deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md

Browse Source
This commit is contained in:
Stephanie Savell
2023-08-14 12:59:47 -05:00
committed by GitHub
parent 76b3b4946c
commit 9000507ab8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/application-security/application-control/windows-defender-application-control/design/select-types-of-rules-to-create.md
View File

@ -127,7 +127,7 @@ Filepath rules don't provide the same security guarantees that explicit signer r
### User-writable filepaths
By default, WDAC performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath only allows write access for admin users.
By default, WDAC performs a user-writeability check at runtime that ensures that the current permissions on the specified filepath only allow write access for admin users.
There's a defined list of SIDs that WDAC recognizes as admins. If a filepath allows write permissions for any SID not in this list, the filepath is considered to be user-writeable, even if the SID is associated to a custom admin user. To handle these special cases, you can override WDAC's runtime admin-writeable check with the **Disabled:Runtime FilePath Rule Protection** option described earlier.