From 904909a5dcc685b7b0cc9b87ccfdebc9b69d751e Mon Sep 17 00:00:00 2001 From: Mohammed Tanveer Date: Thu, 8 Feb 2024 11:29:19 +0530 Subject: [PATCH] Update applications-that-can-bypass-wdac.md Included dbgsrv.exe to the ruleset that was missing & a known WDAC bypass. --- .../design/applications-that-can-bypass-wdac.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md index bcce7c5578..1fc600cfee 100644 --- a/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md +++ b/windows/security/application-security/application-control/windows-defender-application-control/design/applications-that-can-bypass-wdac.md @@ -57,6 +57,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you - wsl.exe - wslconfig.exe - wslhost.exe +- dbgsrv.exe 1 A vulnerability in bginfo.exe was fixed in version 4.22. If you use BGInfo, for security, make sure to download and run the latest version of [BGInfo](/sysinternals/downloads/bginfo). BGInfo versions earlier than 4.22 are still vulnerable and should be blocked. @@ -136,6 +137,7 @@ The blocklist policy that follows includes "Allow all" rules for both kernel and +