From dadf73dea9676bac0304d2663515a50a52376dc2 Mon Sep 17 00:00:00 2001 From: Kim Klein Date: Tue, 25 May 2021 12:24:24 -0700 Subject: [PATCH] Task ID 23142312 Fine tuning Root Cert section. --- .../event-tag-explanations.md | 46 +++++++++---------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md index 07690733e7..7d75cdc009 100644 --- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md +++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md @@ -94,29 +94,29 @@ Represents why verification failed, or if it succeeded. ## Microsoft Root CAs trusted by Windows -The rule means trust anything signed by a cert that chains to this root CA. Enums without values start at 0, and increment by 1 as you go down the below list. +The rule means trust anything signed by a cert that chains to this root CA. Enums without values start at 0, and increment by 1 as you go down the below list.
-typedef enum _MINCRYPT_KNOWN_ROOT_ID { -    MincryptKnownRootNone, <-- 0
-    MincryptKnownRootUnknown,
-    MincryptKnownRootSelfsigned,
-    MincryptKnownRootMicrosoftAuthenticodeRoot,
-    MincryptKnownRootMicrosoftProductRoot1997,
-    MincryptKnownRootMicrosoftProductRoot2001,
-    MincryptKnownRootMicrosoftProductRoot2010,
-    MincryptKnownRootMicrosoftStandardRoot2011,
-    MincryptKnownRootMicrosoftCodeVerificationRoot2006,
-    MincryptKnownRootMicrosoftTestRoot1999,
-    MincryptKnownRootMicrosoftTestRoot2010,
-    MincryptKnownRootMicrosoftDMDTestRoot2005,
-    MincryptKnownRootMicrosoftDMDRoot2005,
-    MincryptKnownRootMicrosoftDMDPreviewRoot2005,
-    MincryptKnownRootMicrosoftFlightRoot2014,
-    MincryptKnownRootMicrosoftThirdPartyMarketplaceRoot,
-    MincryptKnownRootMicrosoftEccTestingRootCa2017,
-    MincryptKnownRootMicrosoftEccDevelopmentRootCa2018,
-    MincryptKnownRootMicrosoftEccProductRootCa2018,
-    MincryptKnownRootMicrosoftEccDevicesRootCa2017,
-} MINCRYPT_KNOWN_ROOT_ID, *PMINCRYPT_KNOWN_ROOT_ID;
+| Root ID | Root Name | +|---|----------| +|0| None | +|1| Unknown | +|2 | Self-Signed | +|3 | Authenticode | +|4 | Microsoft Product Root 1997 | +|5 | Microsoft Product Root 2001 | +|6 | Microsoft Product Root 2010 | +|7 | Microsoft Standard Root 2011 | +|8 | Microsoft Code Verification Root 2006 | +|9 | Microsoft Test Root 1999 | +|10 | Microsoft Tes\t Root 2010 | +|11 | Microsoft DMD Test Root 2005 | +|12 | Microsoft DMDRoot 2005 | +|13 | Microsoft DMD Preview Root 2005 | +|14 | Microsoft Flight Root 2014 | +|15 | Microsoft Third Party Marketplace Root | +|16 | Microsoft Ecc Testing Root Ca2017 | +|17 | Microsoft Ecc Developmen tRoot Ca 2018 | +|18 | Microsoft Ecc Product Root Ca 2018 | +|19 | Microsoft Ecc Devices Root Ca 2017 | For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file. \ No newline at end of file