deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-18 11:53:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Add critical warning for mixing path based rules with DENY rules

Browse Source
This commit is contained in:
jsuther1974
2019-09-27 10:02:51 -07:00
committed by GitHub
parent defd597868
commit d7ff60f581
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
View File

@ -110,6 +110,8 @@ They could also choose to create a catalog that captures information about the u
## Create path-based rules ## Create path-based rules
Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules.
> [!NOTE]
> Due to an existing bug, you can not combine Path-based ALLOW rules with any DENY rules in a single policy. Instead, either separate DENY rules into a separate Base policy or move the Path-based ALLOW rules into a supplemental policy as described in [Deploy multiple WDAC policies.](deploy-multiple-windows-defender-application-control-policies.md)
- New-CIPolicy parameter - New-CIPolicy parameter
- FilePath: create path rules under path \<path to scan> for anything not user-writeable (at the individual file level) - FilePath: create path rules under path \<path to scan> for anything not user-writeable (at the individual file level)