deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 22:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into nimishasatapathy-5324320-part5

Browse Source
This commit is contained in:
Diana Hanson 2021-10-01 12:30:09 -06:00 committed by GitHub
commit a2e7b3049d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 554 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
View File

@ -1,5 +1,5 @@
---
title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows 10)
title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows)
description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
ms.prod: m365-security
ms.mktglfcycl: manage
@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.date: 09/16/2021
ms.date: 09/20/2021
ms.reviewer:
manager: dansimp
ms.custom: asr
@ -20,6 +20,7 @@ ms.technology: mde
**Applies to:**
- Windows 10
- Windows 11
Microsoft Defender Application Guard (Application Guard) works with Group Policy to help you manage your organization's computer settings. By using Group Policy, you can configure a setting once, and then copy it onto many computers. For example, you can set up multiple security settings in a Group Policy Object, which is linked to a domain, and then apply all those settings to every endpoint in the domain.
@ -52,13 +53,13 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
|Name|Supported versions|Description|Options|
|-----------|------------------|-----------|-------|
|Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
|Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
|Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer|Windows 10 Enterprise, 1709 or higher|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. <p>**NOTE**: This action might also block assets cached by CDNs and references to analytics sites. Add them to the trusted enterprise resources to avoid broken pages.<p>**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
|Allow Persistence|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.|
|Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.<p>**Disabled or not configured.** Users are not able to save downloaded files from Application Guard to the host operating system.|
|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and wont load any third-party graphics drivers or interact with any connected graphics hardware.|
|Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
|Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates are not shared with Microsoft Defender Application Guard.|
|Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.<p>**Disabled or not configured.** event logs aren't collected from your Application Guard container.|
|Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
|Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
|Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer|Windows 10 Enterprise, 1709 or higher<p>Windows 11|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. <p>**NOTE**: This action might also block assets cached by CDNs and references to analytics sites. Add them to the trusted enterprise resources to avoid broken pages.<p>**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
|Allow Persistence|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher<p>Windows 11|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.|
|Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher<p>Windows 11|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.<p>**Disabled or not configured.** Users are not able to save downloaded files from Application Guard to the host operating system.|
|Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Be aware that enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and wont load any third-party graphics drivers or interact with any connected graphics hardware.|
|Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Be aware that enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|
|Allow Microsoft Defender Application Guard to use Root Certificate Authorities from a user's device|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|Determines whether Root Certificates are shared with Microsoft Defender Application Guard.|**Enabled.** Certificates matching the specified thumbprint are transferred into the container. Use a comma to separate multiple certificates.<p>**Disabled or not configured.** Certificates are not shared with Microsoft Defender Application Guard.|
|Allow auditing events in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.|**Enabled.** Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.<p>**Disabled or not configured.** event logs aren't collected from your Application Guard container.|

14
windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
View File

@ -1,5 +1,5 @@
---
title: Enable hardware-based isolation for Microsoft Edge (Windows 10)
title: Enable hardware-based isolation for Microsoft Edge (Windows)
description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise.
ms.prod: m365-security
ms.mktglfcycl: manage
@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.date: 10/21/2020
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.custom: asr
@ -18,7 +18,9 @@ ms.technology: mde
# Prepare to install Microsoft Defender Application Guard
**Applies to:**
- - Windows 10
- Windows 10
- Windows 11
## Review system requirements
@ -34,6 +36,7 @@ Before you can install and use Microsoft Defender Application Guard, you must de
Applies to:
- Windows 10 Enterprise edition, version 1709 or higher
- Windows 10 Pro edition, version 1803
- Windows 11
Employees can use hardware-isolated browsing sessions without any administrator or management policy configuration. In this mode, you must install Application Guard and then the employee must manually start Microsoft Edge in Application Guard while browsing untrusted sites. For an example of how this works, see the [Application Guard in standalone mode](test-scenarios-md-app-guard.md) testing scenario.
@ -41,6 +44,7 @@ Employees can use hardware-isolated browsing sessions without any administrator
Applies to:
- Windows 10 Enterprise edition, version 1709 or higher
- Windows 11
You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests to add non-enterprise domain(s) in the container.
@ -66,7 +70,7 @@ Application Guard functionality is turned off by default. However, you can quick
>[!NOTE]
>Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only.
1. Click the **Search** or **Cortana** icon in the Windows 10 taskbar and type **PowerShell**.
1. Click the **Search** or **Cortana** icon in the Windows 10 or Windows 11 taskbar and type **PowerShell**.
2. Right-click **Windows PowerShell**, and then click **Run as administrator**.
@ -120,4 +124,4 @@ Application Guard functionality is turned off by default. However, you can quick
1. Click **Save**.
After the profile is created, any devices to which the policy should apply will have Microsoft Defender Application Guard enabled. Users might have to restart their devices in order for protection to be in place.
After the profile is created, any devices to which the policy should apply will have Microsoft Defender Application Guard enabled. Users might have to restart their devices in order for protection to be in place.

6
windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
View File

@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: martyav
ms.author: v-maave
ms.date: 06/12/2020
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.custom: asr
@ -20,10 +20,11 @@ ms.technology: mde
**Applies to:**
- Windows 10
- Windows 11
[Microsoft Defender Application Guard Extension](https://www.microsoft.com/security/blog/2019/05/23/new-browser-extensions-for-integrating-microsofts-hardware-based-isolation/) is a web browser add-on available for [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/).
[Microsoft Defender Application Guard](md-app-guard-overview.md) provides Hyper-V isolation on Windows 10, to protect users from potentially harmful content on the web. The extension helps Application Guard protect users running other web browsers.
[Microsoft Defender Application Guard](md-app-guard-overview.md) provides Hyper-V isolation on Windows 10 and Windows 11, to protect users from potentially harmful content on the web. The extension helps Application Guard protect users running other web browsers.
> [!TIP]
> Application Guard, by default, offers [native support](/deployedge/microsoft-edge-security-windows-defender-application-guard) to both Microsoft Edge and Internet Explorer. These browsers do not need the extension described here for Application Guard to protect them.
@ -37,6 +38,7 @@ Microsoft Defender Application Guard Extension works with the following editions
- Windows 10 Professional
- Windows 10 Enterprise
- Windows 10 Education
- Windows 11
Application Guard itself is required for the extension to work. It has its own set of [requirements](reqs-md-app-guard.md). Check the Application Guard [installation guide](install-md-app-guard.md) for further steps, if you don't have it installed already.

8
windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
View File

@ -1,5 +1,5 @@
---
title: Microsoft Defender Application Guard (Windows 10)
title: Microsoft Defender Application Guard (Windows 10 or Windows 11)
description: Learn about Microsoft Defender Application Guard and how it helps to combat malicious content and malware out on the Internet.
ms.prod: m365-security
ms.mktglfcycl: manage
@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.date: 01/27/2021
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.custom: asr
@ -18,7 +18,9 @@ ms.technology: mde
# Microsoft Defender Application Guard overview
**Applies to**
- Windows 10
- Windows 11
Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete.
@ -54,4 +56,4 @@ Application Guard has been created to target several types of devices:
| [Microsoft Defender Application Guard Extension for web browsers](md-app-guard-browser-extension.md) | Describes the Application Guard extension for Chrome and Firefox, including known issues, and a troubleshooting guide |
| [Microsoft Defender Application Guard for Microsoft Office](/microsoft-365/security/office-365-security/install-app-guard) | Describes Application Guard for Microsoft Office, including minimum hardware requirements, configuration, and a troubleshooting guide |
|[Frequently asked questions - Microsoft Defender Application Guard](faq-md-app-guard.yml)|Provides answers to frequently asked questions about Application Guard features, integration with the Windows operating system, and general configuration.|
|[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.|
|[Use a network boundary to add trusted sites on Windows devices in Microsoft Intune](/mem/intune/configuration/network-boundary-windows)|Network boundary, a feature that helps you protect your environment from sites that aren't trusted by your organization.|

6
windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
View File

@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: denisebmsft
ms.author: deniseb
ms.date: 07/01/2021
ms.date: 09/09/2021
ms.reviewer:
manager: dansimp
ms.custom: asr
@ -18,7 +18,9 @@ ms.technology: mde
# System requirements for Microsoft Defender Application Guard
**Applies to**
- Windows 10
- Windows 11
The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
@ -43,6 +45,6 @@ Your environment must have the following hardware to run Microsoft Defender Appl
| Software | Description |
|--------|-----------|
| Operating system | Windows 10 Enterprise edition, version 1809 or higher <br/> Windows 10 Professional edition, version 1809 or higher <br/> Windows 10 Professional for Workstations edition, version 1809 or higher <br/> Windows 10 Professional Education edition, version 1809 or higher <br/> Windows 10 Education edition, version 1809 or higher <br/> Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with MDAG for Professional editions. |
| Operating system | Windows 10 Enterprise edition, version 1809 or higher <br/> Windows 10 Professional edition, version 1809 or higher <br/> Windows 10 Professional for Workstations edition, version 1809 or higher <br/> Windows 10 Professional Education edition, version 1809 or higher <br/> Windows 10 Education edition, version 1809 or higher <br/> Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with MDAG for Professional editions. <br/> Windows 11 |
| Browser | Microsoft Edge |
| Management system <br> (only for managed devices)| [Microsoft Intune](/intune/) <p> **OR** <p> [Microsoft Endpoint Configuration Manager](/configmgr/) <p> **OR** <p> [Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11)) <p> **OR** <p>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. |

14
windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
View File

@ -1,5 +1,5 @@
---
title: Testing scenarios with Microsoft Defender Application Guard (Windows 10)
title: Testing scenarios with Microsoft Defender Application Guard (Windows 10 or Windows 11)
description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
ms.prod: m365-security
ms.mktglfcycl: manage
@ -10,7 +10,7 @@ author: denisebmsft
ms.author: deniseb
ms.reviewer:
manager: dansimp
ms.date: 09/14/2020
ms.date: 09/09/2021
ms.custom: asr
ms.technology: mde
---
@ -20,6 +20,7 @@ ms.technology: mde
**Applies to:**
- Windows 10
- Windows 11
We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization.
@ -50,7 +51,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise-
### Install, set up, and turn on Application Guard
Before you can use Application Guard in managed mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings.
Before you can use Application Guard in managed mode, you must install Windows 10 Enterprise edition, version 1709, and Windows 11 which includes the functionality. Then, you must use Group Policy to set up the required settings.
1. [Install Application Guard](./install-md-app-guard.md#install-application-guard).
@ -111,6 +112,7 @@ You have the option to change each of these settings to work with your enterpris
- Windows 10 Enterprise edition, version 1709 or higher
- Windows 10 Professional edition, version 1803
- Windows 11
#### Copy and paste options
@ -169,7 +171,7 @@ You have the option to change each of these settings to work with your enterpris
The previously added site should still appear in your **Favorites** list.
> [!NOTE]
> If you don't allow or turn off data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies, Favorites, and so on, removing the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren't shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10.
> If you don't allow or turn off data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies, Favorites, and so on, removing the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren't shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10 and Windows 11.
>
> If you turn on data persistence, but later decide to stop supporting it for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
> <!--- Inline HTML is used on the next several lines so that the ordinal numbers will be rendered correctly; Markdown would otherwise try to render them as letters (a, b, c...) because they would be treated as a nested list --->
@ -179,6 +181,7 @@ You have the option to change each of these settings to work with your enterpris
- Windows 10 Enterprise edition, version 1803
- Windows 10 Professional edition, version 1803
- Windows 11
#### Download options
@ -210,12 +213,13 @@ You have the option to change each of these settings to work with your enterpris
- Windows 10 Enterprise edition, version 1809
- Windows 10 Professional edition, version 1809
- Windows 11
#### File trust options
1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow users to trust files that open in Microsoft Defender Application Guard** setting.
2. Click **Enabled**, set **Options** to 2, and click **OK**.
2. Click **Enabled**, set **Options** to **2**, and click **OK**.
![Group Policy editor File trust options.](images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png)

665
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
View File

@ -28,15 +28,20 @@ ms.date:
>[!NOTE]
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're patched and rolled out to the ecosystem in an expedited manner. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
Microsoft has strict requirements for code running in kernel. So, malicious actors are turning to exploit vulnerabilities in legitimate and signed kernel drivers to run malware in kernel. One of the many strengths of the Windows platform is our strong collaboration with independent hardware vendors (IHVs) and OEMs. Microsoft works closely with our IHVs and security community to ensure the highest level of driver security for our customers and when vulnerabilities in drivers do arise, that they're quickly patched and rolled out to the ecosystem. Microsoft then adds the vulnerable versions of the drivers to our ecosystem block policy, which is applied to the following sets of devices:
- Hypervisor-protected code integrity (HVCI) enabled devices
- Windows 10 in S mode (S mode) devices
Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
The vulnerable driver blocklist is designed to help harden systems against third party-developed drivers across the Windows ecosystem with any of the following attributes:
> [!Note]
> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It's recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode.
- Known security vulnerabilities that can be exploited by attackers to elevate privileges in the Windows kernel
- Malicious behaviors (malware) or certificates used to sign malware
- Behaviors that are not malicious but circumvent the Windows Security Model and can be exploited by attackers to elevate privileges in the Windows kernel
Drivers can be submitted to Microsoft for security analysis at the [Microsoft Security Intelligence Driver Submission page](https://www.microsoft.com/en-us/wdsi/driversubmission). To report an issue or request a change to the vulnerable driver blocklist, including updating a block rule once a driver vulnerability has been patched, visit the [Microsoft Security Intelligence portal](https://www.microsoft.com/wdsi) or submit feedback on this article.
Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this isn't possible, Microsoft recommends blocking this list of drivers within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
```xml
<?xml version="1.0" encoding="utf-8"?>
@ -59,6 +64,46 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
<EKUs />
<!--File Rules-->
<FileRules>
<Deny ID="ID_DENY_ASIO_32_SHA1" FriendlyName="ASIO32.sys Hash Sha1" Hash="D569D4BAB86E70EFBCDFDAC9D822139D6F477B7C" />
<Deny ID="ID_DENY_ASIO_32_SHA256" FriendlyName="ASIO32.sys Hash Sha256" Hash="80599708CE61EC5D6DCFC5977208A2A0BE2252820A88D9BA260D8CDF5DC7FBE4" />
<Deny ID="ID_DENY_ASIO_32_SHA1_PAGE" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="80FA962BDFB76DFCB9E5D13EFC38BB3D392F2E77" />
<Deny ID="ID_DENY_ASIO_32_SHA256_PAGE" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="9091E044273FF624585235AC885EB2B05DFB12F3022DCF535B178FF1B2E012D1" />
<Deny ID="ID_DENY_ASIO_32_SHA1_1" FriendlyName="ASIO32.sys Hash Sha1" Hash="5A7DD0DA0AEE0BDEDC14C1B7831B9CE9178A0346" />
<Deny ID="ID_DENY_ASIO_32_SHA256_1" FriendlyName="ASIO32.sys Hash Sha256" Hash="92EDD48DFAC025D4069EB6491B9730D9D131B77CCEAA480AF9B3C32BC8C5E3A9" />
<Deny ID="ID_DENY_ASIO_32_SHA1_PAGE_1" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="1ACC7A486B52C5EE6619DBDC3B4210B5F48B936F" />
<Deny ID="ID_DENY_ASIO_32_SHA256_PAGE_1" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="F84634B5C0E83CA9BB25928DC3C4FC05D37451C23B780DBEEB1F10F056F1EEEE" />
<Deny ID="ID_DENY_ASIO_32_SHA1_2" FriendlyName="ASIO32.sys Hash Sha1" Hash="55AB7E27412ECA433D76513EDC7E6E03BCDD7EDA" />
<Deny ID="ID_DENY_ASIO_32_SHA256_2" FriendlyName="ASIO32.sys Hash Sha256" Hash="C1B41D6B91448E2409BB2F4FBF4AEB952ADF373D0DECC9D052277B89BA401407" />
<Deny ID="ID_DENY_ASIO_32_SHA1_PAGE_2" FriendlyName="ASIO32.sys Hash Page Sha1" Hash="1E7C241B9A9EA79061B50FB19B3D141DEE175C27" />
<Deny ID="ID_DENY_ASIO_32_SHA256_PAGE_2" FriendlyName="ASIO32.sys Hash Page Sha256" Hash="1056806F6508B4F5E8A00A6E8D07AEAC06A1BE5F9B92F1684F33682D2DA9349E" />
<Deny ID="ID_DENY_ASIO_64_SHA1" FriendlyName="ASIO64.sys Hash Sha1" Hash="E5C090903A20744BA3583A8EA684D035E8CECC34" />
<Deny ID="ID_DENY_ASIO_64_SHA256" FriendlyName="ASIO64.sys Hash Sha256" Hash="9DCFD796E244D0687CC35EAC9538F209F76C6DF12DE166F19DBC7D2C47FB16B3" />
<Deny ID="ID_DENY_ASIO_64_SHA1_PAGE" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="CA5FF4EB8CCBDE4EFF3491FD7941769E8D093D79" />
<Deny ID="ID_DENY_ASIO_64_SHA256_PAGE" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="D8841803F181F735D8794C82BA52D8C484B3B0A95DBBB66114314F439B75B0E9" />
<Deny ID="ID_DENY_ASIO_64_SHA1_1" FriendlyName="ASIO64.sys Hash Sha1" Hash="C92148D0666F2235500805975BE79738B84E48C2" />
<Deny ID="ID_DENY_ASIO_64_SHA256_1" FriendlyName="ASIO64.sys Hash Sha256" Hash="19C74EA0E0BAF04820E5642BD2FA224158801ED966BE1041539E3C55BD65C471" />
<Deny ID="ID_DENY_ASIO_64_SHA1_PAGE_1" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="F8270F774B3549079EA7D5F0D5406F307019BDFB" />
<Deny ID="ID_DENY_ASIO_64_SHA256_PAGE_1" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="A3C9C5625BA6A6075D365543603A4DD4D7790850753D5289FF976EB2A839910F" />
<Deny ID="ID_DENY_ASIO_64_SHA1_2" FriendlyName="ASIO64.sys Hash Sha1" Hash="61E1B497A5DF0797527D6D465A8F315A82AD35EB" />
<Deny ID="ID_DENY_ASIO_64_SHA256_2" FriendlyName="ASIO64.sys Hash Sha256" Hash="739C11FDB8673AB5B78F1A874DAF5BA3FADDB7910A6D4E0CC49ABD8B8537333F" />
<Deny ID="ID_DENY_ASIO_64_SHA1_PAGE_2" FriendlyName="ASIO64.sys Hash Page Sha1" Hash="708855DB4202A792862E1139D673C3B4B713053C" />
<Deny ID="ID_DENY_ASIO_64_SHA256_PAGE_2" FriendlyName="ASIO64.sys Hash Page Sha256" Hash="BE5653E4C1ED75A451BE4297FF233A22C7AAB93B2126CA428834E83CADFF5E9C" />
<Deny ID="ID_DENY_ASRDRV10_SHA1" FriendlyName="AsrDrv10.sys Hash Sha1" Hash="2E6D61FA32E12FE4ABF7B7D87AA6824F5F528000" />
<Deny ID="ID_DENY_ASRDRV10_SHA256" FriendlyName="AsrDrv10.sys Hash Sha256" Hash="C767A5895119154467AC3FCE8E82C20E6538A4E54F6C109001C61F8ABD58F9F8" />
<Deny ID="ID_DENY_ASRDRV10_SHA1_PAGE" FriendlyName="AsrDrv10.sys Hash Page Sha1" Hash="085529E58BE3806D396F1BB15FF078FD4C471AAB" />
<Deny ID="ID_DENY_ASRDRV10_SHA256_PAGE" FriendlyName="AsrDrv10.sys Hash Page Sha256" Hash="14141F03EFF7C2F44BFED93524F4EC64ABDC8F3D45D55B1BCB5701CA354319FD" />
<Deny ID="ID_DENY_ASRDRV101_SHA1" FriendlyName="AsrDrv101.sys Hash Sha1" Hash="D0580BFC31FAEFB7E017798121C5B8A4E68155F9" />
<Deny ID="ID_DENY_ASRDRV101_SHA256" FriendlyName="AsrDrv101.sys Hash Sha256" Hash="FEE4560F2160A951D83344857EB4587AB10C1CFD8C5CFC23B6F06BEF8EBCD984" />
<Deny ID="ID_DENY_ASRDRV101_SHA1_PAGE" FriendlyName="AsrDrv101.sys Hash Page Sha1" Hash="55A90E7822A1444FAE81371DF7296CC5642FB353" />
<Deny ID="ID_DENY_ASRDRV101_SHA256_PAGE" FriendlyName="AsrDrv101.sys Hash Page Sha256" Hash="B00060733F88E3897D4B1E4732DF67FF277A8D615F84E6EFAB98C79C72CBA370" />
<Deny ID="ID_DENY_ASRDRV102_SHA1" FriendlyName="AsrDrv102.sys Hash Sha1" Hash="5F9C7D3552FFA98C9DCF9A9B7AD1263D2AB24A2F" />
<Deny ID="ID_DENY_ASRDRV102_SHA256" FriendlyName="AsrDrv102.sys Hash Sha256" Hash="11EECF9E6E2447856ED4CF86EE1CB779CFE0672C808BBD5934CF2F09A62D6170" />
<Deny ID="ID_DENY_ASRDRV102_SHA1_PAGE" FriendlyName="AsrDrv102.sys Hash Page Sha1" Hash="B419D69A4ED8D4EABD90A155ED15C3374BEA6FFC" />
<Deny ID="ID_DENY_ASRDRV102_SHA256_PAGE" FriendlyName="AsrDrv102.sys Hash Page Sha256" Hash="23E39D9E40235A5C456260E03CACCC186FE79FFD7D0439AEA7530EBB0380946D" />
<Deny ID="ID_DENY_ASRDRV103_SHA1" FriendlyName="AsrDrv103.sys Hash Sha1" Hash="B3410021EA5A46818D9FF05A96C2809A9ABE8E4A" />
<Deny ID="ID_DENY_ASRDRV103_SHA256" FriendlyName="AsrDrv103.sys Hash Sha256" Hash="B6BF2460E023B1005CC60E107B14A3CFDF9284CC378A086D92E5DCDF6E432E2C" />
<Deny ID="ID_DENY_ASRDRV103_SHA1_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha1" Hash="490F85E291C4D9ED0AB8457CE6B424C0F3F7E7AC" />
<Deny ID="ID_DENY_ASRDRV103_SHA256_PAGE" FriendlyName="AsrDrv103.sys Hash Page Sha256" Hash="E22B7BA6D064C75913C3BDADAF7AADA535DDDD83175D8A47467FED5ABC56D5AC" />
<Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
<Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
<Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
@ -128,40 +173,148 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
<Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
<Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
<Deny ID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha256" Hash="4F12EE563E7496E7105D67BF64AF6B436902BE4332033AF0B5A242B206372CB7" />
<Deny ID="ID_DENY_RETLIFTEN_SHA1_1" FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_2" FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_3" FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_4" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_1" FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_2" FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_3" FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_4" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_1" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_2" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_3" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_4" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_5" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_6" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_7" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_8" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_9" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="81.sys Hash Sha1" Hash="05AC1C64CA16AB0517FE85D4499D08199E63DF26"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="b4.sys Hash Sha1" Hash="4BBB9709D5F916FE78EAA15431F622761EFC496F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="bw.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="bwrs.sys Hash Sha1" Hash="3DEBE170B5A113407F9E86EE6ED9AE00C3D82C9F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_18" FriendlyName="bwrsh.sys Hash Sha1" Hash="73857ACDD7D7C9235F3E18C503A27E7C88C5FCB0"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_19" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_20" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="A2DA5C397F737FA55D8F93D3CED5EB70AE09801F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_21" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="C58B6EF848CA87AD9EC4368C45C8F1EB7FA6BD16"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_22" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_23" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="1923D1F21FAFFCD7D511E2B313FE9415E6AD90AE"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_24" FriendlyName="TGSafe.sys Hash Sha1" Hash="F3E60B7B9C53315D6158F82596919209A00E1CDA"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_25" FriendlyName="BlackBoneDrv10.sys Hash Sha1" Hash="AA97BF43E6BAD521F3A3D8081FB350C89382F06F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_26" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="4604A20CAE2DFE42320FE8F6AED000EC204EFA7E"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_27" FriendlyName="gameink.sys Hash Sha1" Hash="60A632E4B838731AAD553650D6BC8AF3D3D80B26"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_28" FriendlyName="windows-xp-64.sys Hash Sha1" Hash="03F0DD3124EC3A4BB6D30865A488F54E74DED699"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_29" FriendlyName="windows8-10-32.sys Hash Sha1" Hash="8A50E81D6E6C45410BF13F95B1A67CADA8C82221"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_30" FriendlyName="kbdcap64.sys Hash Sha1" Hash="83660D245FE618ECAFE4900AC1E2AD0292C2DA2A"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_31" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="202D5A05E546740037F9A4DC2B21F71680C39D3B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_32" FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_33" FriendlyName="d.sys Hash Sha1" Hash="7C1BA790CA2AA03F30413D02F3A812FCCA1AB29F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_34" FriendlyName="b3.sys Hash Sha1" Hash="969A945C93F54FCBF17548903131D4B86042DF7B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_35" FriendlyName="2.sys Hash Sha1" Hash="64309DB7AF8665368636186805745126B8BD5BFE"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_36" FriendlyName="b1.sys Hash Sha1" Hash="1F7804D9185B1910C43BD4104D58B96994FF8E49"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_37" FriendlyName="My.sys Hash Sha1" Hash="2A506E2512C9083419B7741B4499E012CDC60204"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_38" FriendlyName="Black.sys Hash Sha1" Hash="1236573A309C4EDB52E050E53E73188183C23E7E"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_39" FriendlyName="WYProxy32.sys Hash Sha1" Hash="22C5E127E7E7C567D8624607A6F8F5809DEACB55"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_40" FriendlyName="WYProxy64.sys Hash Sha1" Hash="DC38CC55B84A1A7C0846FB5509B43B4FF97A9BE6"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_41" FriendlyName="Proxy64.sys Hash Sha1" Hash="AA937F73A8AFCDA98E868F4AEEB0EB81A4150075"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_42" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="481488488CF7BB5CD470B62600A3570A1711ABAA"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_43" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="C58BEBEF6A92F5A5B37BE0394695E8E18A42867F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_44" FriendlyName="LgDCatcher.sys Hash Sha1" Hash="7AA2C4C51AFC1C82BEAE55AB9CA7BA0BB588B5C0"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_45" FriendlyName="ni.sys Hash Sha1" Hash="FD081F7A372B939DB8523E222D118B87450D3D19"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_46" FriendlyName="d4.sys Hash Sha1" Hash="E343AA3981393778F32DF94EFAC90FE35D6933A9"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_47" FriendlyName="d2.sys Hash Sha1" Hash="002223FDDC5658EA22B7A8979984A9B54F63B316"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_48" FriendlyName="t.sys Hash Sha1" Hash="1CF3B0A2A0B47477A840ADC2B520401E18AF16D6"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_49" FriendlyName="1.sys Hash Sha1" Hash="F50B475D5FD1ED4F866BF43342676E449F779C67"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_50" FriendlyName="cpupress.sys Hash Sha1" Hash="C4FE0CBB8DA5BF1E02EC6D7A0F97D740955DDD97"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_51" FriendlyName="gameink.sys Hash Sha1" Hash="3AE56AB63230D6D9552360845B4A37B5801CC5EA"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_52" FriendlyName="NetFlt.sys Hash Sha1" Hash="B04ECC8DD0D52FE4552D2C4D693D67FAE20C460F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_53" FriendlyName="ProtectS.sys Hash Sha1" Hash="710BBA7C3D6CAC7B62AB05E6B12274D1548985E6"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_54" FriendlyName="ProtectS.sys Hash Sha1" Hash="67650BC9CDF0716BC7B5664723C38FC5327EC662"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_55" FriendlyName="GameTerSafe.sys Hash Sha1" Hash="39F934078A060BAD2D58B5DBA8F8884903D697A7"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_56" FriendlyName="Lurker.sys Hash Sha1" Hash="CEC5447D0529F97C4BF4A012EA58AAB07139FFE0"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_57" FriendlyName="TestBone.sys Hash Sha1" Hash="0D523E8B0B96675AC2E5AC0D56C367564B260545"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_58" FriendlyName="Proxy32.sys Hash Sha1" Hash="69D6B4032F1456506382885EBA5B396F1C36841B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_59" FriendlyName="t7.sys Hash Sha1" Hash="738CF0AFB7ECDF35A92667C8802D512A0CAF353C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_60" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_61" FriendlyName="t8.sys Hash Sha1" Hash="D85C6097A2279301222B6A06B93296ACE669A76D"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_62" FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_63" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_64" FriendlyName="t3.sys Hash Sha1" Hash="0CE54B617DE11C24670064960B736EF9C47A5F15"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_65" FriendlyName="windows7-32.sys Hash Sha1" Hash="82F8D4BA137FA4B0DA20E8CD1968A7AAEA803DBC"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_66" FriendlyName="NetProxyDriver.sys Hash Sha1" Hash="00B4FDC0F7F28DDECD5B4E5880A71E7F08B5F825"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_67" FriendlyName="c.sys Hash Sha1" Hash="3C20BB896FD16B5C698185FB176E820A448997B3"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_68" FriendlyName="gameink.sys Hash Sha1" Hash="6A784D45517142C11D5CCA3FF9956B2ED6EAF4C9"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA1_69" FriendlyName="gameink.sys Hash Sha1" Hash="4E5E719362CD48BB323803C1D00AFDE11D4B9D4C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_1" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_2" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_3" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_4" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_5" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_6" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_7" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_8" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_9" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="81.sys Hash Sha256" Hash="B430D3A0BDB837A5D6625D3B1CEF07ABD1953F969869FF6CF7BA398AE605431A"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="b4.sys Hash Sha256" Hash="DEC8A933DBA04463ED9BB7D53338FF87F2C23CFB79E0E988449FC631252C9DCC"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="bw.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="bwrs.sys Hash Sha256" Hash="221DFBC74BBB255B0879360CCC71A74B756B2E0F16E9386B38A9CE9D4E2E34F9"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_18" FriendlyName="bwrsh.sys Hash Sha256" Hash="37DDE6BD8A7A36111C3AC57E0AC20BBB93CE3374D0852BCACC9A2C8C8C30079E"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_19" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_20" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="DDD83AF2E99C2E51F2BBBB5A1FAADF9F2DDBC3E39B086935621D6846A8530D76"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_21" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="E6D0C06DEB74F0448391F2C14A08D5C1B7D263DC444ACC5C1CF57ACFE82DA6BB"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_22" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_23" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C174566743B47AE3C3BBB9F32D2856DE5959E06EC100B648853058EEFCDA43FA"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_24" FriendlyName="TGSafe.sys Hash Sha256" Hash="3A95CC82173032B82A0FFC7D2E438DF64C13BC16B4574214C9FE3BE37250925E"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_25" FriendlyName="BlackBoneDrv10.sys Hash Sha256" Hash="0BB5F2EAACD64398A66D73D4617AA0C1209D483FAFCBE99E4E12CA6C024DB2EC"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_26" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="13B82D81D6EAC1A8B2E4655504DABECBD70673CDF45C244702A02F3397FDFF9A"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_27" FriendlyName="gameink.sys Hash Sha256" Hash="8168304169A2453C0C3E0A285C2A07D3B3B83433E0342F6B33400C371AF86221"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_28" FriendlyName="windows-xp-64.sys Hash Sha256" Hash="DFAEFD06B680F9EA837E7815FC1CC7D1F4CC375641AC850667AB20739F46AD22"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_29" FriendlyName="windows8-10-32.sys Hash Sha256" Hash="5B9623DA9BA8E5C80C49473F40FFE7AD315DCADFFC3230AFDC9D9226D60A715A"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_30" FriendlyName="kbdcap64.sys Hash Sha256" Hash="72B99147839BCFB062D29014EC09FE20A8F261748B5925B00171EF3CB849A4C1"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_31" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="0391107305D76EB9DDF1A5B3B3C50DA361E8AB35B573DBD19BF9383436B9303E"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_32" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_33" FriendlyName="d.sys Hash Sha256" Hash="0289FE12E675101CEE03934C1AF5CB73069A12170A88BD051E31A292B97F701B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_34" FriendlyName="b3.sys Hash Sha256" Hash="708016FBE22C813A251098F8F992B177B476BD1BBC48C2ED4A122FF74910A965"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_35" FriendlyName="2.sys Hash Sha256" Hash="9385E4CDABD0AEE2670FB756598EA977161F45B71687ECB9E43533081629F661"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_36" FriendlyName="b1.sys Hash Sha256" Hash="A3E507E713F11901017FC328186AE98E23DE7CEA5594687480229F77D45848D8"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_37" FriendlyName="My.sys Hash Sha256" Hash="D25904FBF907E19F366D54962FF543D9F53B8FDFD2416C8B9796B6A8DD430E26"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_38" FriendlyName="Black.sys Hash Sha256" Hash="D5562FB90B0B3DEB633AB335BCBD82CE10953466A428B3F27CB5B226B453EAF3"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_39" FriendlyName="WYProxy32.sys Hash Sha256" Hash="DE6BF572D39E2611773E7A01F0388F84FB25DA6CBA2F1F8B9B36FFBA467DE6FA"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_40" FriendlyName="WYProxy64.sys Hash Sha256" Hash="FAFA1BB36F0AC34B762A10E9F327DCAB2152A6D0B16A19697362D49A31E7F566"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_41" FriendlyName="Proxy64.sys Hash Sha256" Hash="C60FCFF9C8E5243BBB22EC94618B9DCB02C59BB49B90C04D7D6AB3EBBD58DC3A"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_42" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="BFCFFC82A564A2ADCD3522CD78CDF83795B6212F787230A5EA6B7EFB9F232784"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_43" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="350E15BF24DCFDC052DB117718329A03E930C17AC8C835E51D001E74BAD784E4"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_44" FriendlyName="LgDCatcher.sys Hash Sha256" Hash="DF4E25990742FC8D3AED70F6CB4D402E111E7ED08FA5F76ACA685B8C03B98B93"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_45" FriendlyName="ni.sys Hash Sha256" Hash="AE79E760C739D6214C1E314728A78A6CB6060CCE206FDE2440A69735D639A0A2"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_46" FriendlyName="d4.sys Hash Sha256" Hash="823DA894B2C73FFCD39E77366B6F1ABF0AE9604D9B20140A54E6D55053AADEBA"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_47" FriendlyName="d2.sys Hash Sha256" Hash="CB57F3A7FE9E1F8E63332C563B0A319B26C944BE839EABC03E9A3277756BA612"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_48" FriendlyName="t.sys Hash Sha256" Hash="146D77E80CA70EA5CB17BFC9A5CEA92334F809CBDC87A51C2D10B8579A4B9C88"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_49" FriendlyName="1.sys Hash Sha256" Hash="64F9E664BC6D4B8F5F68616DD50AE819C3E60452EFD5E589D6604B9356841B57"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_50" FriendlyName="cpupress.sys Hash Sha256" Hash="FCDFE570E6DC6E768EF75138033D9961F78045ADCA53BEB6FDB520F6417E0DF1"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_51" FriendlyName="gameink.sys Hash Sha256" Hash="E9B433A33DC72EB2622947B41F01D04A48CD71BEAC775A88F3F1E4C838090EE8"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_52" FriendlyName="NetFlt.sys Hash Sha256" Hash="F8886A9C759E0426E08D55E410B02C5B05AF3C287B15970175E4874316FFAF13"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_53" FriendlyName="ProtectS.sys Hash Sha256" Hash="9D58F640C7295952B71BDCB456CAE37213BACCDCD3032C1E3AEB54E79081F395"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_54" FriendlyName="ProtectS.sys Hash Sha256" Hash="4A9093E8DBCB867E1B97A0A67CE99A8511900658F5201C34FFB8035881F2DBBE"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_55" FriendlyName="GameTerSafe.sys Hash Sha256" Hash="3E9B62D2EA2BE50A2DA670746C4DBE807DB9601980AF3A1014BCD72D0248D84C"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_56" FriendlyName="Lurker.sys Hash Sha256" Hash="0FD2DF82341BF5EBB8A53682E60D08978100C01ACB0BED7B6CE2876ADA80F670"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_57" FriendlyName="TestBone.sys Hash Sha256" Hash="0DE4247E72D378713BCF22D5C5D3874D079203BB4364E25F67A90D5570BDCCE8"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_58" FriendlyName="Proxy32.sys Hash Sha256" Hash="49ED27460730B62403C1D2E4930573121AB0C86C442854BC0A62415CA445A810"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_59" FriendlyName="t7.sys Hash Sha256" Hash="BE03E9541F56AC6ED1E81407DCD7CC85C0FFC538C3C2C2C8A9C747EDBCF13100"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_60" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_61" FriendlyName="t8.sys Hash Sha256" Hash="258359A7FA3D975620C9810DAB3A6493972876A024135FEAF3AC8482179B2E79"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_62" FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_63" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_64" FriendlyName="t3.sys Hash Sha256" Hash="4CFF6E53430B81ECC4FAE453E59A0353BCFE73DD5780ABFC35F299C16A97998E"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_65" FriendlyName="windows7-32.sys Hash Sha256" Hash="4941C4298F4560FC1E59D0F16F84BAB5C060793700B82BE2FD7C63735F1657A8"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_66" FriendlyName="NetProxyDriver.sys Hash Sha256" Hash="8111085022BDA87E5F6AA4C195E743CC6DD6A3A6D41ADD475D267DC6B105A69F"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_67" FriendlyName="c.sys Hash Sha256" Hash="CC383AD11E9D06047A1558ED343F389492DA3AC2B84B71462AEE502A2FA616C8"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_68" FriendlyName="gameink.sys Hash Sha256" Hash="E94E8A87459DB56837D1C58F9854794AA99F36566A9DED9B398BE9D4D3A2C2AF"/>
<Deny ID="ID_DENY_RETLIFTEN_SHA256_69" FriendlyName="gameink.sys Hash Sha256" Hash="44A0599DEFEA351314663582DBC61069B3A095A4DDAD571BB17DD0D8B21E7FF2"/>
<Deny ID="ID_DENY_PROCESSHACKER" FriendlyName="kprocesshacker.sys FileRule" FileName="kprocesshacker.sys" />
<Deny ID="ID_DENY_AMP" FriendlyName="System Mechanic CVE-2018-5701" FileName="amp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="5.4.11.1" />
<Deny ID="ID_DENY_ASMMAP" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<Deny ID="ID_DENY_ASMMAP_64" FriendlyName="Asus Memory Mapping Driver" FileName="asmmap64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
<FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
<FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
@ -174,22 +327,22 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
<FileAttrib ID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" FriendlyName="" FileName="rtkiow8x64.sys " MinimumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
<FileAttrib ID="ID_FILEATTRIB_BS_HWMIO64" FriendlyName="" FileName="BS_HWMIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2200" />
<FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
<FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
<FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
<FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
<FileAttrib ID="ID_FILEATTRIB_SEGWINDRVX64" FriendlyName="segwindrvx64.sys FileAttribute" FileName="segwindrvx64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="100.0.7.2" />
<FileAttrib ID="ID_FILEATTRIB_AMD_RYZEN" FriendlyName="amdryzenmaster.sys" FileName="AMDRyzenMasterDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.5.0.0" />
<FileAttrib ID="ID_FILEATTRIB_TREND_MICRO" FriendlyName="TmComm.sys" FileName="TmComm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_VIRAGT" FriendlyName="viragt.sys 32-bit" FileName="viragt.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.80.0.0" />
<FileAttrib ID="ID_FILEATTRIB_VIRAGT64" FriendlyName="viragt64.sys" FileName="viragt64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.11" />
</FileRules>
<!--Signers-->
<Signers>
<Signer ID="ID_SIGNER_F_1" Name="VeriSign Class 3 Code Signing 2010 CA">
<Signer ID="ID_SIGNER_F_1" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
<CertPublisher Value="CPUID" />
<FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
</Signer>
<Signer ID="ID_SIGNER_F_2" Name="Microsoft Windows Third Party Component CA 2014">
<CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
<CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
<FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
</Signer>
<Signer ID="ID_SIGNER_CPUZ" Name="DigiCert EV Code Signing CA (SHA2)">
<CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
@ -225,7 +378,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
<CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
<CertPublisher Value="Sokno S.R.L." />
</Signer>
<Signer ID="ID_SIGNER_RWEVERY" Name="GlobalSign CodeSigning CA - G2">
<Signer ID="ID_SIGNER_RWEVERY" Name="GlobalSign CodeSigning CA - G2">
<CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
<CertPublisher Value="ChongKim Chan" />
</Signer>
@ -247,17 +400,26 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW8X64_DRIVER" />
</Signer>
<Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2012" Name="Microsoft Windows Third Party Component CA 2012">
<CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
<CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
<FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
<FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
</Signer>
<Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2014" Name="Microsoft Windows Third Party Component CA 2014">
<CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
<CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
<FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
<FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
<FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
</Signer>
<Signer ID="ID_SIGNER_VERISIGN_2004" Name="VeriSign Class 3 Code Signing 2004 CA">
<CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
<CertPublisher Value="Mitac Technology Corporation" />
<FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
</Signer>
</Signer>
<Signer ID="ID_SIGNER_VERISIGN_2009" Name="VeriSign Class 3 Code Signing 2009-2 CA">
<CertRoot Type="TBS" Value="4CDC38C800761463749C3CBD94A12F32E49877BF" />
<CertPublisher Value="BIOSTAR MICROTECH INT'L CORP" />
@ -288,6 +450,42 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
<CertPublisher Value="Insyde Software Corp." />
<FileAttribRef RuleID="ID_FILEATTRIB_SEGWINDRVX64" />
</Signer>
<Signer ID="ID_SIGNER_SYMANTEC_CLASS_3" Name="Symantec Class 3 SHA256 Code Signing CA">
<CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
<CertPublisher Value="Advanced Micro Devices INC." />
<FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
<FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
</Signer>
<Signer ID="ID_SIGNER_VERISIGN_TG_SOFT" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
<CertPublisher Value="TG Soft S.a.s. Di Tonello Gianfranco e C." />
<FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
<FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
</Signer>
<Signer ID="ID_SIGNER_GLOBALSIGN_TG_SOFT" Name="GlobalSign CodeSigning CA - G3">
<CertRoot Type="TBS" Value="F478F0E790D5C8EC6056A3AB2567404A991D2837" />
<CertPublisher Value="TG Soft di Tonello Gianfranco ed Enrico S.r.l." />
<FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT" />
<FileAttribRef RuleID="ID_FILEATTRIB_VIRAGT64" />
</Signer>
<Signer ID="ID_SIGNER_GEOTRUST_SRL_2009" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
<CertRoot Type="TBS" Value="d70edfa009a76bd8250d74e9ee92eb9ead7d4cb3" />
</Signer>
<Signer ID="ID_SIGNER_GEOTRUST_SRL_2010" Name="HT Srl Digital ID Class 3 - Microsoft Software Validation v2">
<CertRoot Type="TBS" Value="e5ba2abbd1dc89f143a66a3cdcda26d968758e2d" />
</Signer>
<Signer ID="ID_SIGNER_HANDAN" Name="Handan City Congtai District LiKang Daily Goods Department">
<CertRoot Type="TBS" Value="cccae21fbc083f5d1af6997bb3f29ed9915e7324" />
</Signer>
<Signer ID="ID_SIGNER_NANJING" Name="Nanjing Zhixiao Information Technology Co.,Ltd">
<CertRoot Type="TBS" Value="f5e1c4d98f9ce552ead3776c16f3ad91fe5f3984" />
</Signer>
<Signer ID="ID_SIGNER_TRUST_ASIA" Name="上海域联软件技术有限公司">
<CertRoot Type="TBS" Value="232a71b4d1734eac2cfc6ea554c86de34f9f8b72" />
</Signer>
<Signer ID="ID_SIGNER_JEROMIN_CODY_ERIC" Name="Jeromin Cody Eric">
<CertRoot Type="TBS" Value="dfa6171201b51a2ec174310e8fb9f4c0fde2d365235e589ded0213c5279bea6e" />
</Signer>
</Signers>
<!--Driver Signing Scenarios-->
<SigningScenarios>
@ -304,10 +502,10 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
<DeniedSigner SignerId="ID_SIGNER_CPUZ" />
<DeniedSigner SignerId="ID_SIGNER_ELBY" />
<DeniedSigner SignerId="ID_SIGNER_F_1" />
<DeniedSigner SignerId="ID_SIGNER_F_2" />
<DeniedSigner SignerId="ID_SIGNER_REALTEK" />
<DeniedSigner SignerId="ID_SIGNER_REALTEK_2" />
<DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004" />
<DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2012" />
<DeniedSigner SignerId="ID_SIGNER_WINDOWS_3RD_PARTY_2014" />
<DeniedSigner SignerId="ID_SIGNER_VERISIGN_2009" />
<DeniedSigner SignerId="ID_SIGNER_VERISIGN_BIOSTAR" />
@ -315,118 +513,273 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
<DeniedSigner SignerId="ID_SIGNER_VERISIGN_TOSHIBA" />
<DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_MICROSTAR" />
<DeniedSigner SignerId="ID_SIGNER_VERISIGN_INSYDE" />
<DeniedSigner SignerId="ID_SIGNER_SYMANTEC_CLASS_3" />
<DeniedSigner SignerId="ID_SIGNER_VERISIGN_TG_SOFT" />
<DeniedSigner SignerId="ID_SIGNER_GLOBALSIGN_TG_SOFT" />
<DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2009" />
<DeniedSigner SignerId="ID_SIGNER_GEOTRUST_SRL_2010" />
<DeniedSigner SignerId="ID_SIGNER_HANDAN" />
<DeniedSigner SignerId="ID_SIGNER_NANJING" />
<DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
<DeniedSigner SignerId="ID_SIGNER_JEROMIN_CODY_ERIC" />
</DeniedSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1" />
<FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
<FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1"/>
<FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256"/>
<FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1"/>
<FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256"/>
<FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1"/>
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256"/>
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1"/>
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256"/>
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_GDRV" />
<FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1"/>
<FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256"/>
<FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1"/>
<FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256"/>
<FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1"/>
<FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256"/>
<FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1"/>
<FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256C"/>
<FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1F" />
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1"/>
<FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256"/>
<FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1" />
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256"/>
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_MSIO64_SHA1"/>
<FileRuleRef RuleID="ID_DENY_MSIO64_SHA256"/>
<FileRuleRef RuleID="ID_DENY_MSIO64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_MSIO64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1"/>
<FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256"/>
<FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1"/>
<FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256"/>
<FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1"/>
<FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256"/>
<FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE"/>
<FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_1" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_1" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_1" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_1" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_2" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_2" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA1_PAGE_2" />
<FileRuleRef RuleID="ID_DENY_ASIO_32_SHA256_PAGE_2" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_1" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_1" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_1" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_1" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_2" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_2" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA1_PAGE_2" />
<FileRuleRef RuleID="ID_DENY_ASIO_64_SHA256_PAGE_2" />
<FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1" />
<FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256" />
<FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASRDRV10_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1" />
<FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256" />
<FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASRDRV101_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1" />
<FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256" />
<FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASRDRV102_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1" />
<FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256" />
<FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASRDRV103_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1" />
<FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256" />
<FileRuleRef RuleID="ID_DENY_CAPCOM_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_CAPCOM_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1" />
<FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256" />
<FileRuleRef RuleID="ID_DENY_FIDDRV_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_FIDDRV_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1" />
<FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256" />
<FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_FIDDRV64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1" />
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256" />
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1" />
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256" />
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_FIDPCIDRV64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_GDRV" />
<FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1" />
<FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256" />
<FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_GLCKIO2_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1" />
<FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256" />
<FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_GVCIDRV64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1" />
<FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256" />
<FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_WINFLASH64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1" />
<FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256C" />
<FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_AMIFLDRV64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1F" />
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1" />
<FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256" />
<FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_BSFLASH64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1" />
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256" />
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_MSIO64_SHA1" />
<FileRuleRef RuleID="ID_DENY_MSIO64_SHA256" />
<FileRuleRef RuleID="ID_DENY_MSIO64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_MSIO64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1" />
<FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256" />
<FileRuleRef RuleID="ID_DENY_PIDDRV_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_PIDDRV_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1" />
<FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256" />
<FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_PIDDRV64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1" />
<FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256" />
<FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" />
<FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_38"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_39"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_40"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_41"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_42"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_43"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_44"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_45"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_46"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_47"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_48"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_49"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_50"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_51"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_52"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_53"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_54"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_55"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_56"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_57"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_58"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_59"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_60"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_61"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_62"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_63"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_64"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_65"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_66"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_67"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_68"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_69"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_38"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_39"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_40"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_41"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_42"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_43"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_44"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_45"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_46"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_47"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_48"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_49"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_50"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_51"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_52"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_53"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_54"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_55"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_56"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_57"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_58"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_59"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_60"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_61"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_62"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_63"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_64"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_65"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_66"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_67"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_68"/>
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_69"/>
<FileRuleRef RuleID="ID_DENY_PROCESSHACKER"/>
<FileRuleRef RuleID="ID_DENY_AMP"/>
<FileRuleRef RuleID="ID_DENY_ASMMAP"/>
<FileRuleRef RuleID="ID_DENY_ASMMAP_64"/>
</FileRulesRef>
</ProductSigners>
</SigningScenario>
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="">
<ProductSigners>
<FileRulesRef>
</FileRulesRef>
</ProductSigners>
</SigningScenario>
</SigningScenarios>
@ -441,7 +794,7 @@ Microsoft recommends enabling [HVCI](/windows/security/threat-protection/device-
</Setting>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
<Value>
<String>10.0.19565.0</String>
<String>10.0.22417.0</String>
</Value>
</Setting>
</Settings>

2
windows/whats-new/windows-11.md
View File

@ -37,7 +37,7 @@ Windows 11 is built on the same foundation as Windows 10, so the investments you
## How to get Windows 11
Windows 11 will be delivered as an upgrade to eligible devices running Windows 10, beginning later in the 2021 calendar year. Windows 11 will also be available on eligible new devices.
Windows 11 will be delivered as an upgrade to eligible devices running Windows 10, beginning on October 5, 2021. Windows 11 will also be available on eligible new devices.
For administrators managing devices on behalf of their organization, Windows 11 will be available through the same, familiar channels that you use today for Windows 10 feature updates. You will be able to use existing deployment and management tools, such as Windows Update for Business, Microsoft Endpoint Manager, and Windows Autopilot. For more information, see [Plan for Windows 11](windows-11-plan.md).