some .NET applications may be used to circumvent those controls by using .NET’s capabilities to load libraries from external sources or generate new code on the fly. +Beginning with Windows 10, version 1803, or Windows 11, WDAC features a new capability, called *Dynamic Code Security* to verify code loaded by .NET at runtime. When the Dynamic Code Security option is enabled, WDAC policy is applied to libraries that .NET loads from external sources. Additionally, it detects tampering in code generated to disk by .NET and blocks loading code that has been tampered with. Dynamic Code Security is not enabled by default because existing policies may not account for externally loaded libraries. -Additionally, a small number of .NET loading features, including loading unsigned assemblies built with System.Reflection.Emit, are not currently supported with Dynamic Code Security enabled. +Additionally, a few .NET loading features, including loading unsigned assemblies built with System.Reflection.Emit, are not currently supported with Dynamic Code Security enabled. Microsoft recommends testing Dynamic Code Security in audit mode before enforcing it to discover whether any new libraries should be included in the policy. To enable Dynamic Code Security, add the following option to the `` section of your policy: