deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Removing ALLOW_ALL for FileRules

Browse Source 
These rules are enabling any executable regardless of the signers policies.
This commit is contained in:
Carlos Mayol (MSFT) 2021-08-13 16:32:18 -04:00 committed by GitHub
parent 71baa14692
commit a7f7baf4bf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
View File

@ -55,8 +55,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security
<EKUs /> <EKUs />
<!--File Rules--> <!--File Rules-->
<FileRules> <FileRules>
<Allow ID="ID_ALLOW_ALL_1" FriendlyName="" FileName="*" />
<Allow ID="ID_ALLOW_ALL_2" FriendlyName="" FileName="*" />
<Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" /> <Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
<Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" /> <Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
<Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" /> <Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
@ -315,7 +313,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security
<DeniedSigner SignerId="ID_SIGNER_VERISIGN_INSYDE" /> <DeniedSigner SignerId="ID_SIGNER_VERISIGN_INSYDE" />
</DeniedSigners> </DeniedSigners>
<FileRulesRef> <FileRulesRef>
<FileRuleRef RuleID="ID_ALLOW_ALL_1"/>
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" /> <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" /> <FileRuleRef RuleID="ID_DENY_BANDAI_SHA256" />
<FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" /> <FileRuleRef RuleID="ID_DENY_BANDAI_SHA1_PAGE" />
@ -425,7 +422,6 @@ Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName=""> <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="">
<ProductSigners> <ProductSigners>
<FileRulesRef> <FileRulesRef>
<FileRuleRef RuleID="ID_ALLOW_ALL_2" />
</FileRulesRef> </FileRulesRef>
</ProductSigners> </ProductSigners>
</SigningScenario> </SigningScenario>