diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
index bcce7c5578..1fc600cfee 100644
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md
@@ -57,6 +57,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
- wsl.exe
- wslconfig.exe
- wslhost.exe
+- dbgsrv.exe
1 A vulnerability in bginfo.exe was fixed in version 4.22. If you use BGInfo, for security, make sure to download and run the latest version of [BGInfo](/sysinternals/downloads/bginfo). BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.
@@ -136,6 +137,7 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and
+