Merge pull request #5327 from MicrosoftDocs/master

driver topic update
2025-05-13 13:57:22 +00:00 · 2021-06-25 13:06:00 -07:00 · 2021-06-25 13:06:00 -07:00 · b92e1b5ed8
commit b92e1b5ed8
parent e9a37eb723 3c2c11cd6e
1 changed files with 154 additions and 7 deletions
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@ -1,9 +1,9 @@
 ---
 title: Microsoft recommended driver block rules (Windows 10)
-description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.
-keywords: security, malware, kernel mode, driver
+description: View a list of recommended block rules to block vulnerable third-party drivers discovered by Microsoft and the security research community.  
+keywords:  security, malware, kernel mode, driver
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
-ms.prod: m365-security
+ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@ -14,8 +14,7 @@ author: jgeurten
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
-ms.date: 10/15/2020
-ms.technology: mde
+ms.date: 
 ---

 # Microsoft recommended driver block rules
@ -30,7 +29,7 @@ Microsoft has strict requirements for code running in kernel. Consequently, mali
 - Hypervisor-protected code integrity (HVCI) enabled devices
 - Windows 10 in S mode (S mode) devices

-Microsoft recommends enabling [HVCI](../device-guard/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.
+Microsoft recommends enabling [HVCI](https://docs.microsoft.com/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity) or S mode to protect your devices against security threats. If this is not possible, Microsoft recommends blocking the following list of drivers by merging this policy with your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can result in devices or software to malfunction, and in rare cases, blue screen. It is recommended to first validate this policy in [audit mode](audit-windows-defender-application-control-policies.md) and review the audit block events.

 > [!Note]
 > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered. It is recommended that this policy be first validated in audit mode before rolling the rules into enforcement mode. 
@ -127,6 +126,80 @@ Microsoft recommends enabling [HVCI](../device-guard/enable-virtualization-based
    <Deny ID="ID_DENY_SEMAV6MSR64_SHA256" FriendlyName="semav6msr64.sys Hash Sha256" Hash="EB71A8ECEF692E74AE356E8CB734029B233185EE5C2CCB6CC87CC6B36BEA65CF" />
    <Deny ID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha1" Hash="F3821EC0AEF270F749DF9F44FBA91AFA5C8C38E8" />
    <Deny ID="ID_DENY_SEMAV6MSR64_SHA256_PAGE" FriendlyName="semav6msr64.sys Hash Page Sha256" Hash="4F12EE563E7496E7105D67BF64AF6B436902BE4332033AF0B5A242B206372CB7" />
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_1"  FriendlyName="nt2.sys Hash Sha1" Hash="8F0B99B53EB921547AFECF1F12B3299818C4E5D1"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_2"  FriendlyName="b4.sys Hash Sha1" Hash="4BBB9709D5F916FE78EAA15431F622761EFC496F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_3"  FriendlyName="nstr.sys Hash Sha1" Hash="61258963D900C2A39408EF4B51F69F405F55E407"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_4"  FriendlyName="netfilterdrv.sys Hash Sha1" Hash="A2DA5C397F737FA55D8F93D3CED5EB70AE09801F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_5"  FriendlyName="netfilterdrv.sys Hash Sha1" Hash="C58B6EF848CA87AD9EC4368C45C8F1EB7FA6BD16"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_6"  FriendlyName="d3.sys Hash Sha1" Hash="560D8869D48A71E59601B76240E9A6CFFB068C9C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_7"  FriendlyName="nt5.sys Hash Sha1" Hash="7A43BE821832E9BF55B1B781AE468179D0E4F56E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_8"  FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_9"  FriendlyName="netfilterdrv.sys Hash Sha1" Hash="1923D1F21FAFFCD7D511E2B313FE9415E6AD90AE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_10" FriendlyName="nstrwsk.sys Hash Sha1" Hash="83767982B3A5F70615A386F4D6638F20509F3560"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_11" FriendlyName="d4.sys Hash Sha1" Hash="E343AA3981393778F32DF94EFAC90FE35D6933A9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_12" FriendlyName="81.sys Hash Sha1" Hash="05AC1C64CA16AB0517FE85D4499D08199E63DF26"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_13" FriendlyName="b1.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_14" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="74CBC407ACD9D2A4BC609B2F8C9A09B90912D10C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_15" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8BC75E18953B7B23991B2FBC79713E1E175F75E4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_16" FriendlyName="ni.sys Hash Sha1" Hash="FD081F7A372B939DB8523E222D118B87450D3D19"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_17" FriendlyName="d.sys Hash Sha1" Hash="7C1BA790CA2AA03F30413D02F3A812FCCA1AB29F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_18" FriendlyName="bwrsh.sys Hash Sha1" Hash="73857ACDD7D7C9235F3E18C503A27E7C88C5FCB0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_19" FriendlyName="bw.sys Hash Sha1" Hash="150F5DAE8716B09A64CAC96862F5E2506A71E771"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_20" FriendlyName="b3.sys Hash Sha1" Hash="969A945C93F54FCBF17548903131D4B86042DF7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_21" FriendlyName="b1.sys Hash Sha1" Hash="1F7804D9185B1910C43BD4104D58B96994FF8E49"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_22" FriendlyName="nt3.sys Hash Sha1" Hash="295E590D49DF717C489C5C824E9C6896A14248BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_23" FriendlyName="nt4.sys Hash Sha1" Hash="EC7947AD1919C8F60BC973B96DA4132A1EA396E0"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_24" FriendlyName="bwrs.sys Hash Sha1" Hash="3DEBE170B5A113407F9E86EE6ED9AE00C3D82C9F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_25" FriendlyName="nt6.sys Hash Sha1" Hash="8403A17AE001FEF3488C2E641E2BE553CD5B478D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_26" FriendlyName="d2.sys Hash Sha1" Hash="002223FDDC5658EA22B7A8979984A9B54F63B316"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_27" FriendlyName="81.sys Hash Sha1" Hash="FAA870B0CB15C9AC2B9BBA5D0470BD501CCD4326"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_28" FriendlyName="81.sys Hash Sha1" Hash="ACA8E53483B40A06DFDEE81BB364B1622F9156FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_29" FriendlyName="full.sys Hash Sha1" Hash="4B8C0445075F09AEEF542AB1C86E5DE6B06E91A3"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_30" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_31" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E014C6BEBFDA944CE3A58AB9FE055D4F9367D49C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_32" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_33" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_34" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="8241C9A5755A740811C8E8D2739B33146ACD3E6D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_35" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_36" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA1_37" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E5A152BB57060C2B27E825258698BD7FF67907FF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_1"  FriendlyName="nt2.sys Hash Sha256" Hash="CB9890D4E303A4C03095D7BC176C42DEE1B47D8AA58E2F442EC1514C8F9E3CEC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_2"  FriendlyName="b4.sys Hash Sha256" Hash="DEC8A933DBA04463ED9BB7D53338FF87F2C23CFB79E0E988449FC631252C9DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_3"  FriendlyName="nstr.sys Hash Sha256" Hash="455BC98BA32ADAB8B47D2D89BDBADCA4910F91C182AB2FC3211BA07D3784537B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_4"  FriendlyName="netfilterdrv.sys Hash Sha256" Hash="DDD83AF2E99C2E51F2BBBB5A1FAADF9F2DDBC3E39B086935621D6846A8530D76"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_5"  FriendlyName="netfilterdrv.sys Hash Sha256" Hash="E6D0C06DEB74F0448391F2C14A08D5C1B7D263DC444ACC5C1CF57ACFE82DA6BB"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_6"  FriendlyName="d3.sys Hash Sha256" Hash="36875562E747136313EC5DB58174E5FAB870997A054CA8D3987D181599C7DB6A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_7"  FriendlyName="nt5.sys Hash Sha256" Hash="FD33FB2735CC5EF466A54807D3436622407287E325276FCD3ED1290C98BD0533"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_8"  FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_9"  FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C174566743B47AE3C3BBB9F32D2856DE5959E06EC100B648853058EEFCDA43FA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_10" FriendlyName="nstrwsk.sys Hash Sha256" Hash="3390919BB28D5C36CC348F9EF23BE5FA49BFD81263EB7740826E4437CBE904CD"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_11" FriendlyName="d4.sys Hash Sha256" Hash="823DA894B2C73FFCD39E77366B6F1ABF0AE9604D9B20140A54E6D55053AADEBA"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_12" FriendlyName="81.sys Hash Sha256" Hash="B430D3A0BDB837A5D6625D3B1CEF07ABD1953F969869FF6CF7BA398AE605431A"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_13" FriendlyName="b1.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_14" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="F05A1DF10900B05FB7211F3DADD15003FC91CFA28A08BCC6D7AFA02CD8AB3D5C"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_15" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="82774D5230C5B6604D6F67A32883F720B4695387F3F383AABC713FC2904FF45D"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_16" FriendlyName="ni.sys Hash Sha256" Hash="AE79E760C739D6214C1E314728A78A6CB6060CCE206FDE2440A69735D639A0A2"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_17" FriendlyName="d.sys Hash Sha256" Hash="0289FE12E675101CEE03934C1AF5CB73069A12170A88BD051E31A292B97F701B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_18" FriendlyName="bwrsh.sys Hash Sha256" Hash="37DDE6BD8A7A36111C3AC57E0AC20BBB93CE3374D0852BCACC9A2C8C8C30079E"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_19" FriendlyName="bw.sys Hash Sha256" Hash="0EBAEF662B14410C198395B13347E1D175334EC67919709AD37D65EBA013ADFF"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_20" FriendlyName="b3.sys Hash Sha256" Hash="708016FBE22C813A251098F8F992B177B476BD1BBC48C2ED4A122FF74910A965"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_21" FriendlyName="b1.sys Hash Sha256" Hash="A3E507E713F11901017FC328186AE98E23DE7CEA5594687480229F77D45848D8"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_22" FriendlyName="nt3.sys Hash Sha256" Hash="7D8937C18D6E11A0952E53970A0934CF0E65515637AC24D6CA52CCF4B93D385F"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_23" FriendlyName="nt4.sys Hash Sha256" Hash="D7BC7306CB489FE4C285BBEDDC6D1A09E814EF55CF30BD5B8DAF87A52396F102"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_24" FriendlyName="bwrs.sys Hash Sha256" Hash="221DFBC74BBB255B0879360CCC71A74B756B2E0F16E9386B38A9CE9D4E2E34F9"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_25" FriendlyName="nt6.sys Hash Sha256" Hash="15C53EB3A0EA44BBD2901A45A6EBEAE29BB123F9C1115C38DFB2CDBEC0642229"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_26" FriendlyName="d2.sys Hash Sha256" Hash="CB57F3A7FE9E1F8E63332C563B0A319B26C944BE839EABC03E9A3277756BA612"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_27" FriendlyName="81.sys Hash Sha256" Hash="5C206B569B7059B7C32EB5FC36922CB435C2B16C8D96DE1038C8BD298ED498FE"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_28" FriendlyName="81.sys Hash Sha256" Hash="3D31118A2E92377ECB632BD722132C04AF4E65E24FF87743796C75EB07CFCD71"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_29" FriendlyName="full.sys Hash Sha256" Hash="0988D366572A57B3015D875B60704517D05115580678E8F2E126F771EDA28F7B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_30" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="12A636449A491EF3DC8688C5D25BE9EBF785874F9C4573667EEFD42139201AA4"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_31" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="651FFA0C7AFF7B4A7695DDDD209DC3E7F68156E29A14D3FCC17AEF4F2A205DCC"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_32" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_33" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_34" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="C56536F99207915E5A1F7D4F014AB942BD820E64FF7F371AD0462EF26ED27242"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_35" FriendlyName="80.sys Hash Sha256" Hash="F08EBDDC11AEFCB46082C239F8D97CEEA247D846E22C4BCDD72AF75C1CBC6B0B"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_36" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7F1772BDF7DD81CB00D30159D19D4EB9160B54D7609B36F781D08CA3AFBD29A7"/>
+    <Deny ID="ID_DENY_RETLIFTEN_SHA256_37" FriendlyName="netfilterdrv.sys Hash Sha256" Hash="7113DEE11925B346192F6EE5441974DB7D1FE9B5BE1497A6B295C06930FDD264"/>
    <FileAttrib ID="ID_FILEATTRIB_CPUZ_DRIVER" FriendlyName="" FileName="cpuz.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.4.3" />
    <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
    <FileAttrib ID="ID_FILEATTRIB_LIBNICM_DRIVER" FriendlyName="" FileName="libnicm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.12.0" />
@ -352,6 +425,80 @@ Microsoft recommends enabling [HVCI](../device-guard/enable-virtualization-based
            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256"/>
            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE"/>
            <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256_PAGE"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_1" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_2" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_3" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_4" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_5" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_6" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_7" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_8" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_9" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_10"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_11"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_12"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_13"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_14"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_15"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_16"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_17"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_18"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_19"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_20"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_21"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_22"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_23"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_24"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_25"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_26"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_27"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_28"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_29"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_30"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_31"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_32"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_33"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_34"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_35"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_36"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA1_37"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_1" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_2" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_3" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_4" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_5" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_6" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_7" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_8" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_9" />
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_10"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_11"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_12"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_13"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_14"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_15"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_16"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_17"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_18"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_19"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_20"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_21"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_22"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_23"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_24"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_25"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_26"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_27"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_28"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_29"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_30"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_31"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_32"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_33"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_34"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_35"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_36"/>
+            <FileRuleRef RuleID="ID_DENY_RETLIFTEN_SHA256_37"/>
        </FileRulesRef>
      </ProductSigners>
    </SigningScenario>
@ -385,4 +532,4 @@ Microsoft recommends enabling [HVCI](../device-guard/enable-virtualization-based

 ## More information

- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md)
+- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md)