added preview text

2025-05-14 22:37:22 +00:00 · 2019-05-06 14:28:02 -07:00 · 2019-05-06 14:28:02 -07:00 · db7c319f3b
commit db7c319f3b
parent cab27d6990
2 changed files with 17 additions and 13 deletions
--- a/windows/security/threat-protection/windows-defender-application-control/sideloading-win32-apps-on-windows-10-s-mode-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/sideloading-win32-apps-on-windows-10-s-mode-devices.md
@ -17,6 +17,9 @@ ms.date: 05/06/2018
 -   Windows 10
 -   Windows Server 2016
 >[!IMPORTANT]
 >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 Windows 10 S mode is a locked-down system that only runs Store apps. 
 Although it provides tight security and thereby promises reduced management, its application control restrictions make it difficult for some to adopt it widely. 
 Sideloading makes S mode a more viable proposition for enterprise and education workloads by allowing critical Desktop apps in addition to Store apps.
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-improvements-in-windows-10-version-1903.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-improvements-in-windows-10-version-1903.md
@ -17,9 +17,14 @@ ms.date: 05/06/2018
 -   Windows 10
 -   Windows Server 2016
 >[!IMPORTANT]
 >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 This topic covers improvements introduced in Windows 10, version 1903.
 ## Path-based rules
-Beginning with Windows 10 version 1903, WDAC policies can contain path-based rules.
+Beginning with Windows 10 version 1903, Windows Defender Application Control (WDAC) policies can contain path-based rules.
 - New-CIPolicy parameters
  - FilePath: create path rules under path \<path to scan> for anything not user-writeable (at the individual file level)
@ -34,29 +39,25 @@ Beginning with Windows 10 version 1903, WDAC policies can contain path-based rul
    ```
    Useful for wildcards like C:\foo\\*
- Usage: same flow as per-app rules
+- Usage follows the same flow as per-app rules:
-  ```xml
+  ```powershell
  $rules = New-CIPolicyRule …
  $rules += New-CIPolicyRule …
  …
  ```
  ```console
  New-CIPolicyRule -f .\mypolicy.xml -u
  ```
- Wildcards supported:
+- Wildcards supported
-  Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe)
+  - Suffix (ex. C:\foo\\*) OR Prefix (ex. *\foo\bar.exe)
-  - One or the other, not both at the same time
+    - One or the other, not both at the same time
-  - Does not support wildcard in the middle (ex. C:\\*\foo.exe)
+    - Does not support wildcard in the middle (ex. C:\\*\foo.exe)
  - Examples:
    - %WINDIR%\\...
    - %SYSTEM32%\\...
    - %OSDRIVE%\\...
- Disable default FilePath rule protection of enforcing user-writeability
+- Disable default FilePath rule protection of enforcing user-writeability. For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
-  For example, to add “Disabled:Runtime FilePath Rule Protection” to the policy:
+  ```powershell
  ```console
  Set-RuleOption -o 18 .\policy.xml
  ```