deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-30 01:33:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Task ID 23142312 and 29028100

Browse Source 
Made cosmetic changes to the certificate section in event-tags-explanation, and added a line break before the Figure 1 image in audit-and-enforce.
This commit is contained in:
Kim Klein
2021-05-27 09:37:24 -07:00
parent 6136ddc0d5
commit faee789b26
2 changed files with 23 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
View File

@ -41,7 +41,8 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md). 2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md).
**Figure 1. Exceptions to the deployed WDAC policy** **Figure 1. Exceptions to the deployed WDAC policy** <br>
![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png) ![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png)
3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**. 3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.

2
windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
View File

@ -94,7 +94,7 @@ Represents why verification failed, or if it succeeded.
## Microsoft Root CAs trusted by Windows ## Microsoft Root CAs trusted by Windows
The rule means trust anything signed by a cert that chains to this root CA. The rule means trust anything signed by a certificate that chains to this root CA.
| Root ID | Root Name | | Root ID | Root Name |
|---|----------| |---|----------|
| 0| None | | 0| None |