deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 15:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated -Fallback levels to SignedVersion,Publisher,Hash

Browse Source
This commit is contained in:
Jordan Geurten 2022-08-11 18:24:40 -04:00
parent 9bf6a92e00
commit d9164aedac
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies.md
View File

@ -59,7 +59,7 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**. 4. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to generate a new WDAC policy from logged audit events. This example uses a **FilePublisher** file rule level and a **Hash** fallback level. Warning messages are redirected to a text file **EventsPolicyWarnings.txt**.
```powershell ```powershell
New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback Hash UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings New-CIPolicy -FilePath $EventsPolicy -Audit -Level FilePublisher -Fallback SignedVersion,FilePublisher,Hash UserPEs -MultiplePolicyFormat 3> $EventsPolicyWarnings
``` ```
> [!NOTE] > [!NOTE]

4
windows/security/threat-protection/windows-defender-application-control/create-wdac-deny-policy.md
View File

@ -126,13 +126,13 @@ Deny rules and policies can be created using the PowerShell cmdlets or the [WDAC
### Software Publisher Based Deny Rule ### Software Publisher Based Deny Rule
```Powershell ```Powershell
$DenyRules += New-CIPolicyRule -Level FilePublisher -DriverFilePath <binary_to_block> -Deny -Fallback FileName,Hash $DenyRules += New-CIPolicyRule -Level FilePublisher -DriverFilePath <binary_to_block> -Fallback SignedVersion,Publisher,Hash -Deny
``` ```
### Software Attributes Based Deny Rule ### Software Attributes Based Deny Rule
```Powershell ```Powershell
$DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath <binary_to_block> -Deny -Fallback Hash $DenyRules += New-CIPolicyRule -Level FileName -DriverFilePath <binary_to_block> -Fallback Hash -Deny
``` ```
### Hash Based Deny Rule ### Hash Based Deny Rule