mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-20 04:43:37 +00:00
Merge branch 'master' into aljupudi-w11defender-branch01
This commit is contained in:
Rebecca Agiewich
GitHub
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Test an AppLocker policy by using Test-AppLockerPolicy (Windows 10)
|
||||
title: Test an AppLocker policy by using Test-AppLockerPolicy (Windows)
|
||||
description: This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
|
||||
ms.assetid: 048bfa38-6825-4a9a-ab20-776cf79f402a
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Test an AppLocker policy by using Test-AppLockerPolicy
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Test and update an AppLocker policy (Windows 10)
|
||||
title: Test and update an AppLocker policy (Windows)
|
||||
description: This topic discusses the steps required to test an AppLocker policy prior to deployment.
|
||||
ms.assetid: 7d53cbef-078c-4d20-8b00-e821e33b6ea1
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Test and update an AppLocker policy
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic discusses the steps required to test an AppLocker policy prior to deployment.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Tools to use with AppLocker (Windows 10)
|
||||
title: Tools to use with AppLocker (Windows)
|
||||
description: This topic for the IT professional describes the tools available to create and administer AppLocker policies.
|
||||
ms.assetid: db2b7cb3-7643-4be5-84eb-46ba551e1ad1
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Tools to use with AppLocker
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for the IT professional describes the tools available to create and administer AppLocker policies.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understand AppLocker enforcement settings (Windows 10)
|
||||
title: Understand AppLocker enforcement settings (Windows)
|
||||
description: This topic describes the AppLocker enforcement settings for rule collections.
|
||||
ms.assetid: 48773007-a343-40bf-8961-b3ff0a450d7e
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understand AppLocker enforcement settings
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic describes the AppLocker enforcement settings for rule collections.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understand AppLocker policy design decisions (Windows 10)
|
||||
title: Understand AppLocker policy design decisions (Windows)
|
||||
description: Review some common considerations while you are planning to use AppLocker to deploy application control policies within a Windows environment.
|
||||
ms.assetid: 3475def8-949a-4b51-b480-dc88b5c1e6e6
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understand AppLocker policy design decisions
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.
|
||||
|
||||
@ -46,7 +51,7 @@ You might need to control a limited number of apps because they access sensitive
|
||||
| Possible answers | Design considerations|
|
||||
| - | - |
|
||||
| Control all apps | AppLocker policies control applications by creating an allowed list of applications by file type. Exceptions are also possible. AppLocker policies can only be applied to applications installed on computers running one of the supported versions of Windows. For specific operating system version requirements, see [Requirements to use AppLocker](requirements-to-use-applocker.md).|
|
||||
| Control specific apps | When you create AppLocker rules, a list of allowed apps are created. All apps on that list will be allowed to run (except those on the exception list). Apps that are not on the list will be prevented from running. AppLocker policies can only be applied to apps installed on computers running any of the supported versions of Windows. For specific operating system version requirements, see [Requirements to use AppLocker](requirements-to-use-applocker.md).|
|
||||
| Control specific apps | When you create AppLocker rules, a list of allowed apps is created. All apps on that list will be allowed to run (except those on the exception list). Apps that are not on the list will be prevented from running. AppLocker policies can only be applied to apps installed on computers running any of the supported versions of Windows. For specific operating system version requirements, see [Requirements to use AppLocker](requirements-to-use-applocker.md).|
|
||||
|Control only Classic Windows applications, only Universal Windows apps, or both| AppLocker policies control apps by creating an allowed list of apps by file type. Because Universal Windows apps are categorized under the Publisher condition, Classic Windows applications and Universal Windows apps can be controlled together. AppLocker policies for Universal Windows apps can be applied only to apps that are installed on PCs that support the Microsoft Store, but Classic Windows applications can be controlled with AppLocker on all supported versions of Windows. The rules you currently have configured for Classic Windows applications can remain, and you can create new ones for Universal Windows apps.<br/>For a comparison of Classic Windows applications and Universal Windows apps, see [Comparing Classic Windows applications and Universal Windows apps for AppLocker policy design decisions](#bkmk-compareclassicmetro) in this topic.|
|
||||
| Control apps by business group and user | AppLocker policies can be applied through a Group Policy Object (GPO) to computer objects within an organizational unit (OU). Individual AppLocker rules can be applied to individual users or to groups of users.|
|
||||
| Control apps by computer, not user | AppLocker is a computer-based policy implementation. If your domain or site organizational structure is not based on a logical user structure, such as an OU, you might want to set up that structure before you begin your AppLocker planning. Otherwise, you will have to identify users, their computers, and their app access requirements.|
|
||||
@ -54,7 +59,7 @@ You might need to control a limited number of apps because they access sensitive
|
||||
|
||||
>**Important:** The following list contains files or types of files that cannot be managed by AppLocker:
|
||||
|
||||
- AppLocker does not protect against running 16-bit DOS binaries in a NT Virtual DOS Machine (NTVDM). This technology allows running legacy DOS and 16-bit Windows programs on computers that are using Intel 80386 or higher when there is already another operating system running and controlling the hardware. The result is that 16-bit binaries can still run on Windows Server 2008 R2 and Windows 7 when AppLocker is configured to otherwise block binaries and libraries. If it is a requirement to prevent 16-bit applications from running, you must configure the Deny rule in the Executable rule collection for NTVDM.exe.
|
||||
- AppLocker does not protect against running 16-bit DOS binaries in an NT Virtual DOS Machine (NTVDM). This technology allows running legacy DOS and 16-bit Windows programs on computers that are using Intel 80386 or higher when there is already another operating system running and controlling the hardware. The result is that 16-bit binaries can still run on Windows Server 2008 R2 and Windows 7 when AppLocker is configured to otherwise block binaries and libraries. If it is a requirement to prevent 16-bit applications from running, you must configure the Deny rule in the Executable rule collection for NTVDM.exe.
|
||||
|
||||
- You cannot use AppLocker to prevent code from running outside the Win32 subsystem. In particular, this applies to the (POSIX) subsystem in Windows NT. If it is a requirement to prevent applications from running in the POSIX subsystem, you must disable the subsystem.
|
||||
|
||||
@ -108,6 +113,7 @@ If your organization supports multiple Windows operating systems, app control po
|
||||
<tr class="odd">
|
||||
<td align="left"><p>Your organization's computers are running a combination of the following operating systems:</p>
|
||||
<ul>
|
||||
<li><p>Windows 11</p></li>
|
||||
<li><p>Windows 10</p></li>
|
||||
<li><p>Windows 8</p></li>
|
||||
<li><p>Windows 7</p></li>
|
||||
@ -130,6 +136,7 @@ If your organization supports multiple Windows operating systems, app control po
|
||||
<tr class="even">
|
||||
<td align="left"><p>Your organization's computers are running only the following operating systems:</p>
|
||||
<ul>
|
||||
<li><p>Windows 11</p></li>
|
||||
<li><p>Windows 10</p></li>
|
||||
<li><p>Windows 8.1</p></li>
|
||||
<li><p>Windows 8</p></li>
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understand AppLocker rules and enforcement setting inheritance in Group Policy (Windows 10)
|
||||
title: Understand AppLocker rules and enforcement setting inheritance in Group Policy (Windows)
|
||||
description: This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
|
||||
ms.assetid: c1c5a3d3-540a-4698-83b5-0dab5d27d871
|
||||
ms.reviewer:
|
||||
@ -21,12 +21,17 @@ ms.technology: mde
|
||||
# Understand AppLocker rules and enforcement setting inheritance in Group Policy
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
|
||||
|
||||
Rule enforcement is applied only to collections of rules, not individual rules. AppLocker divides the rules into the following collections: executable files, Windows Installer files, scripts, packaged apps and packaged app installers, and DLL files. The options for rule enforcement are **Not configured**, **Enforce rules**, or **Audit only**. Together, all AppLocker rule collections compose the application control policy, or AppLocker policy.
|
||||
Rule enforcement is applied only to collections of rules, not individual rules. AppLocker divides the rules into the following collections: executable files, Windows Installer files, scripts, packaged apps, and packaged app installers, and DLL files. The options for rule enforcement are **Not configured**, **Enforce rules**, or **Audit only**. Together, all AppLocker rule collections compose the application control policy, or AppLocker policy.
|
||||
|
||||
Group Policy merges AppLocker policy in two ways:
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understand the AppLocker policy deployment process (Windows 10)
|
||||
title: Understand the AppLocker policy deployment process (Windows)
|
||||
description: This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
|
||||
ms.assetid: 4cfd95c1-fbd3-41fa-8efc-d23c1ea6fb16
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understand the AppLocker policy deployment process
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understanding AppLocker allow and deny actions on rules (Windows 10)
|
||||
title: Understanding AppLocker allow and deny actions on rules (Windows)
|
||||
description: This topic explains the differences between allow and deny actions on AppLocker rules.
|
||||
ms.assetid: ea0370fa-2086-46b5-a0a4-4a7ead8cbed9
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understanding AppLocker allow and deny actions on rules
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic explains the differences between allow and deny actions on AppLocker rules.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understanding AppLocker default rules (Windows 10)
|
||||
title: Understanding AppLocker default rules (Windows)
|
||||
description: This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied.
|
||||
ms.assetid: bdb03d71-05b7-41fb-96e3-a289ce1866e1
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understanding AppLocker default rules
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understanding AppLocker rule behavior (Windows 10)
|
||||
title: Understanding AppLocker rule behavior (Windows)
|
||||
description: This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
|
||||
ms.assetid: 3e2738a3-8041-4095-8a84-45c1894c97d0
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understanding AppLocker rule behavior
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understanding AppLocker rule collections (Windows 10)
|
||||
title: Understanding AppLocker rule collections (Windows)
|
||||
description: This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.
|
||||
ms.assetid: 03c05466-4fb3-4880-8d3c-0f6f59fc5579
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understanding AppLocker rule collections
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic explains the five different types of AppLocker rules used to enforce AppLocker policies.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understanding AppLocker rule condition types (Windows 10)
|
||||
title: Understanding AppLocker rule condition types (Windows)
|
||||
description: This topic for the IT professional describes the three types of AppLocker rule conditions.
|
||||
ms.assetid: c21af67f-60a1-4f7d-952c-a6f769c74729
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understanding AppLocker rule condition types
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for the IT professional describes the three types of AppLocker rule conditions.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understanding AppLocker rule exceptions (Windows 10)
|
||||
title: Understanding AppLocker rule exceptions (Windows)
|
||||
description: This topic describes the result of applying AppLocker rule exceptions to rule collections.
|
||||
ms.assetid: e6bb349f-ee60-4c8d-91cd-6442f2d0eb9c
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understanding AppLocker rule exceptions
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic describes the result of applying AppLocker rule exceptions to rule collections.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understanding the file hash rule condition in AppLocker (Windows 10)
|
||||
title: Understanding the file hash rule condition in AppLocker (Windows)
|
||||
description: This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it is applied.
|
||||
ms.assetid: 4c6d9af4-2b1a-40f4-8758-1a6f9f147756
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understanding the file hash rule condition in AppLocker
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic explains the AppLocker file hash rule condition, the advantages and disadvantages, and how it is applied.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understanding the path rule condition in AppLocker (Windows 10)
|
||||
title: Understanding the path rule condition in AppLocker (Windows)
|
||||
description: This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied.
|
||||
ms.assetid: 3fa54ded-4466-4f72-bea4-2612031cad43
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understanding the path rule condition in AppLocker
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic explains the AppLocker path rule condition, the advantages and disadvantages, and how it is applied.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Understanding the publisher rule condition in AppLocker (Windows 10)
|
||||
title: Understanding the publisher rule condition in AppLocker (Windows)
|
||||
description: This topic explains the AppLocker publisher rule condition, what controls are available, and how it is applied.
|
||||
ms.assetid: df61ed8f-a97e-4644-9d0a-2169f18c1c4f
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Understanding the publisher rule condition in AppLocker
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic explains the AppLocker publisher rule condition, what controls are available, and how it is applied.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Use a reference device to create and maintain AppLocker policies (Windows 10)
|
||||
title: Use a reference device to create and maintain AppLocker policies (Windows)
|
||||
description: This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
|
||||
ms.assetid: 10c3597f-f44c-4c8e-8fe5-105d4ac016a6
|
||||
ms.author: macapara
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Use a reference device to create and maintain AppLocker policies
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for the IT professional describes the steps to create and maintain AppLocker policies by using a reference computer.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Use AppLocker and Software Restriction Policies in the same domain (Windows 10)
|
||||
title: Use AppLocker and Software Restriction Policies in the same domain (Windows)
|
||||
description: This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
|
||||
ms.assetid: 2b7e0cec-df62-49d6-a2b7-6b8e30180943
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Use AppLocker and Software Restriction Policies in the same domain
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
|
||||
|
||||
@ -71,8 +76,8 @@ The following table compares the features and functions of Software Restriction
|
||||
<tr class="odd">
|
||||
<td align="left"><p>Enforcement mode</p></td>
|
||||
<td align="left"><p>SRP works in the “deny list mode” where administrators can create rules for files that they do not want to allow in this Enterprise whereas the rest of the file is allowed to run by default.</p>
|
||||
<p>SRP can also be configured in the “allow list mode” so that by default all files are blocked and administrators need to create allow rules for files that they want to allow.</p></td>
|
||||
<td align="left"><p>AppLocker by default works in the “allow list mode” where only those files are allowed to run for which there is a matching allow rule.</p></td>
|
||||
<p>SRP can also be configured in the “allowlist mode” so that by default all files are blocked and administrators need to create allow rules for files that they want to allow.</p></td>
|
||||
<td align="left"><p>AppLocker by default works in the “allowlist mode” where only those files are allowed to run for which there is a matching allow rule.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td align="left"><p>File types that can be controlled</p></td>
|
||||
@ -126,7 +131,7 @@ The following table compares the features and functions of Software Restriction
|
||||
<td align="left"><p>Editing the hash value</p></td>
|
||||
<td align="left"><p>In Windows XP, you could use SRP to provide custom hash values.</p>
|
||||
<p>Beginning with Windows 7 and Windows Server 2008 R2, you can only select the file to hash, not provide the hash value.</p></td>
|
||||
<td align="left"><p>AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and a SHA2 flat file hash for the rest.</p></td>
|
||||
<td align="left"><p>AppLocker computes the hash value itself. Internally, it uses the SHA2 Authenticode hash for Portable Executables (exe and dll) and Windows Installers and an SHA2 flat file hash for the rest.</p></td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td align="left"><p>Support for different security levels</p></td>
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Use the AppLocker Windows PowerShell cmdlets (Windows 10)
|
||||
title: Use the AppLocker Windows PowerShell cmdlets (Windows)
|
||||
description: This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
|
||||
ms.assetid: 374e029c-5c0a-44ab-a57a-2a9dd17dc57d
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Use the AppLocker Windows PowerShell cmdlets
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for IT professionals describes how each AppLocker Windows PowerShell cmdlet can help you administer your AppLocker application control policies.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Using Event Viewer with AppLocker (Windows 10)
|
||||
title: Using Event Viewer with AppLocker (Windows)
|
||||
description: This topic lists AppLocker events and describes how to use Event Viewer with AppLocker.
|
||||
ms.assetid: 109abb10-78b1-4c29-a576-e5a17dfeb916
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Using Event Viewer with AppLocker
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic lists AppLocker events and describes how to use Event Viewer with AppLocker.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Use Software Restriction Policies and AppLocker policies (Windows 10)
|
||||
title: Use Software Restriction Policies and AppLocker policies (Windows)
|
||||
description: This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment.
|
||||
ms.assetid: c3366be7-e632-4add-bd10-9df088f74c6d
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Use Software Restriction Policies and AppLocker policies
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for the IT professional describes how to use Software Restriction Policies (SRP) and AppLocker policies in the same Windows deployment.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: What Is AppLocker (Windows 10)
|
||||
title: What Is AppLocker (Windows)
|
||||
description: This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies.
|
||||
ms.assetid: 44a8a2bb-0f83-4f95-828e-1f364fb65869
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# What Is AppLocker?
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for the IT professional describes what AppLocker is and how its features differ from Software Restriction Policies.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Windows Installer rules in AppLocker (Windows 10)
|
||||
title: Windows Installer rules in AppLocker (Windows)
|
||||
description: This topic describes the file formats and available default rules for the Windows Installer rule collection.
|
||||
ms.assetid: 3fecde5b-88b3-4040-81fa-a2d36d052ec9
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Windows Installer rules in AppLocker
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic describes the file formats and available default rules for the Windows Installer rule collection.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Working with AppLocker policies (Windows 10)
|
||||
title: Working with AppLocker policies (Windows)
|
||||
description: This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.
|
||||
ms.assetid: 7062d2e0-9cbb-4cb8-aa8c-b24945c3771d
|
||||
ms.reviewer:
|
||||
@ -21,8 +21,13 @@ ms.technology: mde
|
||||
# Working with AppLocker policies
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for IT professionals provides links to procedural topics about creating, maintaining, and testing AppLocker policies.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Working with AppLocker rules (Windows 10)
|
||||
title: Working with AppLocker rules (Windows)
|
||||
description: This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies.
|
||||
ms.assetid: 3966b35b-f2da-4371-8b5f-aec031db6bc9
|
||||
ms.reviewer:
|
||||
@ -19,8 +19,13 @@ ms.technology: mde
|
||||
# Working with AppLocker rules
|
||||
|
||||
**Applies to**
|
||||
- Windows 10
|
||||
- Windows Server
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic for IT professionals describes AppLocker rule types and how to work with them for your application control policies.
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows 10)
|
||||
title: Deploy Windows Defender Application Control (WDAC) policies by using Microsoft Endpoint Configuration Manager (MEMCM) (Windows)
|
||||
description: You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
|
||||
keywords: security, malware
|
||||
ms.prod: m365-security
|
||||
@ -21,13 +21,17 @@ ms.localizationpriority: medium
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
You can use Microsoft Endpoint Configuration Manager (MEMCM) to configure Windows Defender Application Control (WDAC) on client machines.
|
||||
|
||||
## Use MEMCM's built-in policies
|
||||
|
||||
MEMCM includes native support for WDAC, which allows you to configure Windows 10 client computers with a policy that will only allow:
|
||||
MEMCM includes native support for WDAC, which allows you to configure Windows 10 and Windows 11 client computers with a policy that will only allow:
|
||||
|
||||
- Windows components
|
||||
- Microsoft Store apps
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
title: Deploy Windows Defender Application Control (WDAC) policies using script (Windows 10)
|
||||
title: Deploy Windows Defender Application Control (WDAC) policies using script (Windows)
|
||||
description: Use scripts to deploy Windows Defender Application Control (WDAC) policies. Learn how with this step-by-step guide.
|
||||
keywords: security, malware
|
||||
ms.prod: m365-security
|
||||
@ -21,8 +21,12 @@ ms.localizationpriority: medium
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic describes how to deploy Windows Defender Application Control (WDAC) policies using script. The instructions below use PowerShell but can work with any scripting host.
|
||||
|
||||
> [!NOTE]
|
||||
|
||||
@ -20,8 +20,13 @@ ms.localizationpriority: medium
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10
|
||||
- Windows Server 2016 and above
|
||||
|
||||
- Windows 10
|
||||
- Windows 11
|
||||
- Windows Server 2016 and above
|
||||
|
||||
>[!NOTE]
|
||||
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Defender App Guard feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
|
||||
|
||||
This topic covers tips and tricks for admins as well as known issues with WDAC.
|
||||
Test this configuration in your lab before enabling it in production.
|
||||
|
||||
Reference in New Issue
Block a user