From 7fa366f35ab8f527b3d1d14fcc0b8339210f044c Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Fri, 28 Aug 2020 10:33:23 -0700 Subject: [PATCH] WDAC enable allow events This is confusing out of context, but the events that you are enabling here are 'allow events' as opposed to block events. --- .../windows-defender-application-control-operational-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md index 8a7ad0700f..43bcfa91f9 100644 --- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md +++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-operational-guide.md @@ -28,7 +28,7 @@ After designing and deploying your Windows Defender Application Control (WDAC) p ## WDAC Events Overview -WDAC generates and logs events when a policy is loaded as well as when a binary attempts to execute and is blocked. These events include information that identifies the policy and gives more details about the block. Generally, WDAC does not generate events when a binary is allowed; however, there is the option to enable events when Managed Installer and/or the Intelligent Security Graph (ISG) is configured. +WDAC generates and logs events when a policy is loaded as well as when a binary attempts to execute and is blocked. These events include information that identifies the policy and gives more details about the block. Generally, WDAC does not generate events when a binary is allowed; however, there is the option to enable allow events when Managed Installer and/or the Intelligent Security Graph (ISG) is configured. WDAC events are generated under two locations: