deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 08:17:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

clarified WDAC evaluation of COM objects with multipolicy

Browse Source
This commit is contained in:
Jordan Geurten 2022-12-16 14:32:08 -05:00
parent 8695f6307f
commit 6ad42996ce
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy.md
View File

@ -70,6 +70,10 @@ One attribute:
- The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName) - The setting needs to be placed in the order of ASCII values (first by Provider, then Key, then ValueName)
### Multiple policy considerations
Similar to executable files, COM objects must pass each policy on the system to be allowed by WDAC. For example, if the COM object under evaluation passes most but not all of your WDAC policies, the COM object will not be allowed. If you are using a combination of base and supplemental policies, the COM object just needs to be allowlisted in either the base policy or one of the supplemental policies.
### Examples ### Examples
Example 1: Allows registration of all COM object GUIDs in any provider Example 1: Allows registration of all COM object GUIDs in any provider