From 542300d0d0675bb3402fe6de69e86ec9f9e27581 Mon Sep 17 00:00:00 2001 From: Jordan Geurten Date: Fri, 4 Aug 2023 13:42:40 -0400 Subject: [PATCH] Fixed unsigned policy valid supplemental option --- .../design/select-types-of-rules-to-create.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md index fd3133539a..7bc080da18 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md @@ -32,7 +32,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru | **3 Enabled:Audit Mode (Default)** | Instructs WDAC to log information about applications, binaries, and scripts that would have been blocked, if the policy was enforced. You can use this option to identify the potential impact of your WDAC policy, and use the audit events to refine the policy before enforcement. To enforce a WDAC policy, delete this option. | No | | **4 Disabled:Flight Signing** | If enabled, binaries from Windows Insider builds aren't trusted. This option is useful for organizations that only want to run released binaries, not prerelease Windows builds. | No | | **5 Enabled:Inherit Default Policy** | This option is reserved for future use and currently has no effect. | Yes | -| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and any supplemental policies must also be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. Certificates that are trusted for supplemental policies must be identified in the SupplementalPolicySigners section. | Yes | +| **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and any supplemental policies must also be signed. The certificates that are trusted for future policy updates must be identified in the UpdatePolicySigners section. Certificates that are trusted for supplemental policies must be identified in the SupplementalPolicySigners section. | No | | **7 Allowed:Debug Policy Augmented** | This option isn't currently supported. | Yes | | **8 Required:EV Signers** | This option isn't currently supported. | No | | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | No |