deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 13:23:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #4414 from MaratMussabekov/patch-53

Browse Source 
Clarify parameters added in 1903
This commit is contained in:
Daniel Simpson
2019-07-25 06:27:41 -07:00
committed by GitHub
parent f6abc2013d bb8cbe683d
commit d978da490d
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
View File

@ -111,15 +111,16 @@ They could also choose to create a catalog that captures information about the u
Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules. Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules.
- New-CIPolicy parameters - New-CIPolicy parameter
- FilePath: create path rules under path \<path to scan> for anything not user-writeable (at the individual file level) - FilePath: create path rules under path \<path to scan> for anything not user-writeable (at the individual file level)
```powershell ```powershell
New-CIPolicy -f .\mypolicy.xml -l FilePath -s <path to scan> -u New-CIPolicy -FilePath .\mypolicy.xml -Level FileName -ScanPath <path to scan> -UserPEs
``` ```
Optionally, add -UserWriteablePaths to ignore user writeability Optionally, add -UserWriteablePaths to ignore user writeability
- New-CIPolicyRule parameter
- FilePathRule: create a rule where filepath string is directly set to value of \<any path string> - FilePathRule: create a rule where filepath string is directly set to value of \<any path string>
```powershell ```powershell
@ -134,7 +135,7 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD
$rules = New-CIPolicyRule … $rules = New-CIPolicyRule …
$rules += New-CIPolicyRule … $rules += New-CIPolicyRule …
New-CIPolicyRule -f .\mypolicy.xml -u New-CIPolicy -FilePath .\mypolicy.xml -Rules $rules -UserPEs
``` ```
- Wildcards supported - Wildcards supported
@ -149,6 +150,6 @@ Beginning with Windows 10 version 1903, Windows Defender Application Control (WD
- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy: - Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
```powershell ```powershell
Set-RuleOption -o 18 .\policy.xml Set-RuleOption -Option 18 .\policy.xml
``` ```