mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-19 20:33:42 +00:00
Remove dup signing page, add operational guide
Updating TOC to remove "Signing WDAC policies with SignTool.exe" page, as it is a duplicate of "Use signed policies to protect Windows Defender Application Control against tampering" Additionally, adding an operational guide section to follow design and deployment guides.
This commit is contained in:
Bella Brahm
@ -21,23 +21,24 @@
|
||||
### [Audit WDAC policies](audit-windows-defender-application-control-policies.md)
|
||||
### [Merge WDAC policies](merge-windows-defender-application-control-policies.md)
|
||||
### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md)
|
||||
### [Allow COM object registration](allow-com-object-registration-in-windows-defender-application-control-policy.md)
|
||||
### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md)
|
||||
### [Deploy WDAC policies using Intune](deploy-windows-defender-application-control-policies-using-intune.md)
|
||||
### [Allow COM object registration](allow-com-object-registration-in-windows-defender-application-control-policy.md)
|
||||
### [Use WDAC with .NET hardening](use-windows-defender-application-control-with-dynamic-code-security.md)
|
||||
### [Query WDAC events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md)
|
||||
### [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md)
|
||||
### [Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules](use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md)
|
||||
### [Use code signing to simplify application control for classic Windows applications](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md)
|
||||
#### [Optional: Use the Device Guard Signing Portal in the Microsoft Store for Business](use-device-guard-signing-portal-in-microsoft-store-for-business.md)
|
||||
#### [Optional: Create a code signing cert for WDAC](create-code-signing-cert-for-windows-defender-application-control.md)
|
||||
#### [Deploy catalog files to support WDAC](deploy-catalog-files-to-support-windows-defender-application-control.md)
|
||||
### [Manage packaged apps with WDAC](manage-packaged-apps-with-windows-defender-application-control.md)
|
||||
### [Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules](use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md)
|
||||
### [Use signed policies to protect Windows Defender Application Control against tampering](use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md)
|
||||
#### [Signing WDAC policies with SignTool.exe](signing-policies-with-signtool.md)
|
||||
### [Disable WDAC policies](disable-windows-defender-application-control-policies.md)
|
||||
### [LOB Win32 Apps on S Mode](LOB-win32-apps-on-s.md)
|
||||
|
||||
|
||||
## [Windows Defender Application Control operational guide](windows-defender-application-control-operational-guide.md)
|
||||
### [Query WDAC events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md)
|
||||
|
||||
|
||||
## [AppLocker](applocker\applocker-overview.md)
|
||||
### [Administer AppLocker](applocker\administer-applocker.md)
|
||||
|
||||
@ -0,0 +1,41 @@
|
||||
---
|
||||
title: Managing and troubleshooting Windows Defender Application Control policies (Windows 10)
|
||||
description: Gather information about how your deployed Windows Defender Application Control policies are behaving.
|
||||
keywords: whitelisting, security, malware
|
||||
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: deploy
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: medium
|
||||
audience: ITPro
|
||||
ms.collection: M365-security-compliance
|
||||
author: jsuther1974
|
||||
ms.reviewer: isbrahm
|
||||
ms.author: dansimp
|
||||
manager: dansimp
|
||||
ms.date: 03/16/2020
|
||||
---
|
||||
|
||||
# Windows Defender Application Control operational guide
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server 2016
|
||||
|
||||
After designing and deploying your Windows Defender Application Control (WDAC) policies, this guide covers understanding the effects your policies are having and troubleshooting when they are not behaving as expected. It contains information on where to find events and what they mean, and also querying these events with Microsoft Defender Advanted Threat Protection (MDATP) Advanced Hunting feature.
|
||||
|
||||
## WDAC Events Overview
|
||||
|
||||
WDAC generates and logs events when a policy is loaded as well as when a binary attempts to execute and is blocked. These events include information that identifies the policy and gives more details about the block. Generally, WDAC does not generate events when a binary is allowed; however, there is the option to enable allow events when Managed Installer and/or the Intelligent Security Graph (ISG) is configured.
|
||||
|
||||
WDAC events are generated under two locations:
|
||||
|
||||
1. Applications and Services logs – Microsoft – Windows – CodeIntegrity – Operational
|
||||
2. Applications and Services logs – Microsoft – Windows – AppLocker – MSI and Script
|
||||
|
||||
## In this section
|
||||
|
||||
| Topic | Description |
|
||||
| - | - |
|
||||
| [Query WDAC events with Advanced hunting](querying-application-control-events-centrally-using-advanced-hunting.md) | This topic covers how to view WDAC events centrally from all systems that are connected to Microsoft Defender ATP. |
|
||||
Reference in New Issue
Block a user