deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 23:07:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

WDAC enable allow events

Browse Source 
This is confusing out of context, but the events that you are enabling here are 'allow events' as opposed to block events.
This commit is contained in:
isbrahm 2020-08-28 10:33:23 -07:00 committed by GitHub
parent 06229a5db0
commit 7fa366f35a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md
View File

@ -28,7 +28,7 @@ After designing and deploying your Windows Defender Application Control (WDAC) p
## WDAC Events Overview
WDAC generates and logs events when a policy is loaded as well as when a binary attempts to execute and is blocked. These events include information that identifies the policy and gives more details about the block. Generally, WDAC does not generate events when a binary is allowed; however, there is the option to enable events when Managed Installer and/or the Intelligent Security Graph (ISG) is configured.
WDAC generates and logs events when a policy is loaded as well as when a binary attempts to execute and is blocked. These events include information that identifies the policy and gives more details about the block. Generally, WDAC does not generate events when a binary is allowed; however, there is the option to enable allow events when Managed Installer and/or the Intelligent Security Graph (ISG) is configured.
WDAC events are generated under two locations: