diff --git a/.openpublishing.redirection.windows-security.json b/.openpublishing.redirection.windows-security.json index 38a2894c80..54589ae7b4 100644 --- a/.openpublishing.redirection.windows-security.json +++ b/.openpublishing.redirection.windows-security.json @@ -80,6 +80,11 @@ "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/windows-security-baselines", "redirect_document_id": false }, + { + "source_path": "windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md", + "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac", + "redirect_document_id": false + }, { "source_path": "windows/security/apps.md", "redirect_url": "/windows/security/application-security", diff --git a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml index 70c937a286..3815f2af27 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml +++ b/windows/security/application-security/application-control/windows-defender-application-control/TOC.yml @@ -55,8 +55,8 @@ href: design/create-wdac-policy-using-reference-computer.md - name: Create a WDAC deny list policy href: design/create-wdac-deny-policy.md - - name: Microsoft recommended block rules - href: design/microsoft-recommended-block-rules.md + - name: Applications that can bypass WDAC and how to block them + href: design/applications-that-can-bypass-wdac.md - name: Microsoft recommended driver block rules href: design/microsoft-recommended-driver-block-rules.md - name: Use the WDAC Wizard tool diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md similarity index 99% rename from windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md rename to windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md index ebc63fd06e..bcce7c5578 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-block-rules.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md @@ -1,15 +1,15 @@ --- -title: Microsoft recommended block rules +title: Applications that can bypass WDAC and how to block them description: View a list of recommended block rules, based on knowledge shared between Microsoft and the wider security community. ms.localizationpriority: medium ms.date: 06/14/2023 ms.topic: reference --- -# Microsoft recommended block rules +# Applications that can bypass WDAC and how to block them ->[!NOTE] ->Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). +> [!NOTE] +> Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](../feature-availability.md). Members of the security community* continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC. diff --git a/windows/security/application-security/application-control/windows-defender-application-control/index.yml b/windows/security/application-security/application-control/windows-defender-application-control/index.yml index 116b217e84..1b1d46e536 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/index.yml +++ b/windows/security/application-security/application-control/windows-defender-application-control/index.yml @@ -33,8 +33,8 @@ landingContent: links: - text: Using code signing to simplify application control url: deployment/use-code-signing-for-better-control-and-protection.md - - text: Microsoft's Recommended Blocklist - url: design/microsoft-recommended-block-rules.md + - text: Applications that can bypass WDAC and how to block them + url: design/applications-that-can-bypass-wdac.md - text: Microsoft's Recommended Driver Blocklist url: design/microsoft-recommended-driver-block-rules.md - text: Example WDAC policies diff --git a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md index dee33405bb..7ee7a13013 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/wdac.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/wdac.md @@ -47,7 +47,7 @@ Smart App Control is only available on clean installation of Windows 11 version ### Smart App Control Enforced Blocks -Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/microsoft-recommended-block-rules.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control: +Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-wdac.md), with a few exceptions for compatibility considerations. The following are not blocked by Smart App Control: - Infdefaultinstall.exe - Microsoft.Build.dll