deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-17 11:23:45 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' into kiosk11

Browse Source
This commit is contained in:
Liz Long
2023-06-14 20:09:31 -04:00
committed by GitHub
parent 5970e3061b 8610324646
commit a93f8292b2
97 changed files with 792 additions and 200 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
windows/client-management/mdm-known-issues.md
View File

@ -68,7 +68,7 @@ EAP XML must be updated with relevant information for your environment. This tas
- For Wi-Fi, look for the <EAPConfig> section of your current WLAN Profile XML (This detail is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags, you'll find the complete EAP configuration. Replace the section under <EAPConfig> with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM's guidance on how to deploy a new Wi-Fi profile.
- For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field.
For information about EAP Settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>.
For information about EAP Settings, see [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access).
For information about generating an EAP XML, see [EAP configuration](mdm/eap-configuration.md).
@ -225,7 +225,7 @@ Alternatively you can use the following procedure to create an EAP Configuration
1. Continue following the procedure in [EAP configuration](mdm/eap-configuration.md) from Step 9 to get an EAP TLS profile with appropriate filtering.
> [!NOTE]
> You can also set all the other applicable EAP Properties through this UI as well. A guide to what these properties mean can be found in [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)).
> You can also set all the other applicable EAP Properties through this UI as well. A guide to what these properties mean can be found in [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access).
## MDM client will immediately check in with the MDM server after client renews WNS channel URI

4
windows/client-management/mdm/eap-configuration.md
View File

@ -145,7 +145,7 @@ EAP XML must be updated with relevant information for your environment. This tas
- For Wi-Fi, look for the `<EAPConfig>` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags, you'll find the complete EAP configuration. Replace the section under `<EAPConfig>` with your updated XML and update your Wi-Fi profile. You can refer to your MDMs guidance on how to deploy a new Wi-Fi profile.
- For VPN, EAP configuration is a separate field in the MDM configuration. Work with your MDM provider to identify and update the appropriate field.
For information about EAP settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>.
For information about EAP settings, see [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access).
For information about generating an EAP XML, see the EAP configuration article.
@ -297,7 +297,7 @@ Alternatively, you can use the following procedure to create an EAP configuratio
1. Continue following the procedure in the EAP configuration article from step 9 to get an EAP TLS profile with appropriate filtering.
> [!NOTE]
> You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)) article.
> You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) for network access](/windows-server/networking/technologies/extensible-authentication-protocol/network-access) article.
## Related topics

2
windows/configuration/cortana-at-work/cortana-at-work-feedback.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Send feedback about Cortana back to Microsoft
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
To provide feedback on an individual request or response, select the item in the conversation history and then select **Give feedback**. The Feedback Hub application is launched, where you can provide more information to help diagnose reported issues.

2
windows/configuration/cortana-at-work/cortana-at-work-o365.md
View File

@ -16,6 +16,8 @@ ms.technology: itpro-configure
# Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
## What can you do with in Windows 10, versions 1909 and earlier?
Your employees can use Cortana to help manage their day and be more productive by getting quick answers to common questions, setting reminders, adding tasks to their To-Do lists, and find out where their next meeting is.

3
windows/configuration/cortana-at-work/cortana-at-work-overview.md
View File

@ -14,7 +14,8 @@ ms.topic: article
---
# Configure Cortana in Windows 10 and Windows 11
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
## Who is Cortana?
Cortana is a personal productivity assistant in Microsoft 365, helping your users achieve more with less effort and focus on what matters. The Cortana app in Windows 10 and Windows 11 helps users quickly get information across Microsoft 365, using typed or spoken queries to connect with people, check calendars, set reminders, add tasks, and more.

2
windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
View File

@ -14,6 +14,8 @@ ms.topic: article
---
# Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider).

2
windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
View File

@ -14,6 +14,8 @@ ms.topic: article
---
# Test scenario 1 Sign into Azure AD, enable the wake word, and try a voice query
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
>[!NOTE]
>The wake word has been re-enabled in the latest version of Cortana in Windows. If you're on Windows 10, version 2004, be sure that you've updated to build 19041.329 or later to use the wake word with Cortana. For earlier builds, you can still click on the microphone button to use your voice with Cortana.

2
windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 2 Perform a Bing search with Cortana
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
1. Select the **Cortana** icon in the taskbar.

2
windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 3 - Set a reminder
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
This scenario helps you set up, review, and edit a reminder. For example, you can remind yourself to send someone a link to a document after a meeting.

3
windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
View File

@ -14,6 +14,9 @@ ms.technology: itpro-configure
# Test scenario 4 - Use Cortana to find free time on your calendar for your upcoming meetings.
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
This scenario helps you find out if a time slot is free on your calendar.
1. Select the **Cortana** icon in the taskbar.

6
windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
View File

@ -1,6 +1,6 @@
---
title: Use Cortana to send email to a co-worker (Windows)
description: A test scenario about how to use Cortana at work to send email to a co-worker.
title: Use Cortana to send email to a coworker (Windows)
description: A test scenario about how to use Cortana at work to send email to a coworker.
ms.prod: windows-client
ms.collection: tier3
author: aczechowski
@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 5 - Test scenario 5 Find out about a person
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
Cortana can help you quickly look up information about someone or the org chart.

2
windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 6 Change your language and perform a quick search with Cortana
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
Cortana can help employees in regions outside the US search for quick answers like currency conversions, time zone conversions, or weather in their location.

2
windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organizations data on a device
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
>[!IMPORTANT]
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.

3
windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
View File

@ -14,6 +14,9 @@ ms.technology: itpro-configure
# Cortana at work testing scenarios
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:
- [Sign into Azure AD, enable the Cortana wake word, and try a voice query](cortana-at-work-scenario-1.md)

2
windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Set up and test custom voice commands in Cortana for your organization
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
>[!NOTE]
>This content applies to Cortana in versions 1909 and earlier, but will not be available in future releases.

14
windows/configuration/cortana-at-work/includes/cortana-deprecation.md Normal file
View File

@ -0,0 +1,14 @@
---
author: mestew
ms.author: mstewart
manager: aaroncz
ms.technology: itpro-updates
ms.prod: windows-client
ms.topic: include
ms.date: 06/08/2023
ms.localizationpriority: medium
---
<!--This file is shared by all Cortana in Windows (standalone app) articles under /windows/configuration. 7987543 -->
> [!Important]
> Cortana in Windows as a standalone app is [deprecated](/windows/whats-new/deprecated-features). This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms.

3
windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
View File

@ -14,7 +14,8 @@ ms.topic: article
---
# Set up and test Cortana in Windows 10, version 2004 and later
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
## Before you begin
- If your enterprise had previously disabled Cortana for your employees using the **Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana** Group Policy or the **Experience\AllowCortana** MDM setting but want to enable it now that Cortana is part of Microsoft 365, you'll need to re-enable it at least for Windows 10, version 2004 and later, or Windows 11.

2
windows/configuration/cortana-at-work/test-scenario-1.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 1 Sign in with your work or school account and use Cortana to manage the notebook
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
This scenario turns on Azure AD and lets your employee use Cortana to manage an entry in the notebook.

2
windows/configuration/cortana-at-work/test-scenario-2.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 2 Perform a quick search with Cortana at work
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
>[!Important]
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.

2
windows/configuration/cortana-at-work/test-scenario-3.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 3 - Set a reminder for a specific location using Cortana at work
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
>[!Important]
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.

2
windows/configuration/cortana-at-work/test-scenario-4.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 4 - Use Cortana to find your upcoming meetings at work
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
>[!Important]
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.

2
windows/configuration/cortana-at-work/test-scenario-5.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 5 - Use Cortana to send an email to co-worker
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
>[!Important]
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering.

2
windows/configuration/cortana-at-work/test-scenario-6.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Test scenario 6 - Review a reminder suggested by Cortana based on what youve promised in email
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
>[!Important]
>The data created as part of these scenarios will be uploaded to Microsofts Cloud to help Cortana learn and help your employees. This is the same info that Cortana uses in the consumer offering. For more info, see the [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement) and the [Microsoft Services Agreement](https://www.microsoft.com/servicesagreement).

2
windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
View File

@ -13,6 +13,8 @@ ms.technology: itpro-configure
---
# Testing scenarios using Cortana in your business or organization
<!--Using include for Cortana in Windows deprecation -->
[!INCLUDE [Deprecation of Cortana in Windows](./includes/cortana-deprecation.md)]
We've come up with a list of suggested testing scenarios that you can use to test Cortana in your organization. After you complete all the scenarios, you should be able to:

18
windows/deployment/planning/windows-to-go-overview.md
View File

@ -94,22 +94,6 @@ As of the date of publication, the following are the USB drives currently certif
- IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://www.kingston.com/support/technical/products?model=dtws))
- IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://www.kingston.com/support/technical/products?model=dtws))
- Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
- Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
We recommend that you run the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Portable Workplace.
- Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
> [!IMPORTANT]
> You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go, see [http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720).
- Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
> [!TIP]
> This device contains an embedded smart card.
- Super Talent Express RC4 for Windows To Go
@ -168,4 +152,4 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your Wi
[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)<br>
[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)<br>
[Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)

59
windows/deployment/update/check-release-health.md
View File

@ -1,7 +1,7 @@
---
title: How to check Windows release health
description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption.
ms.date: 05/03/2023
ms.date: 06/07/2023
ms.author: mstewart
author: mestew
manager: aaroncz
@ -19,28 +19,39 @@ If you're unable to sign in to the Microsoft 365 admin portal, check the [Micros
To be informed about the latest updates and releases, follow [@WindowsUpdate](https://twitter.com/windowsupdate) on Twitter.
## Prerequisites
Ensure the following prerequisites are met to display the Windows release health page in the Microsoft 365 admin center: <!--7872213-->
- One of the following licenses:
- Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
- Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)
- Sign into the Microsoft 365 admin center using an [admin role](/microsoft-365/admin/add-users/about-admin-roles).
- Most roles containing the word `administrator` give you access to the Windows release health page such as [Global Administrator](/azure/active-directory/roles/permissions-reference#global-administrator), [Helpdesk Administrator](/azure/active-directory/roles/permissions-reference#helpdesk-administrator), and [Service Support Administrator](/azure/active-directory/roles/permissions-reference#service-support-administrator). For more information, see [Assign admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/assign-admin-roles).
> [!NOTE]
> Currently, Windows release health isn't available for Government Community Cloud (GCC) tenants.
## How to review Windows release health information
1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com) and sign in with an administrator account.
> [!NOTE]
> By default, the Windows release health page is available to individuals who have been assigned the global admin or service administrator role for their tenant. To allow Exchange, SharePoint, and Skype for Business admins to view the Windows release health page, you must first assign them to a Service admin role. For more information about roles that can view service health, see [About admin roles](/microsoft-365/admin/add-users/about-admin-roles#commonly-used-microsoft-365-admin-center-roles).
1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com) and sign in with an admin account.
2. To view Windows release health in the Microsoft 365 Admin Center, go to **Health > Windows release health**.
1. To view Windows release health in the Microsoft 365 Admin Center, go to **Health > Windows release health**.
3. On the **Windows release health** page, you'll have access to known issue information for all supported versions of the Windows operating system.
1. On the **Windows release health** page, you have access to known issue information for all supported versions of the Windows operating system.
The **All versions** tab (the default view) shows all Windows products with access to their posted known issues.
![View of current issues in release health.](images/WRH-menu.png)
![Screenshot of current issues in release health.](images/WRH-menu.png)
A known issue is an issue that has been identified in a Windows monthly update or feature update that impacts Windows devices. The **Active and recently resolved** column provides a link to the **Known issues** tab filtered to the version selected. Selecting the **Known issues** tab will show known issues that are active or resolved within the last 30 days.
A known issue is an issue that has been identified in a Windows monthly update or feature update that impacts Windows devices. The **Active and recently resolved** column provides a link to the **Known issues** tab filtered to the version selected. Selecting the **Known issues** tab shows known issues that are active or resolved within the last 30 days.
![View of known issues in release health.](images/WRH-known-issues-20H2.png)
![Screenshot of known issues in release health.](images/WRH-known-issues-20H2.png)
The **History** tab shows the history of known issues that have been resolved for up to 6 months.
![View of history issues in release health.](images/WRH-history-20H2.png)
![Screenshot of history issues in release health.](images/WRH-history-20H2.png)
The known issue summary provides the following information:
@ -56,7 +67,7 @@ To be informed about the latest updates and releases, follow [@WindowsUpdate](ht
## Sign up for email notifications
You have the option to sign up for email notifications about Windows known issues and informational updates. Notifications include changes in issue status, new workarounds, and issue resolutions. To subscribe to notifications:
You can sign up for email notifications about Windows known issues and informational updates. Notifications include changes in issue status, new workarounds, and issue resolutions. To subscribe to notifications:
1. Go to the [Windows release health page](https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth).
1. Select **Preferences**>**Email**, then select **Send me email notifications about Windows release health**.
@ -78,20 +89,20 @@ In the **Windows release health** experience, every known issue is assigned as s
|**Reported** | An issue has been brought to the attention of the Windows teams. At this stage, there's no confirmation that users are affected. |
|**Investigating** | The issue is believed to affect users and efforts are underway to gather more information about the issue's scope, mitigation steps, and root cause. |
|**Confirmed** | After close review, Microsoft has determined the issue is affecting Windows users, and progress is being made on mitigation steps and root cause. |
|**Mitigated** | A workaround is available and communicated to Windows customers for a known issue. A known issue will stay in this state until a KB article is released by Microsoft to resolve the known issue. |
|**Mitigated: External** | A workaround is available and communicated to Windows customers for a known issue that was caused by a software or driver from a third-party software or device manufacturer. A known issue will stay in this state until the issue is resolved by Microsoft or the third-party. |
|**Resolved** | A solution has been released by Microsoft and has been documented in a KB article that will resolve the known issue once it's deployed in the customer's environment. |
|**Resolved: External** | A solution has been released by a Microsoft or a third-party that will resolve the known issue once it's deployed in the customer's environment. |
|**Mitigated** | A workaround is available and communicated to Windows customers for a known issue. A known issue stays in this state until a KB article is released by Microsoft to resolve the known issue. |
|**Mitigated: External** | A workaround is available and communicated to Windows customers for a known issue caused by a software or driver from a third-party software or device manufacturer. A known issue stays in this state until the issue is resolved by Microsoft or the third-party. |
|**Resolved** | A solution was released by Microsoft and was documented in a KB article that resolves the known issue once it's deployed in the customer's environment. |
|**Resolved: External** | A solution was released by Microsoft or a third-party that resolves the known issue once it's deployed in the customer's environment. |
## Known issue history
The Windows release health page lets you view the history of all status updates posted for a specific known issue. To view all past updates posted for a given issue, select **View history** on the issue detail page.
![Show link to view message history.](images/WRH-view-message-history-padded.png)
![Screenshot of the link to view message history.](images/WRH-view-message-history-padded.png)
A list of all status updates posted in the selected timeframe will be displayed, as shown below. You can expand any row to view the specific information provided in that status update.
A list of all status updates posted in the selected time frame is displayed. You can expand any row to view the specific information provided in that status update.
![View message history.](images/WRH-message-history-example-padded.png)
![Screenshot of the message history.](images/WRH-message-history-example-padded.png)
## Frequently asked questions
@ -104,14 +115,14 @@ A list of all status updates posted in the selected timeframe will be displayed,
Windows release health doesn't monitor user environments or collect customer environment information. In Windows release health, all known issue content across all supported Windows versions is published to all subscribed customers. Future iterations of the solution may target content based on customer location, industry, or Windows version.
- **Where do I find Windows release health?**
After logging into Microsoft 365 admin center, expand the left-hand menu using **…Show All**, select **Health** and you'll see **Windows release health**.
After logging into Microsoft 365 admin center, expand the left-hand menu using **…Show All**, select **Health** to display the **Windows release health** menu option.
- **Is the Windows release health content published to Microsoft 365 admin center the same as the content on Windows release health on Microsoft Learn?**
No. While the content is similar, you may see more issues and more technical details published to Windows release health on Microsoft 365 admin center to better support the IT admin. For example, youll find details to help you diagnose issues in your environment, steps to mitigate issues, and root cause analysis.
No. While the content is similar, you may see more issues and more technical details published to Windows release health on Microsoft 365 admin center to better support the IT admin. For example, you'll find details to help you diagnose issues in your environment, steps to mitigate issues, and root cause analysis.
- **How often will content be updated?**
In an effort to ensure Windows customers have important information as soon as possible, all major known issues will be shared with Windows customers on both Microsoft Learn and the Microsoft 365 admin center. We may also update the details available for Windows release health in the Microsoft 365 admin center when we have additional details on workarounds, root cause, or other information to help you plan for updates and handle issues in your environment.
To ensure Windows customers have important information as soon as possible, all major known issues are shared with Windows customers on both Microsoft Learn and the Microsoft 365 admin center. We may also update the details available for Windows release health in the Microsoft 365 admin center when we have additional details on workarounds, root cause, or other information to help you plan for updates and handle issues in your environment.
- **Can I share this content publicly or with other Windows customers?**
Windows release health is provided to you as a licensed Windows customer and isn't to be shared publicly.
@ -131,7 +142,7 @@ A list of all status updates posted in the selected timeframe will be displayed,
Using the left-hand menu, go to Users, then select the Active Users tab and follow the prompts to add a new user, or assign an existing user, to the role of **Service Support admin**.
- **Why can't I click to the KB article from the Known issues or History tabs?**
Within the issue description, you'll find links to the KB articles. In the Known issue and History tabs, the entire row is a clickable entry to the issue's Details pane.
Within the issue description, you'll find links to the KB articles. In the known issue and history tabs, the entire row is a clickable entry to the issue's Details pane.
- **Microsoft 365 admin center has a mobile app but I don't see Windows release health under the Health menu. Is this an open issue?**
We're working to build the Windows release health experience on mobile devices in a future release.
@ -142,7 +153,7 @@ A list of all status updates posted in the selected timeframe will be displayed,
Seek assistance through Premier support, the [Microsoft Support website](https://support.microsoft.com), or connect with your normal channels for Windows support.
- **When reaching out to Support, they asked me for an advisory ID. What is this and where can it?**
The advisory ID can be found in the upper left-hand corner of the known issue Details pane. To find it, select the known issue you're seeking help on, select the **Details** pane, and you'll find the ID under the issue title. It will be the letters `WI` followed by a number, similar to `WI123456`.
The advisory ID can be found in the upper left-hand corner of the known issue Details pane. To find it, select the known issue you're seeking help on, select the **Details** pane, and you'll find the ID under the issue title. The ID is the letters `WI` followed by a number, similar to `WI123456`.
- **How can I learn more about expanding my use of Microsoft 365 admin center?**
For more information, see the [Microsoft 365 admin center documentation](/microsoft-365/admin/admin-overview/about-the-admin-center).

BIN
windows/deployment/update/media/33771278-update-deployment-status-table.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 288 KiB

9
windows/deployment/update/wufb-reports-prerequisites.md
View File

@ -6,7 +6,7 @@ ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.topic: article
ms.date: 04/26/2023
ms.date: 06/09/2023
ms.technology: itpro-updates
---
@ -62,7 +62,12 @@ Device names don't appear in Windows Update for Business reports unless you indi
- CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
- Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. For more information about data handling and privacy for Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) and [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data).
> [!TIP]
> Windows Update for Business reports uses [services configuration](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#bkmk-svccfg), also called OneSettings. Disabling the services configuration can cause some of the client data to be incorrect or missing in reports. For more information, see the [DisableOneSettingsDownloads](/windows/client-management/mdm/policy-csp-system#disableonesettingsdownloads) policy settings.
Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. For more information about data handling and privacy for Windows diagnostic data, see [Configure Windows diagnostic data in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) and [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection#services-that-rely-on-enhanced-diagnostic-data).
## Data transmission requirements

2
windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
View File

@ -6,7 +6,7 @@ ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.topic: reference
ms.date: 04/24/2023
ms.date: 06/05/2023
ms.technology: itpro-updates
---

9
windows/deployment/update/wufb-reports-workbook.md
View File

@ -6,7 +6,7 @@ ms.prod: windows-client
author: mestew
ms.author: mstewart
ms.topic: article
ms.date: 04/26/2023
ms.date: 06/12/2023
ms.technology: itpro-updates
---
@ -79,17 +79,16 @@ Below the tiles, the **Quality updates** tab is subdivided into **Update status*
The **Update status** group for quality updates contains the following items:
- **Update states for all security releases**: Chart containing the number of devices in a specific state, such as installing, for security updates.
- **Update states for all security releases**: The update states for the last 3 security updates are used to populate this chart. The total number of update states is approximately 3 times the number of devices that have reported update data to Windows Update for Business reports in the past 30 days.
- **Update alerts for all security releases**: Chart containing the count of active errors and warnings for security updates.
:::image type="content" source="media/33771278-update-deployment-status-table.png" alt-text="Screenshot of the charts and table in the workbook's quality updates tab" lightbox="media/33771278-update-deployment-status-table.png":::
The **Update deployment status** table displays the quality updates for each operating system version that were released within the last 60 days. For each update, drill-in further by selecting a value from the following columns:
| Column name | Description | Drill-in description |
|---|---|---|
|**Alerts**| Number of different error codes encountered by devices for the update. | Selecting this number lists the alert name for each error code and a count of devices with the error. Select the device count to display a list of devices that have an active alert for the error code.
| **KB Number** | KB number for the update | Selecting the KB number will open the support information webpage for the update.|
| **KB Number** | KB number for the update | Selecting the KB number opens the support information webpage for the update.|
| **Total devices** | Number of devices that have been offered the update, or are installing, have installed, or canceled the update. | Selecting the device count opens a device list table. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
### <a name="bkmk_device-group-quality"></a> Device status group for quality updates
@ -120,7 +119,7 @@ The **Update status** group for feature updates contains the following items:
- **Safeguard holds**: Chart containing count of devices per operating system version that are under a safeguard hold for a feature update
- **Update alerts**: Chart containing the count of active errors and warnings for feature updates.
**Update deployment status** table for feature updates displays the installation status by targeted operating system version. For each operating system version targeted the following columns are available:
**Update deployment status** table for feature updates displays the installation status by targeted operating system version. For each operating system version targeted, the following columns are available:
| Column name | Description | Drill-in description |
|---|---|---|

2
windows/deployment/update/wufb-wsus.md
View File

@ -46,7 +46,7 @@ To help you better understand the scan source policy, see the default scan behav
- If you configure only the WSUS server policy:
- On Windows 10: All of your updates will come from WSUS.
- On Windows 11: All of your updates will still come from Windows Update unless you configure the specify scan source policy.
- On Windows 11: All of your updates will still come from WSUS unless you configure the specify scan source policy.
- If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy.
- If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy.

4
windows/deployment/wds-boot-support.md
View File

@ -40,6 +40,10 @@ The table below provides support details for specific deployment scenarios. Boot
Alternatives to WDS, such as [Microsoft Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experience for deploying Windows images.
> [!NOTE]
>
> [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) only supports deployment of Windows 10. It doesn't support deployment of Windows 11. For more information, see [Supported platforms](/mem/configmgr/mdt/release-notes#supported-platforms).
## Not affected
WDS PXE boot isn't affected by this change. You can still use WDS to PXE boot devices with custom boot images, but you can't use **boot.wim** as the boot image and run Windows Setup in WDS mode.

2
windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
View File

@ -10,6 +10,8 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- tier2
---
# Add and verify admin contacts

3
windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Device registration overview

3
windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-manage-autopatch-groups.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Manage Windows Autopatch groups (public preview)

17
windows/deployment/windows-autopatch/deploy/windows-autopatch-groups-overview.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Windows Autopatch groups overview (public preview)
@ -17,7 +20,7 @@ ms.reviewer: andredm7
> [!IMPORTANT]
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if youve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>
As organizations move to a managed-service model where Microsoft manages update processes on their behalf, theyre challenged with having the right representation of their organizational structures followed by their own deployment cadence. Windows Autopatch groups helps organizations manage updates in a way that makes sense for their businesses with no extra cost or unplanned disruptions.
As organizations move to a managed-service model where Microsoft manages update processes on their behalf, theyre challenged with having the right representation of their organizational structures followed by their own deployment cadence. Windows Autopatch groups help organizations manage updates in a way that makes sense for their businesses with no extra cost or unplanned disruptions.
## What are Windows Autopatch groups?
@ -64,7 +67,7 @@ The Default Autopatch group uses Windows Autopatchs default update management
The Default Autopatch group is intended to serve organizations that are looking to:
- Enroll into the service
- Align to Windows Autopatchs default update management process without requiring additional customizations.
- Align to Windows Autopatchs default update management process without requiring more customizations.
The Default Autopatch group **cant** be deleted or renamed. However, you can customize its deployment ring composition to add and/or remove deployment rings, and you can also customize the update deployment cadences for each deployment ring within it.
@ -160,7 +163,7 @@ Autopatch groups creates two different layers. Each layer contains its own deplo
The service-based deployment ring set is exclusively used to keep Windows Autopatch updated with both service and device-level configuration policies, apps and APIs needed for core functions of the service.
The following are the Azure AD assigned groups that represent the service-based deployment rings. These groups cannot be deleted or renamed:
The following are the Azure AD assigned groups that represent the service-based deployment rings. These groups can't be deleted or renamed:
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
@ -174,7 +177,7 @@ The following are the Azure AD assigned groups that represent the service-based
The software-based deployment ring set is exclusively used with software update management policies, such as the Windows update ring and feature update policies, in the Default Windows Autopatch group.
The following are the Azure AD assigned groups that represent the software updates-based deployment rings. These groups cannot be deleted or renamed:
The following are the Azure AD assigned groups that represent the software updates-based deployment rings. These groups can't be deleted or renamed:
- Windows Autopatch - Test
- Windows Autopatch Ring1
@ -203,7 +206,7 @@ The following are three common uses for using Autopatch groups.
| Scenario | Solution |
| ----- | ----- |
| Youre working as the IT admin at Contoso Ltd. And manage several Microsoft and non-Microsoft cloud services. You dont have extra time to spend setting up and managing several Autopatch groups.<p>Your organization currently operates its update management by using five deployment rings, but theres an opportunity to have flexible deployment cadences if its pre-communicated to your end-users.</p> | If you dont have thousands of devices to manage, use the Default Autopatch group for your organization. You can edit the Default Autopatch group to include additional deployment rings and/or slightly modify some of its default deployment cadences.<p>The Default Autopatch group is pre-configured and doesnt require extra configurations when registering devices with the Windows Autopatch service.</p><p>The following is a visual representation of a gradual rollout for the Default Autopatch group pre-configured and fully managed by the Windows Autopatch service.</p> |
| Youre working as the IT admin at Contoso Ltd. And manage several Microsoft and non-Microsoft cloud services. You dont have extra time to spend setting up and managing several Autopatch groups.<p>Your organization currently operates its update management by using five deployment rings, but theres an opportunity to have flexible deployment cadences if its precommunicated to your end-users.</p> | If you dont have thousands of devices to manage, use the Default Autopatch group for your organization. You can edit the Default Autopatch group to include additional deployment rings and/or slightly modify some of its default deployment cadences.<p>The Default Autopatch group is preconfigured and doesnt require extra configurations when registering devices with the Windows Autopatch service.</p><p>The following is a visual representation of a gradual rollout for the Default Autopatch group preconfigured and fully managed by the Windows Autopatch service.</p> |
:::image type="content" source="../media/autopatch-groups-default-autopatch-group.png" alt-text="Default Autopatch group" lightbox="../media/autopatch-groups-default-autopatch-group.png":::
@ -211,7 +214,7 @@ The following are three common uses for using Autopatch groups.
| Scenario | Solution |
| ----- | ----- |
| Youre working as the IT admin at Contoso Ltd. Your organization needs to plan a gradual rollout of software updates within specific critical business units or departments to help mitigate the risk of end-user disruption. | You can create a Custom Autopatch group for each of your business units, for example, the finance department and breakdown the deployment ring composition per the different user personas or based on how critical certain user groups can be for the department and subsequently for the business.<p>The following is a visual representation of a gradual rollout for Contosos Finance department.</p> |
| Youre working as the IT admin at Contoso Ltd. Your organization needs to plan a gradual rollout of software updates within specific critical business units or departments to help mitigate the risk of end-user disruption. | You can create a Custom Autopatch group for each of your business units. For example, you can create a Custom Autopatch group for the finance department and breakdown the deployment ring composition per the different user personas or based on how critical certain user groups can be for the department and then for the business.<p>The following is a visual representation of a gradual rollout for Contosos Finance department.</p> |
:::image type="content" source="../media/autopatch-groups-finance-department-example.png" alt-text="Finance department example" lightbox="../media/autopatch-groups-finance-department-example.png":::
@ -245,7 +248,7 @@ Autopatch groups works with the following software update workloads:
### Maximum number of Autopatch groups
Windows Autopatch will support up to 50 Autopatch groups in your tenant. You can create up to 49 [Custom Autopatch groups](#about-custom-autopatch-groups) in addition to the [Default Autopatch group](#about-the-default-autopatch-group). Each Autopatch group supports up to 15 deployment rings.
Windows Autopatch supports up to 50 Autopatch groups in your tenant. You can create up to 49 [Custom Autopatch groups](#about-custom-autopatch-groups) in addition to the [Default Autopatch group](#about-the-default-autopatch-group). Each Autopatch group supports up to 15 deployment rings.
> [!TIP]
> If you reach the maximum number of Autopatch groups supported (50), and try to create more Custom Autopatch groups, the "**Create**" option in the Autopatch groups blade will be greyed out.

3
windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Post-device registration readiness checks (public preview)

3
windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Register your devices

2
windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
View File

@ -10,6 +10,8 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- tier2
---
# Deregister a device

3
windows/deployment/windows-autopatch/operate/windows-autopatch-device-alerts.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Device alerts (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-edge.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Microsoft Edge

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-manage-windows-feature-update-release.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Manage Windows feature update releases: Windows Autopatch groups experience (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-update-management.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Software update management: Windows Autopatch groups experience (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-overview.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Windows feature updates overview: Autopatch groups experience (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-status-report.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Feature update status report (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-summary-dashboard.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Windows feature update summary dashboard (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-feature-update-trending-report.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Feature update trending report (public preview)

5
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-and-feature-update-reports-overview.md
View File

@ -10,9 +10,12 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Windows quality and feature update reports overview: Windows Autopatch groups experience (public preview)
# Windows quality and feature update reports overview: Windows Autopatch groups experience (public preview)
> [!IMPORTANT]
> Windows Autopatch groups is in **public preview**. This feature is being actively developed and might not be complete. You can test and use these features in production environments and provide feedback.<p>The Windows Autopatch group experience only applies if youve opted-in to use Windows Autopatch groups.</p><br>**To opt-in to use Windows Autopatch groups:**<ol><li>Go to the [Microsoft Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and select **Devices** from the left navigation menu.</li><li>Under **Windows Autopatch**, select **Release Management**, then select **Autopatch groups (preview)**.</li><li>Review the **[Microsoft Privacy Statement](../overview/windows-autopatch-privacy.md)** and the **[Autopatch groups Public Preview Addendum](../references/windows-autopatch-groups-public-preview-addendum.md)**. If you agree, select the **I have reviewed and agree to the Autopatch groups Public Preview Addendum** checkbox. Then, select **Use preview** to test out Windows Autopatch groups and its bundled feature set. If the **Use preview** option is greyed out, ensure you meet all the [Autopatch group prerequisites](../deploy/windows-autopatch-groups-manage-autopatch-groups.md#autopatch-groups-prerequisites).</li></ol>

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-communications.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Windows quality update communications: Windows Autopatch groups experience (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-end-user-exp.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Windows quality update end user experience: Windows Autopatch groups experience (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-overview.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Windows quality updates: Windows Autopatch groups experience (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-signals.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Windows quality update signals: Windows Autopatch groups experience (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-status-report.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Quality update status report (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-summary-dashboard.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Windows quality update summary dashboard (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-quality-update-trending-report.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Quality update trending report (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-groups-windows-update.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: rekhanr
ms.collection:
- highpri
- tier1
---
# Customize Windows Update settings: Autopatch groups experience (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Microsoft 365 Apps for enterprise

3
windows/deployment/windows-autopatch/operate/windows-autopatch-policy-health-and-remediation.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: rekhanr
ms.collection:
- highpri
- tier1
---
# Policy health and remediation (public preview)

3
windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Submit a support request

3
windows/deployment/windows-autopatch/operate/windows-autopatch-teams.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Microsoft Teams

3
windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Unenroll your tenant

3
windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Software update management

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-end-user-exp.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Windows feature update end user experience

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-feature-update-overview.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Windows feature updates

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-historical-report.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# All devices report—historical

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-all-devices-report.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# All devices report

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-communications.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Windows quality update communications

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-eligible-devices-historical-report.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Eligible devices report—historical

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-end-user-exp.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Windows quality update end user experience

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-ineligible-devices-historical-report.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Ineligible devices report—historical

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-overview.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Windows quality updates

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-reports-overview.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Windows quality update reports

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-signals.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Windows quality update signals

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-quality-update-summary-dashboard.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- highpri
- tier1
---
# Summary dashboard

3
windows/deployment/windows-autopatch/operate/windows-autopatch-windows-update.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: rekhanr
ms.collection:
- highpri
- tier1
---
# Customize Windows Update settings (public preview)

2
windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
View File

@ -34,7 +34,7 @@ sections:
Windows Autopatch doesn't support local (on-premise) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Azure AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
- question: Will Windows Autopatch be available for state and local government customers?
answer: |
Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers.
Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not suppported.
- question: What if I enrolled into Windows Autopatch using the promo code? Will I still have access to the service?
answer: |
Yes. For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There's no additional action you have to take to continue using Windows Autopatch.

2
windows/deployment/windows-autopatch/overview/windows-autopatch-overview.md
View File

@ -11,7 +11,7 @@ ms.author: tiaraquan
manager: dougeby
ms.collection:
- highpri
- tier2
- tier1
ms.reviewer: hathind
---

3
windows/deployment/windows-autopatch/overview/windows-autopatch-privacy.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Privacy

3
windows/deployment/windows-autopatch/overview/windows-autopatch-roles-responsibilities.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Roles and responsibilities

2
windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
View File

@ -10,6 +10,8 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- tier2
---
# Configure your network

15
windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Enroll your tenant
@ -30,7 +33,7 @@ To start using the Windows Autopatch service, ensure you meet the [Windows Autop
> [!IMPORTANT]
> The online Readiness assessment tool helps you check your readiness to enroll in Windows Autopatch for the first time. Once you enroll, you'll no longer be able to access the tool again.
The Readiness assessment tool checks the settings in [Microsoft Intune](#microsoft-intune-settings) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
The Readiness assessment tool checks the settings in [Microsoft Intune](#microsoft-intune-settings) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure the settings work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
**To access and run the Readiness assessment tool:**
@ -64,13 +67,13 @@ The following are the Azure Active Directory settings:
### Check results
For each check, the tool will report one of four possible results:
For each check, the tool reports one of four possible results:
| Result | Meaning |
| ----- | ----- |
| Ready | No action is required before completing enrollment. |
| Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.<p><p>You can complete enrollment, but you must fix these issues before you deploy your first device. |
| Not ready | You must fix these issues before enrollment. You wont be able to enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them. |
| Not ready | You must fix these issues before enrollment. You can't enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them. |
| Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permissions to run this check. |
## Step 3: Fix issues with your tenant
@ -86,11 +89,11 @@ Once the Readiness assessment tool provides you with a "Ready" result, you're re
**To enroll your tenant:**
Within the Readiness assessment tool, you'll now see the **Enroll** button. By selecting **Enroll**, you'll kick off the enrollment of your tenant to the Windows Autopatch service. During the enrollment workflow, you'll see the following:
Within the Readiness assessment tool, you can see the **Enroll** button. By selecting **Enroll**, you start the enrollment process of your tenant into the Windows Autopatch service. During the enrollment workflow, you see the following:
- Consent workflow to manage your tenant.
- Provide Windows Autopatch with IT admin contacts.
- Setup of the Windows Autopatch service on your tenant. This step is where we'll create the policies, groups and accounts necessary to run the service.
- Setup of the Windows Autopatch service on your tenant. This step is where we create the policies, groups and accounts necessary to run the service.
Once these actions are complete, you've now successfully enrolled your tenant.
@ -101,7 +104,7 @@ Once these actions are complete, you've now successfully enrolled your tenant.
You can choose to delete the data we collect directly within the Readiness assessment tool.
Windows Autopatch retains the data associated with these checks for 12 months after the last time you ran a check in your Azure Active Directory organization (tenant). After 12 months, we retain the data in a de-identified form.
Windows Autopatch retains the data associated with these checks for 12 months after the last time you ran a check in your Azure Active Directory organization (tenant). After 12 months, we retain the data in a deidentified form.
> [!NOTE]
> Windows Autopatch will only delete the results we collect within the Readiness assessment tool; Autopatch won't delete any other tenant-level data.

2
windows/deployment/windows-autopatch/prepare/windows-autopatch-enrollment-support-request.md
View File

@ -10,6 +10,8 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- tier2
---
# Submit a tenant enrollment support request

9
windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Fix issues found by the Readiness assessment tool
@ -21,13 +24,13 @@ Seeing issues with your tenant? This article details how to remediate issues fou
## Check results
For each check, the tool will report one of four possible results:
For each check, the tool reports one of four possible results:
| Result | Meaning |
| ----- | ----- |
| Ready | No action is required before completing enrollment. |
| Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.<p><p>You can complete enrollment, but you must fix these issues before you deploy your first device. |
| Not ready | You must fix these issues before enrollment. You wont be able to enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them. |
| Not ready | You must fix these issues before enrollment. You can't enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them. |
| Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permission to run this check or your tenant isn't properly licensed for Microsoft Intune. |
> [!NOTE]
@ -43,7 +46,7 @@ Your "Update rings for Windows 10 or later" policy in Intune must not target any
| Result | Meaning |
| ----- | ----- |
| Advisory | You have an "update ring" policy that targets all devices, all users, or both. Windows Autopatch will also create our own update ring policies during enrollment. To avoid conflicts with Windows Autopatch devices, we'll exclude our devices group from your existing update ring policies that target all devices, all users, or both. You must consent to this change when you go to enroll your tenant.</p>|
| Advisory | You have an "update ring" policy that targets all devices, all users, or both. Windows Autopatch creates our own update ring policies during enrollment. To avoid conflicts with Windows Autopatch devices, we exclude our devices group from your existing update ring policies that target all devices, all users, or both. You must consent to this change when you go to enroll your tenant.</p>|
## Azure Active Directory settings

3
windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Prerequisites

3
windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- highpri
- tier1
---
# Changes made at tenant enrollment

3
windows/deployment/windows-autopatch/references/windows-autopatch-groups-public-preview-addendum.md
View File

@ -10,6 +10,9 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: andredm7
ms.collection:
- highpri
- tier1
---
# Windows Autopatch groups Public Preview Addendum

4
windows/deployment/windows-autopatch/references/windows-autopatch-microsoft-365-policies.md
View File

@ -10,13 +10,15 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: hathind
ms.collection:
- tier2
---
# Microsoft 365 Apps for enterprise update policies
## Conflicting and unsupported policies
Deploying any of the following policies to a managed device will make that device ineligible for management since the device will prevent us from delivering the service as designed.
Deploying any of the following policies to a managed device makes that device ineligible for management since the device prevents us from delivering the service as designed.
### Update policies

16
windows/deployment/windows-autopatch/references/windows-autopatch-windows-update-unsupported-policies.md
View File

@ -10,13 +10,15 @@ author: tiaraquan
ms.author: tiaraquan
manager: dougeby
ms.reviewer: adnich
ms.collection:
- tier2
---
# Windows update policies
## Deployment rings for Windows 10 and later
The following policies contain settings which apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention:
The following policies contain settings that apply to both Windows quality and feature updates. After onboarding there will be four of these policies in your tenant with the following naming convention:
**Modern Workplace Update Policy [ring name] [Windows Autopatch]**
@ -44,7 +46,7 @@ The following policies contain settings which apply to both Windows quality and
| Deadline for Windows feature updates | 5 | 5 | 5 | 5 |
| Deadline for Windows quality updates | 0 | 2 | 2 | 5 |
| Grace period | 0 | 2 | 2 | 2 |
| Auto-restart before deadline | Yes | Yes | Yes | Yes |
| Auto restart before deadline | Yes | Yes | Yes | Yes |
### Windows 10 and later assignments
@ -59,7 +61,7 @@ The service deploys policies using Microsoft Intune to control how Windows featu
### Windows feature updates for Windows 10 and later
These policies control the minimum target version of Windows which a device is meant to accept. Throughout the rest of the article, you will see these policies referred to as DSS policies. After onboarding there will be four of these policies in your tenant with the following naming convention:
These policies control the minimum target version of Windows that a device is meant to accept. Throughout the rest of the article, these policies are referred to as DSS policies. After onboarding, there will be four of these policies in your tenant with the following naming convention:
**Modern Workplace DSS Policy [ring name]**
@ -79,7 +81,7 @@ These policies control the minimum target version of Windows which a device is m
#### Windows 11 testing
To allow customers to test Windows 11 in their environment, there's a separate DSS policy which enables you to test Windows 11 before broadly adopting within your environment.
To allow customers to test Windows 11 in their environment, there's a separate DSS policy that enables you to test Windows 11 before broadly adopting within your environment.
##### Windows 11 deployment setting
@ -97,11 +99,11 @@ To allow customers to test Windows 11 in their environment, there's a separate D
## Conflicting and unsupported policies
Deploying any of the following policies to a Windows Autopatch device will make that device ineligible for management since the device will prevent us from delivering the service as designed.
Deploying any of the following policies to a Windows Autopatch device makes that device ineligible for management since the device prevents us from delivering the service as designed.
### Update policies
Window Autopatch deploys mobile device management (MDM) policies to configure devices and requires a specific configuration. If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) are deployed to devices that aren't on the permitted list, those devices will be excluded from management.
Window Autopatch deploys mobile device management (MDM) policies to configure devices and requires a specific configuration. If any policies from the [Update Policy CSP](/windows/client-management/mdm/policy-csp-update) are deployed to devices that aren't on the permitted list, those devices are excluded from management.
| Allowed policy | Policy CSP | Description |
| ----- | ----- | ----- |
@ -111,7 +113,7 @@ Window Autopatch deploys mobile device management (MDM) policies to configure de
### Group policy and other policy managers
Group policy as well as other policy managers can take precedence over mobile device management (MDM) policies. For Windows quality updates, if any policies or configurations are detected which modify the following hives in the registry, the device could become ineligible for management:
Group policy and other policy managers can take precedence over mobile device management (MDM) policies. For Windows quality updates, if any policies or configurations are detected which modify the following hives in the registry, the device could become ineligible for management:
- `HKLM\SOFTWARE\Microsoft\WindowsUpdate\UpdatePolicy\PolicyState`
- `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`

10
windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md
View File

@ -1,7 +1,7 @@
---
title: What's new 2023
description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
ms.date: 05/15/2023
ms.date: 06/12/2023
ms.prod: windows-client
ms.technology: itpro-updates
ms.topic: whats-new
@ -51,6 +51,12 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| [Policy health and remediation](../operate/windows-autopatch-policy-health-and-remediation.md) | Add new Policy health and remediation feature. This feature is in public preview |
| [Windows Autopatch groups public preview addendum](../references/windows-autopatch-groups-public-preview-addendum.md) | Added addendum for the Windows Autopatch groups public preview |
## May service release
| Message center post number | Description |
| ----- | ----- |
| [MC559247](https://admin.microsoft.com/adminportal/home#/MessageCenter) | May 2023 Windows Autopatch baseline configuration update |
## April 2023
### April feature releases or updates
@ -59,7 +65,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
| ----- | ----- |
| [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md) | Updated the [Deployment rings for Windows 10 and later](../references/windows-autopatch-changes-to-tenant.md#deployment-rings-for-windows-10-and-later) section |
### April 2023 service release
### April service release
| Message center post number | Description |
| ----- | ----- |

8
windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
View File

@ -156,14 +156,16 @@ Supported values:
### Protected client
Applies more security settings to the sandbox Remote Desktop client, decreasing its attack surface.
When Protected Client mode is enabled, Sandbox adds a new layer of security boundary by running inside an [AppContainer Isolation](/windows/win32/secauthz/appcontainer-isolation) execution environment.
AppContainer Isolation provides Credential, Device, File, Network, Process, and Window isolation.
`<ProtectedClient>value</ProtectedClient>`
Supported values:
- *Enable*: Runs Windows sandbox in Protected Client mode. If this value is set, the sandbox runs with extra security mitigations enabled.
- *Disable*: Runs the sandbox in standard mode without extra security mitigations.
- *Enable*: Runs Windows sandbox in Protected Client mode. If this value is set, the Sandbox runs in AppContainer Isolation.
- *Disable*: Runs the Sandbox in the standard mode without extra security mitigations.
- *Default*: This value is the default value for Protected Client mode. Currently, this default value denotes that the sandbox doesn't run in Protected Client mode.
> [!NOTE]

19
windows/security/threat-protection/windows-defender-application-control/AppIdTagging/design-create-appid-tagging-policies.md
View File

@ -35,9 +35,14 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
1. Create a new base policy using the templates:
Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The example below shows beginning with the [Default Windows Mode](../wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
Start with the Policy Creator task and select Multiple Policy Format and Base Policy. Select the Base Template to use for the policy. The following example shows beginning with the [Default Windows Mode](../wdac-wizard-create-base-policy.md#template-base-policies) template and build on top of these rules.
![Configuring the policy base and template.](../images/appid-wdac-wizard-1.png)
> [!NOTE]
> If your AppId Tagging Policy does build off the base templates or does not allow Windows in-box processes, you will notice significant performance regressions, especially during boot. For this reason, it is strongly recommended to build off the base templates.
For more information on the issue, see the [AppId Tagging Known Issue](../operations/known-issues.md#slow-boot-and-performance-with-custom-policies).
2. Set the following rule-options using the Wizard toggles:
@ -45,7 +50,7 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
3. Create custom rules:
Selecting the `+ Custom Rules` button will open the Custom Rules panel. The Wizard supports five types of file rules:
Selecting the `+ Custom Rules` button opens the Custom Rules panel. The Wizard supports five types of file rules:
- Publisher rules: Create a rule based off the signing certificate hierarchy. Additionally, the original filename and version can be combined with the signing certificate for added security.
- Path rules: Create a rule based off the path to a file or a parent folder path. Path rules support wildcards.
@ -58,16 +63,16 @@ You can use the Windows Defender Application Control (WDAC) Wizard and the Power
4. Convert to AppId Tagging Policy:
After the Wizard builds the policy file, open the file in a text editor and remove the entire "Value=131" SigningScenario text block. The only remaining signing scenario should be "Value=12" which is the usermode application section. Next, open PowerShell in an elevated prompt and run the following command. Replace the AppIdTagging Key-Value pair for your scenario:
After the Wizard builds the policy file, open the file in a text editor and remove the entire "Value=131" SigningScenario text block. The only remaining signing scenario should be "Value=12" which is the user mode application section. Next, open PowerShell in an elevated prompt and run the following command. Replace the AppIdTagging Key-Value pair for your scenario:
```powershell
Set-CIPolicyIdInfo -ResetPolicyID -FilePath .\AppIdPolicy.xml -AppIdTaggingPolicy -AppIdTaggingKey "MyKey" -AppIdTaggingValue "MyValue"
```
The policyID GUID will be returned by PowerShell if successful.
The policyID GUID is returned by the PowerShell command if successful.
## Create the policy using PowerShell
Using this method, you'll create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). In an elevate PowerShell instance:
Using this method, you create an AppId Tagging policy directly using the WDAC PowerShell commands. These PowerShell commands are only available on the supported platforms listed in [AppId Tagging Guide](./windows-defender-application-control-appid-tagging-guide.md). In an elevate PowerShell instance:
1. Create an AppId rule for the policy based on a combination of the signing certificate chain and version of the application. In the example below, the level has been set to SignedVersion. Any of the [WDAC File Rule Levels](../select-types-of-rules-to-create.md#table-2-windows-defender-application-control-policy---file-rule-levels) can be used in AppId rules:
@ -87,14 +92,14 @@ Using this method, you'll create an AppId Tagging policy directly using the WDAC
Set-RuleOption -Option 18 .\AppIdPolicy.xml # (Optional) Disable FilePath Rule Protection
```
If you're using filepath rules, you'll likely want to set option 18. Otherwise, there's no need.
If you're using filepath rules, you may want to set option 18. Otherwise, there's no need.
4. Set the name and ID on the policy, which is helpful for future debugging:
```powershell
Set-CIPolicyIdInfo -ResetPolicyId -PolicyName "MyPolicyName" -PolicyId "MyPolicyId"" -AppIdTaggingPolicy -FilePath ".\AppIdPolicy.xml"
```
The policyID GUID will be returned by PowerShell if successful.
The policyID GUID is returned by the PowerShell command if successful.
## Deploy for Local Testing

BIN
windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule-xml.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 21 KiB

BIN
windows/security/threat-protection/windows-defender-application-control/images/known-issue-appid-dll-rule.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 22 KiB

42
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
View File

@ -8,7 +8,7 @@ author: jsuther1974
ms.reviewer: jgeurten
ms.author: vinpa
manager: aaroncz
ms.date: 11/04/2022
ms.date: 06/14/2023
ms.topic: reference
---
@ -25,7 +25,7 @@ ms.topic: reference
Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC.
Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including WDAC:
Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. An attacker can use these applications or files to circumvent application allow policies, including WDAC:
- addinprocess.exe
- addinprocess32.exe
@ -72,7 +72,7 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
<sup>1</sup> A vulnerability in bginfo.exe was fixed in version 4.22. If you use BGInfo, for security, make sure to download and run the latest version of [BGInfo](/sysinternals/downloads/bginfo). BGInfo versions earlier than 4.22 are still vulnerable and should be blocked.
<sup>2</sup> If you're using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. However, if your reference system is an end-user device that isn't being used in a development context, we recommend that you block msbuild.exe.
<sup>2</sup> If you're using your reference system in a development context and use msbuild.exe to build managed applications, we recommend that you allow msbuild.exe in your code integrity policies. Otherwise, we recommend that you block msbuild.exe.
<sup>*</sup> Microsoft recognizes the efforts of people in the security community who help us protect customers through responsible vulnerability disclosure, and extends thanks to the following people:
@ -99,9 +99,9 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
> [!NOTE]
> This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
Certain software applications may allow other code to run by design. Such applications should be blocked by your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, you should add *deny* rules to your application control policies for that applications previous, less secure versions.
Certain software applications may allow other code to run by design. Unless these applications are business critical, you should block them in your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, add *deny* rules to your application control policies for that applications previous, less secure versions.
Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass WDAC. These modules can't be blocked by name or version, and therefore must be blocked by their corresponding hashes.
Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass WDAC. These modules can be blocked by their corresponding hashes.
As of October 2017, system.management.automation.dll is updated to revoke earlier versions by hash values, instead of version rules.
@ -111,14 +111,14 @@ If you wish to use this blocklist policy on Windows Server 2016, locate the deny
- msxml6.dll
- jscript9.dll
The blocklist policy below includes "Allow all" rules for both kernel and user mode that make it safe to deploy as a standalone WDAC policy. On Windows versions 1903 and above, Microsoft recommends converting this policy to multiple policy format using the *Set-CiPolicyIdInfo* cmdlet with the *-ResetPolicyId* switch. Then, you can deploy it as a Base policy side-by-side with any other policies in your environment. To instead add these rules to an existing Base policy, you can merge the policy below using the *Merge-CIPolicy* cmdlet. If merging into an existing policy that includes an explicit allowlist, you should first remove the two "Allow all" rules and their corresponding FileRuleRefs from the sample policy below.
The blocklist policy that follows includes "Allow all" rules for both kernel and user mode that make it safe to deploy as a standalone WDAC policy. On Windows versions 1903 and above, Microsoft recommends converting this policy to multiple policy format using the *Set-CiPolicyIdInfo* cmdlet with the *-ResetPolicyId* switch. Then, you can deploy it as a Base policy side-by-side with any other policies in your environment. To instead add these rules to an existing Base policy, you can merge the policy that follows using the *Merge-CIPolicy* cmdlet. If merging into an existing policy that includes an explicit allowlist, you should first remove the two "Allow all" rules and their corresponding FileRuleRefs from the blocklist policy.
**WDAC policy XML**:
```xml
<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
<VersionEx>10.1.0.0</VersionEx>
<VersionEx>10.1.0.2</VersionEx>
<PolicyTypeID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyTypeID>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<Rules>
@ -159,6 +159,14 @@ The blocklist policy below includes "Allow all" rules for both kernel and user m
<Deny ID="ID_DENY_DOTNET" FriendlyName="dotnet.exe" FileName="dotnet.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<Deny ID="ID_DENY_FSI" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<Deny ID="ID_DENY_FSI_ANYCPU" FriendlyName="fsiAnyCpu.exe" FileName="fsiAnyCpu.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<Deny ID="ID_DENY_HVCISCAN_AMD_1" FriendlyName="HVCIScan.exe with missing resources AMD Hash Sha1" Hash="424823CD625834C05D55C7B825B0D8059D589748" />
<Deny ID="ID_DENY_HVCISCAN_AMD_2" FriendlyName="HVCIScan.exe with missing resources AMD Hash Sha256" Hash="4968BA3E491CF6471C5D1C6CBECE84294012298D8EB6D32C03E476892F34279C" />
<Deny ID="ID_DENY_HVCISCAN_AMD_3" FriendlyName="HVCIScan.exe with missing resources AMD Hash Page Sha1" Hash="FCFA167F5F1FC88E0886132AB0B2E0C32B4B1BF5" />
<Deny ID="ID_DENY_HVCISCAN_AMD_4" FriendlyName="HVCIScan.exe with missing resources AMD Hash Page Sha256" Hash="283F6E8998E7A20C68FFD8715E6F130EC7648055285883686336F5711DB1C978" />
<Deny ID="ID_DENY_HVCISCAN_ARM_1" FriendlyName="HVCIScan.exe with missing resources ARM Hash Sha1" Hash="A72B1B9554B682F9180E5051C1DA1F2601DCD773" />
<Deny ID="ID_DENY_HVCISCAN_ARM_2" FriendlyName="HVCIScan.exe with missing resources ARM Hash Sha256" Hash="AC399FA29FAB56F01F63B499766D489198021C54C000463342E0382AD3AF29BE" />
<Deny ID="ID_DENY_HVCISCAN_ARM_3" FriendlyName="HVCIScan.exe with missing resources ARM Hash Page Sha1" Hash="9FD720F1D4913073054D93CF446C9ADC7F0BA445" />
<Deny ID="ID_DENY_HVCISCAN_ARM_4" FriendlyName="HVCIScan.exe with missing resources ARM Hash Page Sha256" Hash="8CBB25C135FBB43C67F70E933C482A8F6DA9F37FF4761FA061BBD91B30CEFE17" />
<Deny ID="ID_DENY_INFINSTALL" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<Deny ID="ID_DENY_INSTALLUTIL" FriendlyName="Microsoft InstallUtil" FileName="InstallUtil.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
<Deny ID="ID_DENY_KD" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
@ -1500,6 +1508,14 @@ The blocklist policy below includes "Allow all" rules for both kernel and user m
<FileRuleRef RuleID="ID_DENY_D_604" />
<FileRuleRef RuleID="ID_DENY_D_605" />
<FileRuleRef RuleID="ID_DENY_D_606" />
<FileRuleRef RuleID="ID_DENY_HVCISCAN_AMD_1" />
<FileRuleRef RuleID="ID_DENY_HVCISCAN_AMD_2" />
<FileRuleRef RuleID="ID_DENY_HVCISCAN_AMD_3" />
<FileRuleRef RuleID="ID_DENY_HVCISCAN_AMD_4" />
<FileRuleRef RuleID="ID_DENY_HVCISCAN_ARM_1" />
<FileRuleRef RuleID="ID_DENY_HVCISCAN_ARM_2" />
<FileRuleRef RuleID="ID_DENY_HVCISCAN_ARM_3" />
<FileRuleRef RuleID="ID_DENY_HVCISCAN_ARM_4" />
</FileRulesRef>
</ProductSigners>
</SigningScenario>
@ -1507,6 +1523,18 @@ The blocklist policy below includes "Allow all" rules for both kernel and user m
<UpdatePolicySigners />
<CiSigners />
<HvciOptions>0</HvciOptions>
<Settings>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
<Value>
<String>Microsoft Windows Recommended User Mode BlockList</String>
</Value>
</Setting>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
<Value>
<String>10.1.0.2</String>
</Value>
</Setting>
</Settings>
</SiPolicy>
```

509
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
View File

@ -100,7 +100,7 @@ To check that the policy was successfully applied on your computer:
```xml
<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
<VersionEx>10.0.25873.0</VersionEx>
<VersionEx>10.0.25880.0</VersionEx>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<Rules>
<Rule>
@ -221,10 +221,10 @@ To check that the policy was successfully applied on your computer:
<Deny ID="ID_DENY_ATILLK_1D" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Sha256" Hash="FB19F241DDAE74EC4A0F87DFF025EC68DC809F9DD883649C0E58822DE28E6F1B" />
<Deny ID="ID_DENY_ATILLK_1E" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Page Sha1" Hash="6698BB12B9D9D511C018D9EA8F70C61A03A041AD" />
<Deny ID="ID_DENY_ATILLK_1F" FriendlyName="atillk64\d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b Hash Page Sha256" Hash="47F6DFDDDA4F164448F14C0417839DB860BC4E9C4679BE3980B05BE920462870" />
<Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandai.sys Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
<Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandai.sys Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
<Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandai.sys Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
<Deny ID="ID_DENY_BANDAI_SHA256_PAGE" FriendlyName="bandai.sys Hash Page Sha256" Hash="BB83738210650E09307CE869ACA9BFA251024D3C47B1006B94FCE2846313F56E" />
<Deny ID="ID_DENY_BANDAI_SHA1" FriendlyName="bandainamcoonline.sys\7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d Hash Sha1" Hash="0F780B7ADA5DD8464D9F2CC537D973F5AC804E9C" />
<Deny ID="ID_DENY_BANDAI_SHA256" FriendlyName="bandainamcoonline.sys\7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d Hash Sha256" Hash="7FD788358585E0B863328475898BB4400ED8D478466D1B7F5CC0252671456CC8" />
<Deny ID="ID_DENY_BANDAI_SHA1_PAGE" FriendlyName="bandainamcoonline.sys\7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d Hash Page Sha1" Hash="EA360A9F23BB7CF67F08B88E6A185A699F0C5410" />
<Deny ID="ID_DENY_BANDAI_SHA256_PAGE" FriendlyName="bandainamcoonline.sys\7ec93f34eb323823eb199fbf8d06219086d517d0e8f4b9e348d7afd41ec9fd5d Hash Page Sha256" Hash="BB83738210650E09307CE869ACA9BFA251024D3C47B1006B94FCE2846313F56E" />
<Deny ID="ID_DENY_BS_RCIO64_SHA1" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha1" Hash="4BFE9E5A5A25B7CDE6C81EBE31ED4ABEB5147FAF" />
<Deny ID="ID_DENY_BS_RCIO64_SHA256" FriendlyName="BS_RCIO64 73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha256" Hash="0381632CD236CD94FA9E64CCC958516AC50F9437F99092E231A607B1E6BE6CF8" />
<Deny ID="ID_DENY_BS_RCIO64_SHA1_PAGE" FriendlyName="BS_RCIO64 5651466512138240\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha1" Hash="C28B640BECA5E2834D2A373F139869CC309F6631" />
@ -377,6 +377,12 @@ To check that the policy was successfully applied on your computer:
<Deny ID="ID_DENY_AMIFLDRV_36" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Sha256" Hash="2EE914C20B3E4A321BCD2EA2F0F437CDA6DA09DC0819CD6F06960C0567F4CB19" />
<Deny ID="ID_DENY_AMIFLDRV_37" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Page Sha1" Hash="ABD4616FF35256B5D52813FB80596326047D3768" />
<Deny ID="ID_DENY_AMIFLDRV_38" FriendlyName="amifldrv64\fda506e2aa85dc41a4cbc23d3ecc71ab34e06f1def736e58862dc449acbc2330 Hash Page Sha256" Hash="BB52155AD4262C8995115147847BC740873F8AA036D0118E263FD8C84AF9C649" />
<Deny ID="ID_DENY_ASIO_1" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Sha1" Hash="B25550309C902A21B03367AE27694C5A29B891B5" />
<Deny ID="ID_DENY_ASIO_2" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Sha256" Hash="C3E3719CA592BA65A67F594EC1A08D0D7AD724B088BE77D48CB33627C56F4614" />
<Deny ID="ID_DENY_ASIO_3" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Page Sha1" Hash="EA7DBFB3ECFFAA134D4C3A76024F9B65126DFDC1" />
<Deny ID="ID_DENY_ASIO_4" FriendlyName="asio\2da330a2088409efc351118445a824f11edbe51cf3d653b298053785097fe40e Hash Page Sha256" Hash="EA9A321D58DD45D747C41AD6F0C30B3B11F134755CE3E69DC3DC34257E420493" />
<Deny ID="ID_DENY_ASIO_5" FriendlyName="asio\923ebbe8111e73d5b8ecc2db10f8ea2629a3264c3a535d01c3c118a3b4c91782 Hash Sha1" Hash="E471BA6D1327D1026EB2C6A905E2BAD3952DABBD" />
<Deny ID="ID_DENY_ASIO_6" FriendlyName="asio\923ebbe8111e73d5b8ecc2db10f8ea2629a3264c3a535d01c3c118a3b4c91782 Hash Sha256" Hash="ED302EA33FEB557B879F64C4B7835947A9CA31054573E1487F5BBC38449753FF" />
<Deny ID="ID_DENY_ASUPIO64_SHA1" FriendlyName="AsUpIO64.sys Hash Sha1" Hash="2A95F882DD9BAFCC57F144A2708A7EC67DD7844C" />
<Deny ID="ID_DENY_ASUPIO64_SHA256" FriendlyName="AsUpIO64.sys Hash Sha256" Hash="7F75D91844B0C162EEB24D14BCF63B7F230E111DAA7B0A26EAA489EEB22D9057" />
<Deny ID="ID_DENY_ASUPIO64_SHA1_PAGE" FriendlyName="AsUpIO64.sys Hash Page Sha1" Hash="316E7872A227F0EAD483D244805E9FF4D3569F6F" />
@ -541,6 +547,28 @@ To check that the policy was successfully applied on your computer:
<Deny ID="ID_DENY_DHKERNEL_11" FriendlyName="YY_DhKernel\dcd026fd2ff8d517e2779d67b3d2d5f9a7aa39f19c66fa8ff2cab66d5c6461c6 Hash Sha256" Hash="8BCE2AFD04EC073143A2A4BA51671992451C8E747A84852458321F2D275B5433" />
<Deny ID="ID_DENY_DHKERNEL_12" FriendlyName="YY_DhKernel\dcd026fd2ff8d517e2779d67b3d2d5f9a7aa39f19c66fa8ff2cab66d5c6461c6 Hash Page Sha1" Hash="890A839069A81D76EB8FB53C9D18F8BE09C101F2" />
<Deny ID="ID_DENY_DHKERNEL_13" FriendlyName="YY_DhKernel\dcd026fd2ff8d517e2779d67b3d2d5f9a7aa39f19c66fa8ff2cab66d5c6461c6 Hash Page Sha256" Hash="F7365B2ECAD159FFD61261F114333765FD73E3039270F51837EB24A63455AE9A" />
<Deny ID="ID_DENY_BS_RCIO_08" FriendlyName="BS_RCIO\1d0105b5e41fe0280f66d7a24eb00a04c03caaec Hash Sha1" Hash="1D0105B5E41FE0280F66D7A24EB00A04C03CAAEC" />
<Deny ID="ID_DENY_BS_RCIO_09" FriendlyName="BS_RCIO\d9111b2bedf78a769bb0799b964663cd119edaa8 Hash Sha1" Hash="D9111B2BEDF78A769BB0799B964663CD119EDAA8" />
<Deny ID="ID_DENY_BS_RCIO_10" FriendlyName="BS_RCIO\362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc Hash Sha1" Hash="3311E4E94E8A6DD81859719FBE0FCBF187F0BD8A" />
<Deny ID="ID_DENY_BS_RCIO_11" FriendlyName="BS_RCIO\362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc Hash Sha256" Hash="F67E60228084151FDCB84E94A48693DB864CF606B65FAEF5A1D829175380DBFA" />
<Deny ID="ID_DENY_BS_RCIO_12" FriendlyName="BS_RCIO\362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc Hash Page Sha1" Hash="6C5340CA145D93FB04F8C45297B013D7A76CC816" />
<Deny ID="ID_DENY_BS_RCIO_13" FriendlyName="BS_RCIO\362c4f3dadc9c393682664a139d65d80e32caa2a97b6e0361dfd713a73267ecc Hash Page Sha256" Hash="DB004632D7E5EB01B13D826E476A45812BAD3E84A07D00F331D4C17A94A15366" />
<Deny ID="ID_DENY_BS_RCIO_14" FriendlyName="BS_RCIO\6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc Hash Sha1" Hash="3C8CAB4C08A37A105200FEB8F07DD818C8F03BFF" />
<Deny ID="ID_DENY_BS_RCIO_15" FriendlyName="BS_RCIO\6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc Hash Sha256" Hash="545190E8B2A910E153B12559A9875154A1B40D6424CB4A6299A84B2DC99DF700" />
<Deny ID="ID_DENY_BS_RCIO_16" FriendlyName="BS_RCIO\6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc Hash Page Sha1" Hash="0B20D30317527C83B72A0F5ED6416060BF005A02" />
<Deny ID="ID_DENY_BS_RCIO_17" FriendlyName="BS_RCIO\6191c20426dd9b131122fb97e45be64a4d6ce98cc583406f38473434636ddedc Hash Page Sha256" Hash="A2BFCECB9099B2022B51EB15977DF4EF228305FC24A3AD0F36FF43F7309B2820" />
<Deny ID="ID_DENY_BS_RCIO_18" FriendlyName="BS_RCIO\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha1" Hash="4BFE9E5A5A25B7CDE6C81EBE31ED4ABEB5147FAF" />
<Deny ID="ID_DENY_BS_RCIO_19" FriendlyName="BS_RCIO\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Sha256" Hash="0381632CD236CD94FA9E64CCC958516AC50F9437F99092E231A607B1E6BE6CF8" />
<Deny ID="ID_DENY_BS_RCIO_1A" FriendlyName="BS_RCIO\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha1" Hash="C28B640BECA5E2834D2A373F139869CC309F6631" />
<Deny ID="ID_DENY_BS_RCIO_1B" FriendlyName="BS_RCIO\73327429c505d8c5fd690a8ec019ed4fd5a726b607cabe71509111c7bfe9fc7e Hash Page Sha256" Hash="9378F7DFF94D9409D38FA1A125C52734D6BAEA90913FC3CEE2659FD36AB0DA29" />
<Deny ID="ID_DENY_BS_RCIO_1C" FriendlyName="BS_RCIO\d55b675941da4cc9be05f2ef7cea15784074772da585e5bf56d5be15afde4789 Hash Sha1" Hash="7297D6511634ECA91FEA5C5F3FAAB785DD13082B" />
<Deny ID="ID_DENY_BS_RCIO_1D" FriendlyName="BS_RCIO\d55b675941da4cc9be05f2ef7cea15784074772da585e5bf56d5be15afde4789 Hash Sha256" Hash="B3346AA8A3760128C99D7A80E8BBEEE66840CE419B9819E30CB08354C096EF93" />
<Deny ID="ID_DENY_BS_RCIO_1E" FriendlyName="BS_RCIO\d55b675941da4cc9be05f2ef7cea15784074772da585e5bf56d5be15afde4789 Hash Page Sha1" Hash="F93F92147E77B2C40BB13A30B7A469961B6E37F6" />
<Deny ID="ID_DENY_BS_RCIO_1F" FriendlyName="BS_RCIO\d55b675941da4cc9be05f2ef7cea15784074772da585e5bf56d5be15afde4789 Hash Page Sha256" Hash="1497746B441564887F2AE97FAAC17145C727F170B225073A3CC45CF6BBABACF0" />
<Deny ID="ID_DENY_BS_RCIO_20" FriendlyName="BS_RCIO\e9e711056fada8681f3eb5578a0d449b68568bc812e29dfcc0b92b9a9e481202 Hash Sha1" Hash="B798995FBAAB33D0DB4AC8C58551254768C76554" />
<Deny ID="ID_DENY_BS_RCIO_21" FriendlyName="BS_RCIO\e9e711056fada8681f3eb5578a0d449b68568bc812e29dfcc0b92b9a9e481202 Hash Sha256" Hash="30591EA53FBA8BAD22A017CF5A268211790706B7863F007CE20A77F2E3459170" />
<Deny ID="ID_DENY_BS_RCIO_22" FriendlyName="BS_RCIO\e9e711056fada8681f3eb5578a0d449b68568bc812e29dfcc0b92b9a9e481202 Hash Page Sha1" Hash="AF5B84A2456E2621F920D61130DDAAD32CD4729F" />
<Deny ID="ID_DENY_BS_RCIO_23" FriendlyName="BS_RCIO\e9e711056fada8681f3eb5578a0d449b68568bc812e29dfcc0b92b9a9e481202 Hash Page Sha256" Hash="6F698A9123CC763F0F035CF50177BF5690B4644802746C8C2F06F59CFC0D9F81" />
<Deny ID="ID_DENY_DIRECTIO_12" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="E8F7E20061F9CC20583DCAB3B16054D106B8AA83" />
<Deny ID="ID_DENY_DIRECTIO_13" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="B8BF3BD441EBC5814C5D39D053FDCB263E8E58476CBDEE4B1226903305F547B6" />
<Deny ID="ID_DENY_DIRECTIO_14" FriendlyName="PassMark DirectIo.sys Hash Page Sha1" Hash="36875A862D1E762E6CC75595EF37EA7460A1E1DF" />
@ -583,6 +611,56 @@ To check that the policy was successfully applied on your computer:
<Deny ID="ID_DENY_DIRECTIO_39" FriendlyName="PassMark DirectIo.sys Hash Sha256" Hash="2FB5D7E6DB01C9090BBA92ABF580D38993E02CE9357E08FE1F224A9B18056E5A" />
<Deny ID="ID_DENY_DIRECTIO_3A" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="AE806CA05E141B71664D9C6F20CC2369EF26F996" />
<Deny ID="ID_DENY_DIRECTIO_3B" FriendlyName="PassMark DirectIo.sys Hash Sha1" Hash="D0559503988DAA407FCC11E59079560CB456BB84" />
<Deny ID="ID_DENY_DIRECTIO_42" FriendlyName="DirectIO32\035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a Hash Sha1" Hash="59C8F056DEA50A4B6F6F63E50037089965568910" />
<Deny ID="ID_DENY_DIRECTIO_43" FriendlyName="DirectIO32\035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a Hash Sha256" Hash="2FB5D7E6DB01C9090BBA92ABF580D38993E02CE9357E08FE1F224A9B18056E5A" />
<Deny ID="ID_DENY_DIRECTIO_44" FriendlyName="DirectIO32\035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a Hash Page Sha1" Hash="76F561B94050F02639B216A27D221DCE66135A43" />
<Deny ID="ID_DENY_DIRECTIO_45" FriendlyName="DirectIO32\035b96ff8b85d312be0f9df6271714392a802ec8bab59ae8229812ddc67ced5a Hash Page Sha256" Hash="2C75CAEE18ECB8F6A3B41EF6CE13A65D847BC912423AB095CE760979D8D8E3B4" />
<Deny ID="ID_DENY_DIRECTIO_46" FriendlyName="DirectIO32\0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1 Hash Sha1" Hash="956C004DBED19D2682F159E03D4FAA3E2E8FC56C" />
<Deny ID="ID_DENY_DIRECTIO_47" FriendlyName="DirectIO32\0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1 Hash Sha256" Hash="A8492A553EE840235FD12FA47B6CAF1E5A8C82C3F4B681921246D7F192ED9126" />
<Deny ID="ID_DENY_DIRECTIO_48" FriendlyName="DirectIO32\0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1 Hash Page Sha1" Hash="08B00DD47D591EE66BC89CFFA424EDC7A9D2F880" />
<Deny ID="ID_DENY_DIRECTIO_49" FriendlyName="DirectIO32\0be4912bfd7a79f6ebfa1c06a59f0fb402bd4fe0158265780509edd0e562eac1 Hash Page Sha256" Hash="533C0CFEA1AF366C116F563D24F1D0845F6619330E2655BDD12CEF97E99B7F52" />
<Deny ID="ID_DENY_DIRECTIO_4A" FriendlyName="DirectIO32\12d5a3d3f3226839c446bb5f7f2aa8dd7593d2bac8dd0d101d1c95145d10b01e Hash Sha1" Hash="7AE9EB8FC6B922524C0A571AAA006731B5CD4F0B" />
<Deny ID="ID_DENY_DIRECTIO_4B" FriendlyName="DirectIO32\12d5a3d3f3226839c446bb5f7f2aa8dd7593d2bac8dd0d101d1c95145d10b01e Hash Sha256" Hash="FCA8E921D56DF22EE5A9C9FCE349385F4C8C5D490A880CB65DD01F8F13D73510" />
<Deny ID="ID_DENY_DIRECTIO_4C" FriendlyName="DirectIO32\12d5a3d3f3226839c446bb5f7f2aa8dd7593d2bac8dd0d101d1c95145d10b01e Hash Page Sha1" Hash="397D2707C1AE3FB2921278CF9ABA87160D4BBD6D" />
<Deny ID="ID_DENY_DIRECTIO_4D" FriendlyName="DirectIO32\12d5a3d3f3226839c446bb5f7f2aa8dd7593d2bac8dd0d101d1c95145d10b01e Hash Page Sha256" Hash="EF081F46B22B000E24A64FB82439950F76350844B6276E3BD0409CD2114A6A58" />
<Deny ID="ID_DENY_DIRECTIO_4E" FriendlyName="DirectIO32\16461fe1855e4cb4a5e3203f98a69376ad2dc8f69f1d43463206fdd6784b7fbf Hash Sha1" Hash="A48F4D7F1B02DACD4EB4FD51745765FCDB4BA0DE" />
<Deny ID="ID_DENY_DIRECTIO_4F" FriendlyName="DirectIO32\16461fe1855e4cb4a5e3203f98a69376ad2dc8f69f1d43463206fdd6784b7fbf Hash Sha256" Hash="FF8FDB301AD9AA29DCA21E43BA7946AF92E980C6CA448A58DD3EFE4D9BD336AE" />
<Deny ID="ID_DENY_DIRECTIO_50" FriendlyName="DirectIO32\2fc5f41dd013af78fc594e427f462161f61bf72403b9795133cc89d28d962722 Hash Sha1" Hash="01EB3760261439B8E230EBA09E9A63F5D3088C54" />
<Deny ID="ID_DENY_DIRECTIO_51" FriendlyName="DirectIO32\2fc5f41dd013af78fc594e427f462161f61bf72403b9795133cc89d28d962722 Hash Sha256" Hash="BC0CBC6B88892F3EFF2B47F65CEA98D1E66E4FBC9D3423AEBA511854D5250A44" />
<Deny ID="ID_DENY_DIRECTIO_52" FriendlyName="DirectIO32\2fc5f41dd013af78fc594e427f462161f61bf72403b9795133cc89d28d962722 Hash Page Sha1" Hash="E9141B742FA38ABDB1EA415D8431EE9A540CCCC8" />
<Deny ID="ID_DENY_DIRECTIO_53" FriendlyName="DirectIO32\2fc5f41dd013af78fc594e427f462161f61bf72403b9795133cc89d28d962722 Hash Page Sha256" Hash="7FBBDD248A335EF984CD773BE07AD88894C8FA9FB252378EA830863BD8233AB5" />
<Deny ID="ID_DENY_DIRECTIO_54" FriendlyName="DirectIO32\38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305 Hash Sha1" Hash="1AD46A8E038A62E146DDB5A4FE8CA5A56C53F018" />
<Deny ID="ID_DENY_DIRECTIO_55" FriendlyName="DirectIO32\38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305 Hash Sha256" Hash="542CD21B0C835B818E6B2EEA2EFE5B340FF3D554B2B7E13AF084F0817CC920FD" />
<Deny ID="ID_DENY_DIRECTIO_56" FriendlyName="DirectIO32\38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305 Hash Page Sha1" Hash="7CB9C71D717C466A9AD64F61AFABAF30BFE7372D" />
<Deny ID="ID_DENY_DIRECTIO_57" FriendlyName="DirectIO32\38b3eb8c86201d26353aab625cea672e60c2f66ce6f5e5eda673e8c3478bf305 Hash Page Sha256" Hash="9683B754C9C90E54D066D8B9FD958BA0449883E77AC6DD6078F1607ED0377378" />
<Deny ID="ID_DENY_DIRECTIO_58" FriendlyName="DirectIO32\3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa Hash Sha1" Hash="AE806CA05E141B71664D9C6F20CC2369EF26F996" />
<Deny ID="ID_DENY_DIRECTIO_59" FriendlyName="DirectIO32\3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa Hash Sha256" Hash="38FA9B5B66A11FD7387012C5C4BBD414ECA8361273D57DBA1E49AA6AF23337F3" />
<Deny ID="ID_DENY_DIRECTIO_5A" FriendlyName="DirectIO32\3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa Hash Page Sha1" Hash="C13AB8D1FEBD9E93E48E87CEA571C673DF3A10F3" />
<Deny ID="ID_DENY_DIRECTIO_5B" FriendlyName="DirectIO32\3f9530c94b689f39cc83377d76979d443275012e022782a600dcb5cad4cca6aa Hash Page Sha256" Hash="32394AC2E1F86BC84C9DCFB55763F8AA48DC1B1890815F2AAF924220530A1E5B" />
<Deny ID="ID_DENY_DIRECTIO_5C" FriendlyName="DirectIO32\65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75 Hash Sha1" Hash="6E2EA1D108B9F05F2D077ED6C254A70E2B11251D" />
<Deny ID="ID_DENY_DIRECTIO_5D" FriendlyName="DirectIO32\65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75 Hash Sha256" Hash="FB7CB120D51E217EE4CC50BEE619603BE5EB6091634DF45ACC5249AED283C9BE" />
<Deny ID="ID_DENY_DIRECTIO_5E" FriendlyName="DirectIO32\65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75 Hash Page Sha1" Hash="B267D4B987B094591C411F3992595751D75FC16E" />
<Deny ID="ID_DENY_DIRECTIO_5F" FriendlyName="DirectIO32\65025741ecd0ef516da01319b42c2d96e13cb8d78de53fb7e39cd53ea6d58c75 Hash Page Sha256" Hash="DB2CE6D1D435DA700134970EFED70EE117E653E8044BA16D08A089FC2DC828DD" />
<Deny ID="ID_DENY_DIRECTIO_60" FriendlyName="DirectIO32\72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb Hash Sha1" Hash="9703903219C7D7F88748FD68F277649B82F2DF83" />
<Deny ID="ID_DENY_DIRECTIO_61" FriendlyName="DirectIO32\72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb Hash Sha256" Hash="C3A215473D836C1D7315F371BFF4DEA956D7D1B440E43B4671F6E3772BAE00DD" />
<Deny ID="ID_DENY_DIRECTIO_62" FriendlyName="DirectIO32\72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb Hash Page Sha1" Hash="AB47DE03075B4AD717C0660CAA216067A78D6CEB" />
<Deny ID="ID_DENY_DIRECTIO_63" FriendlyName="DirectIO32\72288d4978ee87ea6c8b1566dbd906107357087cef7364fb3dd1e1896d00baeb Hash Page Sha256" Hash="7B86328F3D0DAAF1E254D555F368CE95B687F30DE3D993E3D541AD20EA0DE20E" />
<Deny ID="ID_DENY_DIRECTIO_64" FriendlyName="DirectIO32\7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd Hash Sha1" Hash="ABE422F9289FE922F671CC70C78046E2BDE5E309" />
<Deny ID="ID_DENY_DIRECTIO_65" FriendlyName="DirectIO32\7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd Hash Sha256" Hash="C0752DC13548FE8D3B5A7A73C04EBCD7BCFA5E4ECEC9BA233D193BD36ED4B54E" />
<Deny ID="ID_DENY_DIRECTIO_66" FriendlyName="DirectIO32\7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd Hash Page Sha1" Hash="D0353D279CAF5B6AEEE6640E52B10E2EFE45A807" />
<Deny ID="ID_DENY_DIRECTIO_67" FriendlyName="DirectIO32\7dfc2eb033d2e090540860b8853036f40736d02bd22099ff6cf665a90be659cd Hash Page Sha256" Hash="615C190AACB1BB2625960748710E8C5F9AA0D228FDC411B283CE87D27E601C15" />
<Deny ID="ID_DENY_DIRECTIO_68" FriendlyName="DirectIO32\e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac Hash Sha1" Hash="DE239BDA4C75F8B2CFBBF74823466491D2E1F76D" />
<Deny ID="ID_DENY_DIRECTIO_69" FriendlyName="DirectIO32\e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac Hash Sha256" Hash="D6753D2E6CF2F11932B4FEDD4362AB57651F8F3BAA886EACE22FD98A14EBC2E8" />
<Deny ID="ID_DENY_DIRECTIO_6A" FriendlyName="DirectIO32\e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac Hash Page Sha1" Hash="AADCEE4B8CF695774BD0B45C758AE442A67198A7" />
<Deny ID="ID_DENY_DIRECTIO_6B" FriendlyName="DirectIO32\e3b257357be41a18319332df7023c4407e2b93ac4c9e0c6754032e29f3763eac Hash Page Sha256" Hash="4B451FD9DFCE1E5396171122D32F5282DA86F179187360D8C501C235636D48EF" />
<Deny ID="ID_DENY_DIRECTIO_6C" FriendlyName="DirectIO32\e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc Hash Sha1" Hash="EF06513DC0F8456E09260857FD63EE1222C60C82" />
<Deny ID="ID_DENY_DIRECTIO_6D" FriendlyName="DirectIO32\e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc Hash Sha256" Hash="507CEE84E2924E81916C8BF090EFB1BEAB3C258A79E1E1BF3637B8B7824D0A86" />
<Deny ID="ID_DENY_DIRECTIO_6E" FriendlyName="DirectIO32\e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc Hash Page Sha1" Hash="5F0FA0C7FDB6B6EEC654050DC3263A80EFE09A9A" />
<Deny ID="ID_DENY_DIRECTIO_6F" FriendlyName="DirectIO32\e4c154a0073bbad3c9f8ab7218e9b3be252ae705c20c568861dae4088f17ffcc Hash Page Sha256" Hash="B511E7F23B0AC8DB6BA83C3099EE19F9B8FF6222988A1AA8F68B6ABD683EB4B4" />
<Deny ID="ID_DENY_DIRECTIO_70" FriendlyName="DirectIO32\fac102ef0a36d2d7b4390776a9c3edded72e01e7316949179e6fbe23495121fb Hash Sha1" Hash="6FED30DE2007FAD6EC008C640F74741DCCE3DF0D" />
<Deny ID="ID_DENY_DIRECTIO_71" FriendlyName="DirectIO32\fac102ef0a36d2d7b4390776a9c3edded72e01e7316949179e6fbe23495121fb Hash Sha256" Hash="A9EB36FB737735DFF8245E1AA599054C0214FB9DE0CBA371357ED59FDE451308" />
<Deny ID="ID_DENY_DIRECTIO_72" FriendlyName="DirectIO32\fac102ef0a36d2d7b4390776a9c3edded72e01e7316949179e6fbe23495121fb Hash Page Sha1" Hash="BCC1292F68AA179DA3EDFF5D5D6D1D991BEA7EB5" />
<Deny ID="ID_DENY_DIRECTIO_73" FriendlyName="DirectIO32\fac102ef0a36d2d7b4390776a9c3edded72e01e7316949179e6fbe23495121fb Hash Page Sha256" Hash="AC8A4EE171C6E4905B370F7E01F6C11F7669BE4613E8DACACB5428B5E87DB390" />
<Deny ID="ID_DENY_EIO64_1" FriendlyName="Asus EIO64\b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0 Hash Sha1" Hash="200BE5A696990EE97B4C3176234CDE46C3EBC2CE" />
<Deny ID="ID_DENY_EIO64_2" FriendlyName="Asus EIO64\b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0 Hash Sha256" Hash="72B36C64F0B349D7816C8E5E2D1A7F59807DE0C87D3F071A04DBC56BEC9C00DB" />
<Deny ID="ID_DENY_EIO64_3" FriendlyName="Asus EIO64\b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0 Hash Page Sha1" Hash="DB88BFE5F3DE4E3CC778FE456B542EC4135433A4" />
@ -690,18 +768,18 @@ To check that the policy was successfully applied on your computer:
<Deny ID="ID_DENY_MHYPROTRG_6" FriendlyName="mhyprotrpg.sys\f7d72d22cd4ad3e44fd617bdb4c90b9a884f4eb045688c0e3fb64dd33e033eaa Hash Sha256" Hash="5195443274EE3A382E947F03FD409437730434C2AF0C1BB1C99F5BA1953F989E" />
<Deny ID="ID_DENY_MHYPROTRG_7" FriendlyName="mhyprotrpg.sys\f7d72d22cd4ad3e44fd617bdb4c90b9a884f4eb045688c0e3fb64dd33e033eaa Hash Page Sha1" Hash="54FB65D429E10B277EB7B980768CA828A538EF08" />
<Deny ID="ID_DENY_MHYPROTRG_8" FriendlyName="mhyprotrpg.sys\f7d72d22cd4ad3e44fd617bdb4c90b9a884f4eb045688c0e3fb64dd33e033eaa Hash Page Sha256" Hash="FFEA367EECDCE7C46CDB2FF029D98AB95B8FB9CCD32F602E365DCE53E61C70B6" />
<Deny ID="ID_DENY_MSIO_SHA1_1" FriendlyName="MsIo.sys Hash Sha1" Hash="0CB0FD5BEA730E4EAAEC1426B0C15376CCAC6D83" />
<Deny ID="ID_DENY_MSIO_SHA256_1" FriendlyName="MsIo.sys Hash Sha256" Hash="0D0962DB9DC6879067270134801AD425C1F3E85B0DC39877C02AAA9C54ACA14E" />
<Deny ID="ID_DENY_MSIO_SHA1_PAGE_1" FriendlyName="MsIo.sys Hash Page Sha1" Hash="D4E21C205DE75CDE70CD73C52C646E1E5D333A35" />
<Deny ID="ID_DENY_MSIO_SHA256_PAGE_1" FriendlyName="MsIo.sys Hash Page Sha256" Hash="C1D2036235A489FDD8B3970C9EF01567443A87D17B0AD5C2A033D4C471D0ECDE" />
<Deny ID="ID_DENY_MSIO_SHA1_2" FriendlyName="MsIo.sys Hash Sha1" Hash="7E732ACB7CFAD9BA043A9350CDEFF25D742BECB8" />
<Deny ID="ID_DENY_MSIO_SHA256_2" FriendlyName="MsIo.sys Hash Sha256" Hash="7018D515A6C781EA6097CA71D0F0603AD0D689F7EC99DB27FCACD492A9E86027" />
<Deny ID="ID_DENY_MSIO_SHA1_PAGE_2" FriendlyName="MsIo.sys Hash Page Sha1" Hash="CDE1A50E1DF7870F8E4AFD8631E45A847C714C0A" />
<Deny ID="ID_DENY_MSIO_SHA256_PAGE_2" FriendlyName="MsIo.sys Hash Page Sha256" Hash="05736AB8B48DF84D81CB2CC0FBDC9D3DA34C22DB67A3E71C6F4B6B3923740DD5" />
<Deny ID="ID_DENY_MSIO_SHA1_3" FriendlyName="MsIo.sys Hash Sha1" Hash="07660D1867E20BE0212A96CBA6B5FE6BE7776EAF" />
<Deny ID="ID_DENY_MSIO_SHA256_3" FriendlyName="MsIo.sys Hash Sha256" Hash="BE0AF245444321E51F4DD8A90A19A0ABE05A060CBAD93701E23A02DF307957AE" />
<Deny ID="ID_DENY_MSIO_SHA1_4" FriendlyName="MsIo.sys Hash Sha1" Hash="B2CD3A63D04EAE427BEDE6C6FE8FACBA91ECECBF" />
<Deny ID="ID_DENY_MSIO_SHA256_4" FriendlyName="MsIo.sys Hash Sha256" Hash="D86D6732AC4D1CB41A2DCE40436B839C0DFDCEF9BA306CE5D0F97C0522ABFAC8" />
<Deny ID="ID_DENY_MSIO_1" FriendlyName="MsIo.sys Hash Sha1" Hash="0CB0FD5BEA730E4EAAEC1426B0C15376CCAC6D83" />
<Deny ID="ID_DENY_MSIO_2" FriendlyName="MsIo.sys Hash Sha256" Hash="0D0962DB9DC6879067270134801AD425C1F3E85B0DC39877C02AAA9C54ACA14E" />
<Deny ID="ID_DENY_MSIO_3" FriendlyName="MsIo.sys Hash Page Sha1" Hash="D4E21C205DE75CDE70CD73C52C646E1E5D333A35" />
<Deny ID="ID_DENY_MSIO_4" FriendlyName="MsIo.sys Hash Page Sha256" Hash="C1D2036235A489FDD8B3970C9EF01567443A87D17B0AD5C2A033D4C471D0ECDE" />
<Deny ID="ID_DENY_MSIO_5" FriendlyName="MSIo\525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd Hash Sha1" Hash="7E732ACB7CFAD9BA043A9350CDEFF25D742BECB8" />
<Deny ID="ID_DENY_MSIO_6" FriendlyName="MSIo\525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd Hash Sha256" Hash="7018D515A6C781EA6097CA71D0F0603AD0D689F7EC99DB27FCACD492A9E86027" />
<Deny ID="ID_DENY_MSIO_7" FriendlyName="MSIo\525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd Hash Page Sha1" Hash="CDE1A50E1DF7870F8E4AFD8631E45A847C714C0A" />
<Deny ID="ID_DENY_MSIO_8" FriendlyName="MSIo\525d9b51a80ca0cd4c5889a96f857e73f3a80da1ffbae59851e0f51bdfb0b6cd Hash Page Sha256" Hash="05736AB8B48DF84D81CB2CC0FBDC9D3DA34C22DB67A3E71C6F4B6B3923740DD5" />
<Deny ID="ID_DENY_MSIO_9" FriendlyName="MsIo.sys Hash Sha1" Hash="07660D1867E20BE0212A96CBA6B5FE6BE7776EAF" />
<Deny ID="ID_DENY_MSIO_10" FriendlyName="MsIo.sys Hash Sha256" Hash="BE0AF245444321E51F4DD8A90A19A0ABE05A060CBAD93701E23A02DF307957AE" />
<Deny ID="ID_DENY_MSIO_11" FriendlyName="MsIo.sys Hash Sha1" Hash="B2CD3A63D04EAE427BEDE6C6FE8FACBA91ECECBF" />
<Deny ID="ID_DENY_MSIO_12" FriendlyName="MsIo.sys Hash Sha256" Hash="D86D6732AC4D1CB41A2DCE40436B839C0DFDCEF9BA306CE5D0F97C0522ABFAC8" />
<Deny ID="ID_DENY_NVFLASH_1" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Sha1" Hash="213C4EC78132D6C0FDFDD7B640107E0CE4990A0E" />
<Deny ID="ID_DENY_NVFLASH_2" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Sha256" Hash="91EE89520105CCBCECA6EE0E34070F28C8DC5A3D73EC65F384DA5DA4F2A36DC0" />
<Deny ID="ID_DENY_NVFLASH_3" FriendlyName="nvflash.sys\0a89a6ab2fca486480b6e3dacf392d6ce0c59a5bdb4bcd18d672feb4ebb0543c Hash Page Sha1" Hash="C24D6F9132486AF1EB2937D9366275126A5A35E1" />
@ -980,31 +1058,38 @@ To check that the policy was successfully applied on your computer:
<Deny ID="ID_DENY_RETLIFTEN_SHA256_70" FriendlyName="b.sys Hash Sha256" Hash="84DF20B1D9D87E305C92E5FFAE21B10B325609D59D835A954DBD8750EF5DABF4" />
<Deny ID="ID_DENY_RETLIFTEN_SHA256_71" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102" />
<Deny ID="ID_DENY_RETLIFTEN_SHA256_72" FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A" />
<Deny ID="ID_DENY_RTCORE_1" FriendlyName="RTCore64\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Sha1" Hash="4A68C2D7A4C471E062A32C83A36EEDB45A619683" />
<Deny ID="ID_DENY_RTCORE_2" FriendlyName="RTCore64\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Sha256" Hash="478C36F8AF7844A80E24C1822507BEEF6314519185717EC7AE224A0E04B2F330" />
<Deny ID="ID_DENY_RTCORE_3" FriendlyName="RTCore64\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Page Sha1" Hash="84152FA241C3808F8C7752964589C957E440403F" />
<Deny ID="ID_DENY_RTCORE_4" FriendlyName="RTCore64\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Page Sha256" Hash="A807532037A3549AE3E046F183D782BCB78B6193163EA448098140563CF857CB" />
<Deny ID="ID_DENY_RTCORE_5" FriendlyName="RTCore64\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Sha1" Hash="DA1BD3AD4A8FE1E28C1DE28A7BF66AD82DA0DD29" />
<Deny ID="ID_DENY_RTCORE_6" FriendlyName="RTCore64\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Sha256" Hash="61A1F530A5D47339275657D7883911D64F64909569CF13D2E6868DF01A2A72CB" />
<Deny ID="ID_DENY_RTCORE_7" FriendlyName="RTCore64\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Page Sha1" Hash="BD2340853235FE2757829E7F899CE25BD65C5434" />
<Deny ID="ID_DENY_RTCORE_8" FriendlyName="RTCore64\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Page Sha256" Hash="74860E5563D3993635DC41E47BB34837C8B53ECBFF539244E1EC608E7B53D42D" />
<Deny ID="ID_DENY_RTCORE_9" FriendlyName="RTCore64\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Sha1" Hash="38B353D8480885DE5DCF299DECA99CE4F26A1D20" />
<Deny ID="ID_DENY_RTCORE_A" FriendlyName="RTCore64\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Sha256" Hash="5182CAF10DE9CEC0740ECDE5A081C21CDC100D7EB328FFE6F3F63183889FEC6B" />
<Deny ID="ID_DENY_RTCORE_B" FriendlyName="RTCore64\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Page Sha1" Hash="1A4F647C27D093675A674E5A8D83063A83231D28" />
<Deny ID="ID_DENY_RTCORE_C" FriendlyName="RTCore64\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Page Sha256" Hash="46D4A0CE75FA97837C7B6869D29AF9D6068F9023346E9D34C0E26E41198CDB80" />
<Deny ID="ID_DENY_RTCORE_D" FriendlyName="RTCore64\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Sha1" Hash="5717BF3E520ACCFFF5AD9943E53A3B118FB67F2E" />
<Deny ID="ID_DENY_RTCORE_E" FriendlyName="RTCore64\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Sha256" Hash="918D2E68A724B58D37443AEA159E70BF8B1B5EBB089C395CAD1D62745ECDAA19" />
<Deny ID="ID_DENY_RTCORE_F" FriendlyName="RTCore64\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Page Sha1" Hash="03E1FB2499B9361141E2AC4FCCB9CCE2A48A0342" />
<Deny ID="ID_DENY_RTCORE_10" FriendlyName="RTCore64\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Page Sha256" Hash="556B8ACD6EFF7D5A2A0320CD22CAD122254ABDEDCBBD749DB14CD8D314D609BE" />
<Deny ID="ID_DENY_RTCORE_11" FriendlyName="RTCore64\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Sha1" Hash="43D3A3C1F7B14CFCC051CAE2534DBBBB4C7FC120" />
<Deny ID="ID_DENY_RTCORE_12" FriendlyName="RTCore64\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Sha256" Hash="B8EB26B6F79020AE988E4FB752DC06E1B6779749BF4F8DF2872FC2B92BAB8020" />
<Deny ID="ID_DENY_RTCORE_13" FriendlyName="RTCore64\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Page Sha1" Hash="6AE84C64765F9271C4758D387AD1E07B64F7966D" />
<Deny ID="ID_DENY_RTCORE_14" FriendlyName="RTCore64\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Page Sha256" Hash="AA60FC20276D6779BBEA2A629C2FBAA3CE60ED2C2AD26230101FFF01A6E79A24" />
<Deny ID="ID_DENY_RTCORE_15" FriendlyName="RTCore64\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Sha1" Hash="B3249BACDA6E43AA2C46C2AF802C9EE0B7E2FD7B" />
<Deny ID="ID_DENY_RTCORE_16" FriendlyName="RTCore64\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Sha256" Hash="3C9829A16EB85272B0E1A2917FEFFAAB8DDB23E633B168B389669339A0CEE0B5" />
<Deny ID="ID_DENY_RTCORE_17" FriendlyName="RTCore64\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Page Sha1" Hash="060C4D64F67F9300F2DBD09F68B4B591AAAFA698" />
<Deny ID="ID_DENY_RTCORE_18" FriendlyName="RTCore64\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Page Sha256" Hash="BF0439DB3DCC00355291FEFF1D31F5B48CD1334DBBA3DAEB761E7084335D40E7" />
<Deny ID="ID_DENY_RTCORE_1D" FriendlyName="RTCore64\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Sha256" Hash="6279821BF9ECCED596F474C8FC547DAB0BDDBB3AB972390596BD4C5C7B85C685" />
<Deny ID="ID_DENY_RTCORE_29" FriendlyName="RTCore\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Sha1" Hash="4A68C2D7A4C471E062A32C83A36EEDB45A619683" />
<Deny ID="ID_DENY_RTCORE_2A" FriendlyName="RTCore\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Sha256" Hash="478C36F8AF7844A80E24C1822507BEEF6314519185717EC7AE224A0E04B2F330" />
<Deny ID="ID_DENY_RTCORE_2B" FriendlyName="RTCore\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Page Sha1" Hash="84152FA241C3808F8C7752964589C957E440403F" />
<Deny ID="ID_DENY_RTCORE_2C" FriendlyName="RTCore\01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd Hash Page Sha256" Hash="A807532037A3549AE3E046F183D782BCB78B6193163EA448098140563CF857CB" />
<Deny ID="ID_DENY_RTCORE_2D" FriendlyName="RTCore\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Sha1" Hash="DA1BD3AD4A8FE1E28C1DE28A7BF66AD82DA0DD29" />
<Deny ID="ID_DENY_RTCORE_2E" FriendlyName="RTCore\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Sha256" Hash="61A1F530A5D47339275657D7883911D64F64909569CF13D2E6868DF01A2A72CB" />
<Deny ID="ID_DENY_RTCORE_2F" FriendlyName="RTCore\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Page Sha1" Hash="BD2340853235FE2757829E7F899CE25BD65C5434" />
<Deny ID="ID_DENY_RTCORE_30" FriendlyName="RTCore\077aa8ff5e01747723b6d24cc8af460a7a00f30cd3bc80e41cc245ceb8305356 Hash Page Sha256" Hash="74860E5563D3993635DC41E47BB34837C8B53ECBFF539244E1EC608E7B53D42D" />
<Deny ID="ID_DENY_RTCORE_31" FriendlyName="RTCore\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Sha1" Hash="38B353D8480885DE5DCF299DECA99CE4F26A1D20" />
<Deny ID="ID_DENY_RTCORE_32" FriendlyName="RTCore\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Sha256" Hash="5182CAF10DE9CEC0740ECDE5A081C21CDC100D7EB328FFE6F3F63183889FEC6B" />
<Deny ID="ID_DENY_RTCORE_33" FriendlyName="RTCore\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Page Sha1" Hash="1A4F647C27D093675A674E5A8D83063A83231D28" />
<Deny ID="ID_DENY_RTCORE_34" FriendlyName="RTCore\08828990218ebb4415c1bb33fa2b0a009efd0784b18b3f7ecd3bc078343f7208 Hash Page Sha256" Hash="46D4A0CE75FA97837C7B6869D29AF9D6068F9023346E9D34C0E26E41198CDB80" />
<Deny ID="ID_DENY_RTCORE_35" FriendlyName="RTCore\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Sha1" Hash="5717BF3E520ACCFFF5AD9943E53A3B118FB67F2E" />
<Deny ID="ID_DENY_RTCORE_36" FriendlyName="RTCore\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Sha256" Hash="918D2E68A724B58D37443AEA159E70BF8B1B5EBB089C395CAD1D62745ECDAA19" />
<Deny ID="ID_DENY_RTCORE_37" FriendlyName="RTCore\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Page Sha1" Hash="03E1FB2499B9361141E2AC4FCCB9CCE2A48A0342" />
<Deny ID="ID_DENY_RTCORE_38" FriendlyName="RTCore\0aca4447ee54d635f76b941f6100b829dc8b2e0df27bdf584acb90f15f12fbda Hash Page Sha256" Hash="556B8ACD6EFF7D5A2A0320CD22CAD122254ABDEDCBBD749DB14CD8D314D609BE" />
<Deny ID="ID_DENY_RTCORE_39" FriendlyName="RTCore\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Sha1" Hash="43D3A3C1F7B14CFCC051CAE2534DBBBB4C7FC120" />
<Deny ID="ID_DENY_RTCORE_3A" FriendlyName="RTCore\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Sha256" Hash="B8EB26B6F79020AE988E4FB752DC06E1B6779749BF4F8DF2872FC2B92BAB8020" />
<Deny ID="ID_DENY_RTCORE_3B" FriendlyName="RTCore\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Page Sha1" Hash="6AE84C64765F9271C4758D387AD1E07B64F7966D" />
<Deny ID="ID_DENY_RTCORE_3C" FriendlyName="RTCore\1c425793a8ce87be916969d6d7e9dd0687b181565c3b483ce53ad1ec6fb72a17 Hash Page Sha256" Hash="AA60FC20276D6779BBEA2A629C2FBAA3CE60ED2C2AD26230101FFF01A6E79A24" />
<Deny ID="ID_DENY_RTCORE_3D" FriendlyName="RTCore\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Sha1" Hash="B3249BACDA6E43AA2C46C2AF802C9EE0B7E2FD7B" />
<Deny ID="ID_DENY_RTCORE_3E" FriendlyName="RTCore\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Sha256" Hash="3C9829A16EB85272B0E1A2917FEFFAAB8DDB23E633B168B389669339A0CEE0B5" />
<Deny ID="ID_DENY_RTCORE_3F" FriendlyName="RTCore\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Page Sha1" Hash="060C4D64F67F9300F2DBD09F68B4B591AAAFA698" />
<Deny ID="ID_DENY_RTCORE_40" FriendlyName="RTCore\3ff50c67d51553c08dcb7c98342f68a0f54ad6658c5346c428bdcd1f185569f6 Hash Page Sha256" Hash="BF0439DB3DCC00355291FEFF1D31F5B48CD1334DBBA3DAEB761E7084335D40E7" />
<Deny ID="ID_DENY_RTCORE_41" FriendlyName="RTCore\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Sha1" Hash="8498265D4CA81B83EC1454D9EC013D7A9C0C87BF" />
<Deny ID="ID_DENY_RTCORE_42" FriendlyName="RTCore\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Sha256" Hash="606BECED7746CDB684D3A44F41E48713C6BBE5BFB1486C52B5CCA815E99D31B4" />
<Deny ID="ID_DENY_RTCORE_43" FriendlyName="RTCore\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Page Sha1" Hash="3B05785D8AD770E4356BC8041606B08BDAB56C99" />
<Deny ID="ID_DENY_RTCORE_44" FriendlyName="RTCore\40061b30b1243be76d5283cbc8abfe007e148097d4de7337670ff1536c4c7ba1 Hash Page Sha256" Hash="2DC771BED765E9FE8E79171A851BA158B8E84034FE0518A619F47F3450FFA2BC" />
<Deny ID="ID_DENY_RTCORE_45" FriendlyName="RTCore\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Sha1" Hash="A7CE1394D10DCFDE7B8A1C90667826DA68933673" />
<Deny ID="ID_DENY_RTCORE_46" FriendlyName="RTCore\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Sha256" Hash="6279821BF9ECCED596F474C8FC547DAB0BDDBB3AB972390596BD4C5C7B85C685" />
<Deny ID="ID_DENY_RTCORE_47" FriendlyName="RTCore\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Page Sha1" Hash="9E504DB591D321F1F8CEA62A5A111DA0EFB26447" />
<Deny ID="ID_DENY_RTCORE_48" FriendlyName="RTCore\bea8c6728d57d4b075f372ac82b8134ac8044fe13f533696a58e8864fa3efee3 Hash Page Sha256" Hash="BEDC7276543DAAFC11D44F5F603F8AA48C61837F7C4C9446F10FA522F3275D17" />
<Deny ID="ID_DENY_SEMAV6MSR64_SHA1" FriendlyName="semav6msr64.sys Hash Sha1" Hash="E3DBE2AA03847DF621591A4CAD69A5609DE5C237" />
<Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
<Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
@ -1031,16 +1116,48 @@ To check that the policy was successfully applied on your computer:
<Deny ID="ID_DENY_SUPERBMC_15" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Sha256" Hash="976C015B28197CCD15F807B776F705BDF612FC622FB0A4B9901B90F180BF2F8A" />
<Deny ID="ID_DENY_SUPERBMC_16" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Page Sha1" Hash="2303BEAB201455CC543E0CCE9D4D8698338787EB" />
<Deny ID="ID_DENY_SUPERBMC_17" FriendlyName="superbmc.sys\ee6bfdf5748fbbf579d6176026626ef39a0673e307c2029f5633e80f0babef54 Hash Page Sha256" Hash="161DC4F7ED741397F6BD6C2B012DBDF6E397CF02212C7DAAF303338206B1E3A7" />
<Deny ID="ID_DENY_WINIO_1" FriendlyName="WinIo64A.sys\0c74d09da7baf7c05360346e4c3512d0cd433d59 Hash Sha1" Hash="0C74D09DA7BAF7C05360346E4C3512D0CD433D59" />
<Deny ID="ID_DENY_WINIO_2" FriendlyName="WinIo64B.sys\f18e669127c041431cde8f2d03b15cfc20696056 Hash Sha1" Hash="F18E669127C041431CDE8F2D03B15CFC20696056" />
<Deny ID="ID_DENY_WINIO_3" FriendlyName="WinIo64B.sys\80ca9c9cce4b5e6afb92a56b5bfd954eca0ff690 Hash Sha1" Hash="80CA9C9CCE4B5E6AFB92A56B5BFD954ECA0FF690" />
<Deny ID="ID_DENY_WINIO_4" FriendlyName="WinIo64A.sys\c21043466942961203e751c9cebcd159e661fa1a Hash Sha1" Hash="C21043466942961203E751C9CEBCD159E661FA1A" />
<Deny ID="ID_DENY_WINIO_5" FriendlyName="WinIo64.sys\40cc2318ffffd458023c8cd1e285a5ad51adf538 Hash Sha1" Hash="40CC2318FFFFD458023C8CD1E285A5AD51ADF538" />
<Deny ID="ID_DENY_WINIO_6" FriendlyName="WinIO32B.sys\f1c8c3926d0370459a1b7f0cf3d17b22ff9d0c7f Hash Sha1" Hash="F1C8C3926D0370459A1B7F0CF3D17B22FF9D0C7F" />
<Deny ID="ID_DENY_WINIO_7" FriendlyName="WinIO32.sys\8fb149fc476cf5bf18dc575334edad7caf210996 Hash Sha1" Hash="8FB149FC476CF5BF18DC575334EDAD7CAF210996" />
<Deny ID="ID_DENY_WINIO_8" FriendlyName="WinIO32A.sys\01779ee53f999464465ed690d823d160f73f10e7 Hash Sha1" Hash="01779EE53F999464465ED690D823D160F73F10E7" />
<Deny ID="ID_DENY_WINIO_9" FriendlyName="WinIo64C.sys\b242b0332b9c9e8e17ec27ef10d75503d20d97b6 Hash Sha1" Hash="B242B0332B9C9E8E17EC27EF10D75503D20D97B6" />
<Deny ID="ID_DENY_WINIO_10" FriendlyName="WinIO64C.sys\a65fabaf64aa1934314aae23f25cdf215cbaa4b6 Hash Sha1" Hash="A65FABAF64AA1934314AAE23F25CDF215CBAA4B6" />
<Deny ID="ID_DENY_SYSINFO_1" FriendlyName="Noriyuki Miyazaki SysInfo\4fea15aabc4fc63a3e991412caf17283bbd257172ef7e255f40f5e22e0286902 Hash Sha1" Hash="E833F4E364DC5EFBABF1570DA86D1FA3E55804A7" />
<Deny ID="ID_DENY_SYSINFO_2" FriendlyName="Noriyuki Miyazaki SysInfo\4fea15aabc4fc63a3e991412caf17283bbd257172ef7e255f40f5e22e0286902 Hash Sha256" Hash="0122CDCF450F03B95B04560F77C2BB4643F379FBD903B07EA1300F9B974D32A3" />
<Deny ID="ID_DENY_SYSINFO_3" FriendlyName="Noriyuki Miyazaki SysInfo\7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb Hash Sha1" Hash="CA88F321631C1552E3E0BCD1F26AD3435CC9F1AE" />
<Deny ID="ID_DENY_SYSINFO_4" FriendlyName="Noriyuki Miyazaki SysInfo\7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb Hash Sha256" Hash="A82D08EF67BDFCCF0A2CF6D507C9FBB6AC42BD74BF2ADE46EC07FE253DEB6573" />
<Deny ID="ID_DENY_SYSINFO_5" FriendlyName="Noriyuki Miyazaki SysInfo\7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb Hash Page Sha1" Hash="3131729221F49ADBC0ED9FC3529F0AC915CBEFA9" />
<Deny ID="ID_DENY_SYSINFO_6" FriendlyName="Noriyuki Miyazaki SysInfo\7049f3c939efe76a5556c2a2c04386db51daf61d56b679f4868bb0983c996ebb Hash Page Sha256" Hash="954CCDEAB26CE6555FCD780AD646620DE11F32F2E8347E12C6C95CF6C14DF6CC" />
<Deny ID="ID_DENY_SYSINFO_7" FriendlyName="Noriyuki Miyazaki SysInfo\b85e9b69ad23bfb37452fe0b67dfa71e5980a8e4310b021bc6f8c36f893bc625 Hash Sha1" Hash="D6E675670E57B3758C1D9F04F51F0C0C46956805" />
<Deny ID="ID_DENY_SYSINFO_8" FriendlyName="Noriyuki Miyazaki SysInfo\b85e9b69ad23bfb37452fe0b67dfa71e5980a8e4310b021bc6f8c36f893bc625 Hash Sha256" Hash="6EE124F31A765CDBBB27831B8F3297F844A5F375E408A5953693B2E65F20165B" />
<Deny ID="ID_DENY_WINIO_1" FriendlyName="PartnerTech WinIo64A.sys\0c74d09da7baf7c05360346e4c3512d0cd433d59 Hash Sha1" Hash="0C74D09DA7BAF7C05360346E4C3512D0CD433D59" />
<Deny ID="ID_DENY_WINIO_2" FriendlyName="PartnerTech WinIo64B.sys\f18e669127c041431cde8f2d03b15cfc20696056 Hash Sha1" Hash="F18E669127C041431CDE8F2D03B15CFC20696056" />
<Deny ID="ID_DENY_WINIO_3" FriendlyName="PartnerTech WinIO32B.sys\f1c8c3926d0370459a1b7f0cf3d17b22ff9d0c7f Hash Sha1" Hash="F1C8C3926D0370459A1B7F0CF3D17B22FF9D0C7F" />
<Deny ID="ID_DENY_WINIO_4" FriendlyName="PartnerTech WinIO32A.sys\01779ee53f999464465ed690d823d160f73f10e7 Hash Sha1" Hash="01779EE53F999464465ED690D823D160F73F10E7" />
<Deny ID="ID_DENY_WINIO_5" FriendlyName="PartnerTech WinIo64C.sys\b242b0332b9c9e8e17ec27ef10d75503d20d97b6 Hash Sha1" Hash="B242B0332B9C9E8E17EC27EF10D75503D20D97B6" />
<Deny ID="ID_DENY_WINIO_6" FriendlyName="PartnerTech WinIO64C.sys\a65fabaf64aa1934314aae23f25cdf215cbaa4b6 Hash Sha1" Hash="A65FABAF64AA1934314AAE23F25CDF215CBAA4B6" />
<Deny ID="ID_DENY_WINIO_7" FriendlyName="PartnerTech WinIO\3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099 Hash Sha1" Hash="40CC2318FFFFD458023C8CD1E285A5AD51ADF538" />
<Deny ID="ID_DENY_WINIO_8" FriendlyName="PartnerTech WinIO\3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099 Hash Sha256" Hash="B3CBB2B364A494F096E68DC48CCA89799ED27E6B97B17633036E363A98FD4421" />
<Deny ID="ID_DENY_WINIO_9" FriendlyName="PartnerTech WinIO\3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099 Hash Page Sha1" Hash="2C68648ABBCCA6420CA2FFB2AAAD16F7EF68BD9D" />
<Deny ID="ID_DENY_WINIO_10" FriendlyName="PartnerTech WinIO\3243aab18e273a9b9c4280a57aecef278e10bfff19abb260d7a7820e41739099 Hash Page Sha256" Hash="6100C1247235D8DBC92ACA2E70F714E57B7793FD8B674394FA35580403E92ED5" />
<Deny ID="ID_DENY_WINIO_11" FriendlyName="PartnerTech WinIO\3c9b6da610e409f92f4f95f6f3f92a6e60e24903298a0e9af508f28e8c8962b6 Hash Sha1" Hash="8FB149FC476CF5BF18DC575334EDAD7CAF210996" />
<Deny ID="ID_DENY_WINIO_12" FriendlyName="PartnerTech WinIO\3c9b6da610e409f92f4f95f6f3f92a6e60e24903298a0e9af508f28e8c8962b6 Hash Sha256" Hash="40A8FD2D1DE93611AC88F29352476FBE0C2607B1D973DAB8923FF0811F92F659" />
<Deny ID="ID_DENY_WINIO_13" FriendlyName="PartnerTech WinIO\3c9b6da610e409f92f4f95f6f3f92a6e60e24903298a0e9af508f28e8c8962b6 Hash Page Sha1" Hash="499B2E14CF3EBDC070364DDA7E911E697F331617" />
<Deny ID="ID_DENY_WINIO_14" FriendlyName="PartnerTech WinIO\3c9b6da610e409f92f4f95f6f3f92a6e60e24903298a0e9af508f28e8c8962b6 Hash Page Sha256" Hash="570ED09D3E177FC64B3DBCC1F30880390CBE9D81EBC001AF80289DFA0F310CCF" />
<Deny ID="ID_DENY_WINIO_15" FriendlyName="PartnerTech WinIO\51e280cd9d1d84d43fab4a7be894804f24a1ca4d39f1df16fd8c60ea0a43b786 Hash Sha1" Hash="CC993C45125ED6917226511978DC6675B9E8BBD6" />
<Deny ID="ID_DENY_WINIO_16" FriendlyName="PartnerTech WinIO\51e280cd9d1d84d43fab4a7be894804f24a1ca4d39f1df16fd8c60ea0a43b786 Hash Sha256" Hash="2BABEC61087FA6A5A56D2D32C4C5B5BCE57B2337989E7B29E6E68651375D54A0" />
<Deny ID="ID_DENY_WINIO_17" FriendlyName="PartnerTech WinIO\51e280cd9d1d84d43fab4a7be894804f24a1ca4d39f1df16fd8c60ea0a43b786 Hash Page Sha1" Hash="46DB3BB27A5FF81ADABCD894CA1D18749854C7E7" />
<Deny ID="ID_DENY_WINIO_18" FriendlyName="PartnerTech WinIO\51e280cd9d1d84d43fab4a7be894804f24a1ca4d39f1df16fd8c60ea0a43b786 Hash Page Sha256" Hash="E25A654EDB45939F8E5DA3478A28207CDB05B2680519384A3386353A9553AE28" />
<Deny ID="ID_DENY_WINIO_19" FriendlyName="PartnerTech WinIO\752565bab29cd2c63b4ff59a8c637bed02c2689781067ddf7cfc5c5221eb1d68 Hash Sha1" Hash="B02CE0386B5753C74DD3519967C5B67F07C024FF" />
<Deny ID="ID_DENY_WINIO_20" FriendlyName="PartnerTech WinIO\752565bab29cd2c63b4ff59a8c637bed02c2689781067ddf7cfc5c5221eb1d68 Hash Sha256" Hash="67B31C23313DB5920EEC365049927ABE826C3C529B29114BF8D05F71F4CBCC7E" />
<Deny ID="ID_DENY_WINIO_21" FriendlyName="PartnerTech WinIO\752565bab29cd2c63b4ff59a8c637bed02c2689781067ddf7cfc5c5221eb1d68 Hash Page Sha1" Hash="7097A32B166DF975810F5115D940BCDB20CF4F08" />
<Deny ID="ID_DENY_WINIO_22" FriendlyName="PartnerTech WinIO\752565bab29cd2c63b4ff59a8c637bed02c2689781067ddf7cfc5c5221eb1d68 Hash Page Sha256" Hash="2B2C30493A4ADBF07FF05DC32BA7503AD718836B4D08B93DF85416C8F8064159" />
<Deny ID="ID_DENY_WINIO_23" FriendlyName="PartnerTech WinIO\7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c Hash Sha1" Hash="80CA9C9CCE4B5E6AFB92A56B5BFD954ECA0FF690" />
<Deny ID="ID_DENY_WINIO_24" FriendlyName="PartnerTech WinIO\7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c Hash Sha256" Hash="9199979B9F3EA2108299D028373A6EFFCC41C81A46EECB430CC6653211D2913D" />
<Deny ID="ID_DENY_WINIO_25" FriendlyName="PartnerTech WinIO\7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c Hash Page Sha1" Hash="2F0B56687B6ABB6A88928D0E1D4515B29C4B0D26" />
<Deny ID="ID_DENY_WINIO_26" FriendlyName="PartnerTech WinIO\7cfa5e10dff8a99a5d544b011f676bc383991274c693e21e3af40cf6982adb8c Hash Page Sha256" Hash="D1E90D9FEC3A58C6BAA9841721372377BF36994D77A9796BD29B32E97D560F98" />
<Deny ID="ID_DENY_WINIO_27" FriendlyName="PartnerTech WinIO\c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e Hash Sha1" Hash="C21043466942961203E751C9CEBCD159E661FA1A" />
<Deny ID="ID_DENY_WINIO_28" FriendlyName="PartnerTech WinIO\c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e Hash Sha256" Hash="961012D06EEAABD9EFF9B36173E566BF148A5C8F743F3329C70D8918EBA26093" />
<Deny ID="ID_DENY_WINIO_29" FriendlyName="PartnerTech WinIO\c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e Hash Page Sha1" Hash="3F0F7100E95E977E4AE56C36169980D7AB3399B9" />
<Deny ID="ID_DENY_WINIO_30" FriendlyName="PartnerTech WinIO\c9b49b52b493b53cd49c12c3fa9553e57c5394555b64e32d1208f5b96a5b8c6e Hash Page Sha256" Hash="76EA02A9E0406A3786E39BC11715A7026AB0F18D1C92152780040E94E0F1FED6" />
<Deny ID="ID_DENY_WINIO_31" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Sha1" Hash="8E93E37A72A13DAC1C4C0BC1DA6BDFB8BA8D9CB3" />
<Deny ID="ID_DENY_WINIO_32" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Sha256" Hash="5B6C10E103D42B17E5DDD6BEEC295BBF51CE56547134CE8D675A008A8243F615" />
<Deny ID="ID_DENY_WINIO_33" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Page Sha1" Hash="746414A878978FA039A6521F392167913CEA7C8D" />
<Deny ID="ID_DENY_WINIO_34" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Page Sha256" Hash="45DFA3B42C2789A741C5F29862A8CFC5998D889F96C5783C1A27AC03DE1A407A" />
<Deny ID="ID_DENY_WINRING0_SHA1" FriendlyName="WinRing0.sys Hash Sha1" Hash="12EB825418A932B1E4C6697DC7647E89AE52CF3F" />
<Deny ID="ID_DENY_WINRING0_SHA256" FriendlyName="WinRing0.sys Hash Sha256" Hash="4582ADB2E67EEBAFF755AE740C1F24BC3AF78E0F28E8E8DECB99F86BF155AB23" />
<Deny ID="ID_DENY_WINRING0_SHA1_PAGE" FriendlyName="WinRing0.sys Hash Page Sha1" Hash="497AFEB0D5B97D4B863704A2F77FFEF31220402D" />
@ -1062,6 +1179,7 @@ To check that the policy was successfully applied on your computer:
<FileAttrib ID="ID_FILEATTRIB_ASR_AUTOCHECK_1" FriendlyName="ASRAutoCheck\2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4 FileAttribute" FileName="AsrAutoChkUpdDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_ASR_AUTOCHECK_2" FriendlyName="ASRAutoCheck\4ae42c1f11a98dee07a0d7199f611699511f1fb95120fabc4c3c349c485467fe FileAttribute" FileName="AsrAutoChkUpdDrv_1_0_32.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_ASWARPOT" FriendlyName="Avast aswArpot FileAttribute" FileName="aswArPot.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.4.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_ASWSNX" FriendlyName="Aswsnx FileAttribute" FileName="aswSnx.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="17.1.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_ATILLK" FriendlyName="atillk64 FileAttribute" FileName="atillk64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_ATSZIO" FriendlyName="ATSZIO.sys FileAttribute" FileName="ATSZIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_AVGELAM" FriendlyName="Avast aswElam/avgElam Overpermissive ELAM FileAttribute" FileName="aswElam.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.6.400.65535" />
@ -1070,11 +1188,14 @@ To check that the policy was successfully applied on your computer:
<FileAttrib ID="ID_FILEATTRIB_BS_HWMIO64" FriendlyName="" FileName="BS_HWMIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2200" />
<FileAttrib ID="ID_FILEATTRIB_BS_I2CIO" FriendlyName="" FileName="BS_I2cIo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.0.0" />
<FileAttrib ID="ID_FILEATTRIB_BS_RCIO" FriendlyName="BS_RCIO.sys FileAttribute" FileName="BS_RCIO64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.0.1" />
<FileAttrib ID="ID_FILEATTRIB_BS_RCIO_W10" FriendlyName="BS_RCIO\7c6f16af074c3f1c74fc69734f1c8b8a03b0594ac2085d5a0c582fc8cc378858 FileAttribute" FileName="BS_RCIO64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_BS_MEM" FriendlyName="BSMEM64_W10 FileAttribute" FileName="BSMEM64_W10.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.1806.2201" />
<FileAttrib ID="ID_FILEATTRIB_BSMI" FriendlyName="" FileName="BSMI.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.3" />
<FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
<FileAttrib ID="ID_FILEATTRIB_CTIIO" FriendlyName="MicSys CtiIo\2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109 FileAttribute" FileName="CtiIo64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.1.23.0405" />
<FileAttrib ID="ID_FILEATTRIB_DRIVER7" FriendlyName="Asus driver7.sys\1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb FileAttribute" FileName="Driver7" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
<FileAttrib ID="ID_FILEATTRIB_EIO64" FriendlyName="ASUS EIO64.sys\1fac3fab8ea2137a7e81a26de121187bf72e7d16ffa3e9aec3886e2376d3c718 FileAttribute" FileName="EIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
<FileAttrib ID="ID_FILEATTRIB_EELAM" FriendlyName="ESET eelam Overpermissive ELAM FileAttribute" FileName="eelam.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.16.0" />
<FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
<FileAttrib ID="ID_FILEATTRIB_FAIRPLAY" FriendlyName="Deny FairplayKD.sys MTA San Andreas Versions 367.*" ProductName="MTA San Andreas" MinimumFileVersion="367.0.0.0" MaximumFileVersion="367.65535.65535.65535"/>
<FileAttrib ID="ID_FILEATTRIB_GMER" FriendlyName="GMEREK gmer64 FileAttribute" FileName="gmer64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
@ -1088,11 +1209,13 @@ To check that the policy was successfully applied on your computer:
<FileAttrib ID="ID_FILEATTRIB_IOBITUNLOCKER" FriendlyName="IObitUnlocker FileAttribute" FileName="IObitUnlocker.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.3.0.0" />
<FileAttrib ID="ID_FILEATTRIB_IQVW64" FriendlyName="IQVW64.sys FileAttribute" FileName="iQVW64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.4.0.0" />
<FileAttrib ID="ID_FILEATTRIB_KEVP64" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_LGCORETEMP" FriendlyName="LogiTech LgCoreTemp\93b266f38c3c3eaab475d81597abbd7cc07943035068bb6fd670dbbe15de0131 FileAttribute" FileName="LgCoreTemp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_LHA" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
<FileAttrib ID="ID_FILEATTRIB_LV_DIAG" FriendlyName="LenovoDiagnosticsDriver FileAttribute" FileName="LenovoDiagnosticsDriver.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_LV561V64" FriendlyName="LV561V64 LogiTech FileAttribute" FileName="Lv561av.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_MONITOR" FriendlyName="IOBit Monitor.sys FileAttribute" FileName="Monitor.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="15.0.0.2" />
<FileAttrib ID="ID_FILEATTRIB_MSIO" FriendlyName="MicSys MSIO\0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff FileAttribute" FileName="MsIo64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.3.23.0405" />
<FileAttrib ID="ID_FILEATTRIB_MTCBSV64" FriendlyName="mtcBSv64.sys FileAttribute" FileName="mtcBSv64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="21.2.0.0" />
<FileAttrib ID="ID_FILEATTRIB_MYDRIVERS" FriendlyName="mydrivers.sys FileAttribute" FileName="mydrivers.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_NCHGBIOS2X64" FriendlyName="" FileName="NCHGBIOS2x64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.2.4.0" />
@ -1101,10 +1224,12 @@ To check that the policy was successfully applied on your computer:
<FileAttrib ID="ID_FILEATTRIB_NSCM_DRIVER" FriendlyName="" FileName="nscm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
<FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_NVFLASH" FriendlyName="Nvidia NVFlash FileAttribute" FileName="nvflash.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.9.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_OPENLIBSYS" FriendlyName="OpenLibSys\91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c FileAttribute" FileName="OpenLibSys.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_PANIO_1" FriendlyName="PanIOx64\6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74 FileAttribute" FileName="PanIOx64.sys" MinimumFileVersion="1.0.0.1" />
<FileAttrib ID="ID_FILEATTRIB_PANIO_2" FriendlyName="PanIO\f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960 FileAttribute" FileName="PanIO.sys" MinimumFileVersion="1.0.0.1" />
<FileAttrib ID="ID_FILEATTRIB_PANIOMON_1" FriendlyName="PanMonFltx64\06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf FileAttribute" FileName="PanMonFltX64.sys" MinimumFileVersion="1.0.0.1" />
<FileAttrib ID="ID_FILEATTRIB_PANIOMON_2" FriendlyName="PanMonFlt\7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7 FileAttribute" FileName="PanMonFlt.sys" MinimumFileVersion="1.0.0.1" />
<FileAttrib ID="ID_FILEATTRIB_PCDOC" FriendlyName="PC-Doctor pcdsrvc\06a5d8632ecdd64da4e44ddf3495a62657b513b1139cb8a3a78f641d4e31bf95 FileAttribute" FileName="pcdsrvc" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.2.65535.65535"/>
<FileAttrib ID="ID_FILEATTRIB_PHYMEM" FriendlyName="Phymem FileAttribute" FileName="phymem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_PHYSMEM" FriendlyName="Physmem.sys FileAttribute" FileName="physmem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_PROCEXP" FriendlyName="Sysinternals Process Explorer FileAttribute" FileName="procexp.Sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="16.65535.65535.65535" />
@ -1128,6 +1253,10 @@ To check that the policy was successfully applied on your computer:
<FileAttrib ID="ID_FILEATTRIB_WCPU" FriendlyName="WCPU\159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980 FileAttribute" FileName="CPU Driver" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
<FileAttrib ID="ID_FILEATTRIB_WINRING0" FriendlyName="WinRing0.sys" FileName="WinRing0.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="2.0.0.0" />
<FileAttrib ID="ID_FILEATTRIB_WISEUNLO" FriendlyName="WiseUnlo FileAttribute" FileName="WiseUnlo.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
<FileAttrib ID="ID_FILEATTRIB_ZEMANA_1" FriendlyName="Zemana Antilog\05ece4f6bda72e7fd61fa950e80b811d3dbe0b4b1d53b0532d8df051d1ff074c FileAttribute" FileName="AntiLog32.sys" MinimumFileVersion="1.9.5.600" />
<FileAttrib ID="ID_FILEATTRIB_ZEMANA_2" FriendlyName="Zemana Zam\40b62ba97ba2edd3e01ed62d26ae8c09f36144ab33db18b42e5f1ccf82db1754 FileAttribute" FileName="ZAM.exe" MinimumFileVersion="2.74.0.259" />
<FileAttrib ID="ID_FILEATTRIB_ZEMANA_3" FriendlyName="Zemana PerfectGuard\fe48f38bc05a6f3d6590e0be572f1b5dd67fe0b7c97b891a586e3e67f5a5513e FileAttribute" FileName="PerfectGuard.sys" MinimumFileVersion="1.9.5.104" />
</FileRules>
<!--Signers-->
<Signers>
@ -1136,6 +1265,7 @@ To check that the policy was successfully applied on your computer:
<FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
<FileAttribRef RuleID="ID_FILEATTRIB_ASR_AUTOCHECK_1" />
<FileAttribRef RuleID="ID_FILEATTRIB_ASR_AUTOCHECK_2" />
<FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
<FileAttribRef RuleID="ID_FILEATTRIB_ATSZIO" />
<FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_DRIVER7" />
@ -1149,6 +1279,9 @@ To check that the policy was successfully applied on your computer:
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_RWDRV_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_RZPNK" />
<FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
<FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
<FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_3" />
</Signer>
<Signer ID="ID_SIGNER_VERISIGN_2010_2" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4678C6E4A8787A8E6ED2BCE8792B122F6C08AFD8" />
@ -1166,7 +1299,7 @@ To check that the policy was successfully applied on your computer:
<CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
<CertOemID Value="ENE Technology Inc." />
</Signer>
<Signer ID="ID_SIGNER_MB_RB_HACKS" Name="Microsoft Windows Third Party Component CA 2014 ENE Tech OPUS">
<Signer ID="ID_SIGNER_MB_RB_HACKS" Name="Microsoft Windows Third Party Component CA 2014 MB Rb online OPUS">
<CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
<CertOemID Value="MB Rb online" />
</Signer>
@ -1177,6 +1310,8 @@ To check that the policy was successfully applied on your computer:
<Signer ID="ID_SIGNER_DIGICERT_EV" Name="DigiCert EV Code Signing CA (SHA2)">
<CertRoot Type="TBS" Value="EEC58131DC11CD7F512501B15FDBC6074C603B68CA91F7162D5A042054EDB0CF" />
<FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_EIO64" />
<FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
@ -1198,6 +1333,9 @@ To check that the policy was successfully applied on your computer:
<FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
<FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
<FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
<FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
<FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_3" />
</Signer>
<Signer ID="ID_SIGNER_SANDRA" Name="GeoTrust TrustCenter CodeSigning CA I">
<CertRoot Type="TBS" Value="172F39BCA3DDA7C6D5169C96B34A5FE7E96FF0BD" />
@ -1254,12 +1392,14 @@ To check that the policy was successfully applied on your computer:
<CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
<FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
<FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
<FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
<FileAttribRef RuleID="ID_FILEATTRIB_HWRWDRV" />
<FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
<FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
<FileAttribRef RuleID="ID_FILEATTRIB_HPPORTIOX64" />
<FileAttribRef RuleID="ID_FILEATTRIB_LV_DIAG" />
<FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
<FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
<FileAttribRef RuleID="ID_FILEATTRIB_PROCEXP" />
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIO64_DRIVER" />
@ -1268,10 +1408,13 @@ To check that the policy was successfully applied on your computer:
<Signer ID="ID_SIGNER_WINDOWS_3RD_PARTY_2014" Name="Microsoft Windows Third Party Component CA 2014">
<CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
<CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
<FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
<FileAttribRef RuleID="ID_FILEATTRIB_BS_HWMIO64" />
<FileAttribRef RuleID="ID_FILEATTRIB_BS_MEM" />
<FileAttribRef RuleID="ID_FILEATTRIB_BS_RCIO" />
<FileAttribRef RuleID="ID_FILEATTRIB_BS_RCIO_W10" />
<FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_CTIIO" />
<FileAttribRef RuleID="ID_FILEATTRIB_HAXM" />
<FileAttribRef RuleID="ID_FILEATTRIB_HW" />
<FileAttribRef RuleID="ID_FILEATTRIB_HWINFO_1" />
@ -1279,10 +1422,12 @@ To check that the policy was successfully applied on your computer:
<FileAttribRef RuleID="ID_FILEATTRIB_IOBITUNLOCKER" />
<FileAttribRef RuleID="ID_FILEATTRIB_LHA" />
<FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_MSIO" />
<FileAttribRef RuleID="ID_FILEATTRIB_MYDRIVERS" />
<FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_NVFLASH" />
<FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIO_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_RTKIOW10X64_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_RZPNK" />
@ -1302,6 +1447,10 @@ To check that the policy was successfully applied on your computer:
<FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
<FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
<FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
<FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
<FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
<FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
<FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_3" />
</Signer>
<Signer ID="ID_SIGNER_VERISIGN_2004_BIOSTAR" Name="VeriSign Class 3 Code Signing 2004 CA">
<CertRoot Type="TBS" Value="C7FC1727F5B75A6421A1F95C73BBDB23580C48E5" />
@ -1363,6 +1512,7 @@ To check that the policy was successfully applied on your computer:
<CertRoot Type="TBS" Value="A08E79C386083D875014C409C13D144E0A24386132980DF11FF59737C8489EB1" />
<FileAttribRef RuleID="ID_FILEATTRIB_AMD_RYZEN" />
<FileAttribRef RuleID="ID_FILEATTRIB_AMDPP" />
<FileAttribRef RuleID="ID_FILEATTRIB_LGCORETEMP" />
<FileAttribRef RuleID="ID_FILEATTRIB_RZPNK" />
<FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
</Signer>
@ -1619,13 +1769,34 @@ To check that the policy was successfully applied on your computer:
<CertPublisher Value="AVAST Software s.r.o." />
<FileAttribRef RuleID="ID_FILEATTRIB_ASWARPOT" />
</Signer>
<Signer ID="ID_SIGNER_TMEL" Name="Microsoft Windows Third Party Component CA 2014">
<Signer ID="ID_SIGNER_ASWSNX_1" Name="DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1">
<CertRoot Type="TBS" Value="65B1D4076A89AE273F57E6EEEDECB3EAE129B4168F76FA7671914CDF461D542255C59D9B85B916AE0CA6FC0FCF7A8E64" />
<FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
</Signer>
<Signer ID="ID_SIGNER_ASWSNX_2" Name="DigiCert Trusted Root G4">
<CertRoot Type="TBS" Value="11533EFD6B326A4E065A936DE300FE0586A479F93D569D2403BD62C7AD35F1B2199DAEE3ADB510F429C4FC97B4B024E3" />
<FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
</Signer>
<Signer ID="ID_SIGNER_ASWSNX_3" Name="DigiCert High Assurance Code Signing CA-1">
<CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C" />
<CertPublisher Value="AVAST Software a.s." />
<FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
</Signer>
<Signer ID="ID_SIGNER_ASWSNX_4" Name="DigiCert Assured ID Code Signing CA-1">
<CertRoot Type="TBS" Value="47F4B9898631773231B32844EC0D49990AC4EB1E" />
<CertPublisher Value="AVG Technologies USA, Inc." />
<FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
</Signer>
<Signer ID="ID_SIGNER_MS_ELAM" Name="Microsoft Windows Third Party Component CA 2014">
<CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
<FileAttribRef RuleID="ID_FILEATTRIB_AVGELAM" />
<FileAttribRef RuleID="ID_FILEATTRIB_EELAM" />
<FileAttribRef RuleID="ID_FILEATTRIB_TMEL" />
</Signer>
<Signer ID="ID_SIGNER_MS_ELAM" Name="Microsoft Code Signing PCA 2010">
<Signer ID="ID_SIGNER_MS_ELAM_1" Name="Microsoft Code Signing PCA 2010">
<CertRoot Type="TBS" Value="121AF4B922A74247EA49DF50DE37609CC1451A1FE06B2CB7E1E079B492BD8195" />
<FileAttribRef RuleID="ID_FILEATTRIB_AVGELAM" />
<FileAttribRef RuleID="ID_FILEATTRIB_EELAM" />
<FileAttribRef RuleID="ID_FILEATTRIB_TMEL" />
</Signer>
<Signer ID="ID_SIGNER_AVGELAM_1" Name="DigiCert High Assurance Code Signing CA-1">
@ -1635,8 +1806,8 @@ To check that the policy was successfully applied on your computer:
</Signer>
<Signer ID="ID_SIGNER_AVGELAM_2" Name="DigiCert SHA2 Assured ID Code Signing CA">
<CertRoot Type="TBS" Value="E767799478F64A34B3F53FF3BB9057FE1768F4AB178041B0DCC0FF1E210CBA65" />
<CertPublisher Value="AVAST Software s.r.o." />
<FileAttribRef RuleID="ID_FILEATTRIB_AVGELAM" />
<FileAttribRef RuleID="ID_FILEATTRIB_ASWSNX" />
</Signer>
<Signer ID="ID_SIGNER_GMEREK" Name="GlobalSign CodeSigning CA - G2">
<CertRoot Type="TBS" Value="589A7D4DF869395601BA7538A65AFAE8C4616385" />
@ -1748,6 +1919,16 @@ To check that the policy was successfully applied on your computer:
<CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
<FileAttribRef RuleID="ID_FILEATTRIB_PROCEXP" />
</Signer>
<Signer ID="ID_SIGNER_OPENLIBSYS" Name="GlobalSign Primary Object Publishing CA">
<CertRoot Type="TBS" Value="041750993D7C9E063F02DFE74699598640911AAB" />
<CertPublisher Value="Noriyuki MIYAZAKI" />
<FileAttribRef RuleID="ID_FILEATTRIB_OPENLIBSYS" />
</Signer>
<Signer ID="ID_SIGNER_PCDOC" Name="DigiCert EV Code Signing CA">
<CertRoot Type="TBS" Value="2D54C16A8F8B69CCDEA48D0603C132F547A5CF75" />
<CertPublisher Value="PC-Doctor, Inc." />
<FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
</Signer>
<Signer ID="ID_SIGNER_BAOJI" Name="VeriSign Class 3 Code Signing 2010 CA - Baoji zhihengtaiye co.,ltd">
<CertRoot Type="TBS" Value="ED37AD43BC52426943019F77F35ED1A6B063B5B7" />
</Signer>
@ -1828,6 +2009,18 @@ To check that the policy was successfully applied on your computer:
<CertPublisher Value="Sun Microsystems, Inc." />
<FileAttribRef RuleID="ID_FILEATTRIB_VBOX" />
</Signer>
<Signer ID="ID_SIGNER_ZEMANA_1" Name="DigiCert High Assurance Code Signing CA-1">
<CertRoot Type="TBS" Value="1D7E838ACCD498C2E5BA9373AF819EC097BB955C" />
<CertPublisher Value="Zemana Ltd." />
</Signer>
<Signer ID="ID_SIGNER_ZEMANA_2" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
<CertPublisher Value="Zemana Ltd." />
</Signer>
<Signer ID="ID_SIGNER_ZEMANA_3" Name="Microsoft Windows Third Party Component CA 2014">
<CertRoot Type="TBS" Value="D8BE9E4D9074088EF818BC6F6FB64955E90378B2754155126FEEBBBD969CF0AE" />
<CertOemID Value="ZEMANA A.Ş." />
</Signer>
</Signers>
<!--Driver Signing Scenarios-->
<SigningScenarios>
@ -1847,6 +2040,10 @@ To check that the policy was successfully applied on your computer:
<DeniedSigner SignerId="ID_SIGNER_ASWARPOT_4" />
<DeniedSigner SignerId="ID_SIGNER_ASWARPOT_5" />
<DeniedSigner SignerId="ID_SIGNER_ASWARPOT_6" />
<DeniedSigner SignerId="ID_SIGNER_ASWSNX_1" />
<DeniedSigner SignerId="ID_SIGNER_ASWSNX_2" />
<DeniedSigner SignerId="ID_SIGNER_ASWSNX_3" />
<DeniedSigner SignerId="ID_SIGNER_ASWSNX_4" />
<DeniedSigner SignerId="ID_SIGNER_AVGELAM_1" />
<DeniedSigner SignerId="ID_SIGNER_AVGELAM_2" />
<DeniedSigner SignerId="ID_SIGNER_BAOJI" />
@ -1905,6 +2102,7 @@ To check that the policy was successfully applied on your computer:
<DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_KERNEL_SHA2" />
<DeniedSigner SignerId="ID_SIGNER_MIMIKATZ_USER" />
<DeniedSigner SignerId="ID_SIGNER_MS_ELAM" />
<DeniedSigner SignerId="ID_SIGNER_MS_ELAM_1" />
<DeniedSigner SignerId="ID_SIGNER_MYDRIVERS_1" />
<DeniedSigner SignerId="ID_SIGNER_MYDRIVERS_2" />
<DeniedSigner SignerId="ID_SIGNER_MYDRIVERS_3" />
@ -1912,8 +2110,10 @@ To check that the policy was successfully applied on your computer:
<DeniedSigner SignerId="ID_SIGNER_NVFLASH" />
<DeniedSigner SignerId="ID_SIGNER_NVFLASH_2" />
<DeniedSigner SignerId="ID_SIGNER_NVFLASH_3" />
<DeniedSigner SignerId="ID_SIGNER_OPENLIBSYS"/>
<DeniedSigner SignerId="ID_SIGNER_PAN" />
<DeniedSigner SignerId="ID_SIGNER_PHYSMEM" />
<DeniedSigner SignerId="ID_SIGNER_PCDOC"/>
<DeniedSigner SignerId="ID_SIGNER_PROCEXP_1" />
<DeniedSigner SignerId="ID_SIGNER_PROCEXP_2" />
<DeniedSigner SignerId="ID_SIGNER_PROCEXP_3" />
@ -1929,7 +2129,6 @@ To check that the policy was successfully applied on your computer:
<DeniedSigner SignerId="ID_SIGNER_PHYMEM_1" />
<DeniedSigner SignerId="ID_SIGNER_PHYMEM_2" />
<DeniedSigner SignerId="ID_SIGNER_SYMANTEC_CLASS_3" />
<DeniedSigner SignerId="ID_SIGNER_TMEL" />
<DeniedSigner SignerId="ID_SIGNER_TRUST_ASIA" />
<DeniedSigner SignerId="ID_SIGNER_VBOX" />
<DeniedSigner SignerId="ID_SIGNER_VERISIGN_2004" />
@ -1962,6 +2161,9 @@ To check that the policy was successfully applied on your computer:
<DeniedSigner SignerId="ID_SIGNER_NVIDIA_2015" />
<DeniedSigner SignerId="ID_SIGNER_VBOX_ORCALE" />
<DeniedSigner SignerId="ID_SIGNER_VBOX_SUN" />
<DeniedSigner SignerId="ID_SIGNER_ZEMANA_1" />
<DeniedSigner SignerId="ID_SIGNER_ZEMANA_2" />
<DeniedSigner SignerId="ID_SIGNER_ZEMANA_3" />
</DeniedSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_ALLOW_ALL_1" />
@ -2217,6 +2419,12 @@ To check that the policy was successfully applied on your computer:
<FileRuleRef RuleID="ID_DENY_AMIFLDRV_36" />
<FileRuleRef RuleID="ID_DENY_AMIFLDRV_37" />
<FileRuleRef RuleID="ID_DENY_AMIFLDRV_38" />
<FileRuleRef RuleID="ID_DENY_ASIO_1"/>
<FileRuleRef RuleID="ID_DENY_ASIO_2"/>
<FileRuleRef RuleID="ID_DENY_ASIO_3"/>
<FileRuleRef RuleID="ID_DENY_ASIO_4"/>
<FileRuleRef RuleID="ID_DENY_ASIO_5"/>
<FileRuleRef RuleID="ID_DENY_ASIO_6"/>
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1" />
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA256" />
<FileRuleRef RuleID="ID_DENY_ASUPIO64_SHA1_PAGE" />
@ -2369,6 +2577,28 @@ To check that the policy was successfully applied on your computer:
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_1" />
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA1_PAGE_1" />
<FileRuleRef RuleID="ID_DENY_BSHWMIO64_SHA256_PAGE_1" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_08" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_09" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_10" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_11" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_12" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_13" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_14" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_15" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_16" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_17" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_18" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_19" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_1A" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_1B" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_1C" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_1D" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_1E" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_1F" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_20" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_21" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_22" />
<FileRuleRef RuleID="ID_DENY_BS_RCIO_23" />
<FileRuleRef RuleID="ID_DENY_DHKERNEL_1" />
<FileRuleRef RuleID="ID_DENY_DHKERNEL_2" />
<FileRuleRef RuleID="ID_DENY_DHKERNEL_3" />
@ -2423,6 +2653,56 @@ To check that the policy was successfully applied on your computer:
<FileRuleRef RuleID="ID_DENY_DIRECTIO_39" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_3A" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_3B" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_42" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_43" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_44" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_45" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_46" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_47" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_48" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_49" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_4A" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_4B" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_4C" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_4D" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_4E" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_4F" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_50" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_51" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_52" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_53" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_54" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_55" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_56" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_57" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_58" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_59" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_5A" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_5B" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_5C" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_5D" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_5E" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_5F" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_60" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_61" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_62" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_63" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_64" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_65" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_66" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_67" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_68" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_69" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_6A" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_6B" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_6C" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_6D" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_6E" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_6F" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_70" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_71" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_72" />
<FileRuleRef RuleID="ID_DENY_DIRECTIO_73" />
<FileRuleRef RuleID="ID_DENY_EIO64_1" />
<FileRuleRef RuleID="ID_DENY_EIO64_2" />
<FileRuleRef RuleID="ID_DENY_EIO64_3" />
@ -2531,18 +2811,18 @@ To check that the policy was successfully applied on your computer:
<FileRuleRef RuleID="ID_DENY_MHYPROTRG_6" />
<FileRuleRef RuleID="ID_DENY_MHYPROTRG_7" />
<FileRuleRef RuleID="ID_DENY_MHYPROTRG_8" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA1_1" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA256_1" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA1_PAGE_1" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA256_PAGE_1" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA1_2" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA256_2" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA1_PAGE_2" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA256_PAGE_2" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA1_3" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA256_3" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA1_4" />
<FileRuleRef RuleID="ID_DENY_MSIO_SHA256_4" />
<FileRuleRef RuleID="ID_DENY_MSIO_1" />
<FileRuleRef RuleID="ID_DENY_MSIO_2" />
<FileRuleRef RuleID="ID_DENY_MSIO_3" />
<FileRuleRef RuleID="ID_DENY_MSIO_4" />
<FileRuleRef RuleID="ID_DENY_MSIO_5" />
<FileRuleRef RuleID="ID_DENY_MSIO_6" />
<FileRuleRef RuleID="ID_DENY_MSIO_7" />
<FileRuleRef RuleID="ID_DENY_MSIO_8" />
<FileRuleRef RuleID="ID_DENY_MSIO_9" />
<FileRuleRef RuleID="ID_DENY_MSIO_10" />
<FileRuleRef RuleID="ID_DENY_MSIO_11" />
<FileRuleRef RuleID="ID_DENY_MSIO_12" />
<FileRuleRef RuleID="ID_DENY_NVFLASH_1" />
<FileRuleRef RuleID="ID_DENY_NVFLASH_2" />
<FileRuleRef RuleID="ID_DENY_NVFLASH_3" />
@ -2829,31 +3109,38 @@ To check that the policy was successfully applied on your computer:
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_70" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_71" />
<FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_72" />
<FileRuleRef RuleID="ID_DENY_RTCORE_1" />
<FileRuleRef RuleID="ID_DENY_RTCORE_2" />
<FileRuleRef RuleID="ID_DENY_RTCORE_3" />
<FileRuleRef RuleID="ID_DENY_RTCORE_4" />
<FileRuleRef RuleID="ID_DENY_RTCORE_5" />
<FileRuleRef RuleID="ID_DENY_RTCORE_6" />
<FileRuleRef RuleID="ID_DENY_RTCORE_7" />
<FileRuleRef RuleID="ID_DENY_RTCORE_8" />
<FileRuleRef RuleID="ID_DENY_RTCORE_9" />
<FileRuleRef RuleID="ID_DENY_RTCORE_A" />
<FileRuleRef RuleID="ID_DENY_RTCORE_B" />
<FileRuleRef RuleID="ID_DENY_RTCORE_C" />
<FileRuleRef RuleID="ID_DENY_RTCORE_D" />
<FileRuleRef RuleID="ID_DENY_RTCORE_E" />
<FileRuleRef RuleID="ID_DENY_RTCORE_F" />
<FileRuleRef RuleID="ID_DENY_RTCORE_10" />
<FileRuleRef RuleID="ID_DENY_RTCORE_11" />
<FileRuleRef RuleID="ID_DENY_RTCORE_12" />
<FileRuleRef RuleID="ID_DENY_RTCORE_13" />
<FileRuleRef RuleID="ID_DENY_RTCORE_14" />
<FileRuleRef RuleID="ID_DENY_RTCORE_15" />
<FileRuleRef RuleID="ID_DENY_RTCORE_16" />
<FileRuleRef RuleID="ID_DENY_RTCORE_17" />
<FileRuleRef RuleID="ID_DENY_RTCORE_18" />
<FileRuleRef RuleID="ID_DENY_RTCORE_1D" />
<FileRuleRef RuleID="ID_DENY_RTCORE_29" />
<FileRuleRef RuleID="ID_DENY_RTCORE_2A" />
<FileRuleRef RuleID="ID_DENY_RTCORE_2B" />
<FileRuleRef RuleID="ID_DENY_RTCORE_2C" />
<FileRuleRef RuleID="ID_DENY_RTCORE_2D" />
<FileRuleRef RuleID="ID_DENY_RTCORE_2E" />
<FileRuleRef RuleID="ID_DENY_RTCORE_2F" />
<FileRuleRef RuleID="ID_DENY_RTCORE_30" />
<FileRuleRef RuleID="ID_DENY_RTCORE_31" />
<FileRuleRef RuleID="ID_DENY_RTCORE_32" />
<FileRuleRef RuleID="ID_DENY_RTCORE_33" />
<FileRuleRef RuleID="ID_DENY_RTCORE_34" />
<FileRuleRef RuleID="ID_DENY_RTCORE_35" />
<FileRuleRef RuleID="ID_DENY_RTCORE_36" />
<FileRuleRef RuleID="ID_DENY_RTCORE_37" />
<FileRuleRef RuleID="ID_DENY_RTCORE_38" />
<FileRuleRef RuleID="ID_DENY_RTCORE_39" />
<FileRuleRef RuleID="ID_DENY_RTCORE_3A" />
<FileRuleRef RuleID="ID_DENY_RTCORE_3B" />
<FileRuleRef RuleID="ID_DENY_RTCORE_3C" />
<FileRuleRef RuleID="ID_DENY_RTCORE_3D" />
<FileRuleRef RuleID="ID_DENY_RTCORE_3E" />
<FileRuleRef RuleID="ID_DENY_RTCORE_3F" />
<FileRuleRef RuleID="ID_DENY_RTCORE_40" />
<FileRuleRef RuleID="ID_DENY_RTCORE_41" />
<FileRuleRef RuleID="ID_DENY_RTCORE_42" />
<FileRuleRef RuleID="ID_DENY_RTCORE_43" />
<FileRuleRef RuleID="ID_DENY_RTCORE_44" />
<FileRuleRef RuleID="ID_DENY_RTCORE_45" />
<FileRuleRef RuleID="ID_DENY_RTCORE_46" />
<FileRuleRef RuleID="ID_DENY_RTCORE_47" />
<FileRuleRef RuleID="ID_DENY_RTCORE_48" />
<FileRuleRef RuleID="ID_DENY_SUPERBMC_2" />
<FileRuleRef RuleID="ID_DENY_SUPERBMC_3" />
<FileRuleRef RuleID="ID_DENY_SUPERBMC_4" />
@ -2876,6 +3163,14 @@ To check that the policy was successfully applied on your computer:
<FileRuleRef RuleID="ID_DENY_SUPERBMC_15" />
<FileRuleRef RuleID="ID_DENY_SUPERBMC_16" />
<FileRuleRef RuleID="ID_DENY_SUPERBMC_17" />
<FileRuleRef RuleID="ID_DENY_SYSINFO_1" />
<FileRuleRef RuleID="ID_DENY_SYSINFO_2" />
<FileRuleRef RuleID="ID_DENY_SYSINFO_3" />
<FileRuleRef RuleID="ID_DENY_SYSINFO_4" />
<FileRuleRef RuleID="ID_DENY_SYSINFO_5" />
<FileRuleRef RuleID="ID_DENY_SYSINFO_6" />
<FileRuleRef RuleID="ID_DENY_SYSINFO_7" />
<FileRuleRef RuleID="ID_DENY_SYSINFO_8" />
<FileRuleRef RuleID="ID_DENY_WINIO_1" />
<FileRuleRef RuleID="ID_DENY_WINIO_2" />
<FileRuleRef RuleID="ID_DENY_WINIO_3" />
@ -2886,6 +3181,30 @@ To check that the policy was successfully applied on your computer:
<FileRuleRef RuleID="ID_DENY_WINIO_8" />
<FileRuleRef RuleID="ID_DENY_WINIO_9" />
<FileRuleRef RuleID="ID_DENY_WINIO_10" />
<FileRuleRef RuleID="ID_DENY_WINIO_11" />
<FileRuleRef RuleID="ID_DENY_WINIO_12" />
<FileRuleRef RuleID="ID_DENY_WINIO_13" />
<FileRuleRef RuleID="ID_DENY_WINIO_14" />
<FileRuleRef RuleID="ID_DENY_WINIO_15" />
<FileRuleRef RuleID="ID_DENY_WINIO_16" />
<FileRuleRef RuleID="ID_DENY_WINIO_17" />
<FileRuleRef RuleID="ID_DENY_WINIO_18" />
<FileRuleRef RuleID="ID_DENY_WINIO_19" />
<FileRuleRef RuleID="ID_DENY_WINIO_20" />
<FileRuleRef RuleID="ID_DENY_WINIO_21" />
<FileRuleRef RuleID="ID_DENY_WINIO_22" />
<FileRuleRef RuleID="ID_DENY_WINIO_23" />
<FileRuleRef RuleID="ID_DENY_WINIO_24" />
<FileRuleRef RuleID="ID_DENY_WINIO_25" />
<FileRuleRef RuleID="ID_DENY_WINIO_26" />
<FileRuleRef RuleID="ID_DENY_WINIO_27" />
<FileRuleRef RuleID="ID_DENY_WINIO_28" />
<FileRuleRef RuleID="ID_DENY_WINIO_29" />
<FileRuleRef RuleID="ID_DENY_WINIO_30" />
<FileRuleRef RuleID="ID_DENY_WINIO_31" />
<FileRuleRef RuleID="ID_DENY_WINIO_32" />
<FileRuleRef RuleID="ID_DENY_WINIO_33" />
<FileRuleRef RuleID="ID_DENY_WINIO_34" />
<FileRuleRef RuleID="ID_DENY_PROCESSHACKER" />
<FileRuleRef RuleID="ID_DENY_AMP" />
<FileRuleRef RuleID="ID_DENY_ASMMAP" />
@ -2918,7 +3237,7 @@ To check that the policy was successfully applied on your computer:
</Setting>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
<Value>
<String>10.0.25873.0</String>
<String>10.0.25880.0</String>
</Value>
</Setting>
</Settings>

16
windows/security/threat-protection/windows-defender-application-control/operations/known-issues.md
View File

@ -95,3 +95,19 @@ As a workaround, download the MSI file and run it locally:
```console
msiexec i c:\temp\Windows10_Version_1511_ADMX.msi
```
### Slow boot and performance with custom policies
WDAC will evaluate all running processes, including inbox Windows processes. If policies don't build off the WDAC templates or don't trust the Windows signers, you'll see slower boot times, degraded performance and possibly boot issues. For these reasons, it's strongly recommended to build off the [WDAC base templates](../example-wdac-base-policies.md).
#### AppId Tagging policy considerations
If the AppId Tagging Policy wasn't built off the WDAC base templates or doesn't allow the Windows in-box signers, you'll notice a significant increase in boot times (~2 minutes).
If you can't allowlist the Windows signers, or build off the WDAC base templates, it is strongly recommended to add the following rule to your policies to improve the performance:
:::image type="content" source="../images/known-issue-appid-dll-rule.png" alt-text="Allow all dlls in the policy.":::
:::image type="content" source="../images/known-issue-appid-dll-rule-xml.png" alt-text="Allow all dll files in the xml policy.":::
Since AppId Tagging policies evaluate but can't tag dll files, this rule will short circuit dll evaluation and improve evaluation performance.

3
windows/whats-new/deprecated-features.md
View File

@ -1,7 +1,7 @@
---
title: Deprecated features in the Windows client
description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11.
ms.date: 12/05/2022
ms.date: 06/08/2023
ms.prod: windows-client
ms.technology: itpro-fundamentals
ms.localizationpriority: medium
@ -36,6 +36,7 @@ The features in this article are no longer being actively developed, and might b
|Feature | Details and mitigation | Deprecation announced |
| ----------- | --------------------- | ---- |
| Cortana in Windows <!--7987543--> | Cortana in Windows as a standalone app is deprecated. This change only impacts Cortana in Windows, and your productivity assistant, Cortana, will continue to be available in Outlook mobile, Teams mobile, Microsoft Teams display, and Microsoft Teams rooms. | June 2023 |
| Microsoft Support Diagnostic Tool (MSDT) <!--6968128--> | [MSDT](/windows-server/administration/windows-commands/msdt) is deprecated and will be removed in a future release of Windows. MSDT is used to gather diagnostic data for analysis by support professionals. For more information, see [Resources for deprecated features](deprecated-features-resources.md) | January 2023 |
| Universal Windows Platform (UWP) Applications for 32-bit Arm <!--7116112-->| This change is applicable only to devices with an Arm processor, for example Snapdragon processors from Qualcomm. If you have a PC built with a processor from Intel or AMD, this content is not applicable. If you are not sure which type of processor you have, check **Settings** > **System** > **About**.</br> </br> Support for 32-bit Arm versions of applications will be removed in a future release of Windows 11. After this change, for the small number of applications affected, app features might be different and you might notice a difference in performance. For more technical details about this change, see [Update app architecture from Arm32 to Arm64](/windows/arm/arm32-to-arm64). | January 2023 |
| Update Compliance <!--7260188-->| [Update Compliance](/windows/deployment/update/update-compliance-monitor), a cloud-based service for the Windows client, is no longer being developed. This service has been replaced with [Windows Update for Business reports](/windows/deployment/update/wufb-reports-overview), which provides reporting on client compliance with Microsoft updates from the Azure portal. | November 2022|