Task ID 23142312 and 29028100

Made cosmetic changes to the certificate section in event-tags-explanation, and added a line break before the Figure 1 image in audit-and-enforce.
2025-06-29 09:13:39 +00:00 · 2021-05-27 09:37:24 -07:00
parent 6136ddc0d5
commit faee789b26
2 changed files with 23 additions and 22 deletions
--- a/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/audit-and-enforce-windows-defender-application-control-policies.md
@ -41,7 +41,8 @@ To familiarize yourself with creating WDAC rules from audit events, follow these
 2. Review the **CodeIntegrity - Operational** and **AppLocker - MSI and Script** event logs to confirm events, like those shown in Figure 1, are generated related to the application. For information about the types of events you should see, refer to [Understanding Application Control events](event-id-explanations.md).
-   **Figure 1. Exceptions to the deployed WDAC policy**
+   **Figure 1. Exceptions to the deployed WDAC policy** <br>
   ![Event showing exception to WDAC policy](images/dg-fig23-exceptionstocode.png)
 3. In an elevated PowerShell session, run the following commands to initialize variables used by this procedure. This procedure builds upon the **Lamna_FullyManagedClients_Audit.xml** policy introduced in [Create a WDAC policy for fully managed devices](create-wdac-policy-for-fully-managed-devices.md) and will produce a new policy called **EventsPolicy.xml**.
--- a/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
+++ b/windows/security/threat-protection/windows-defender-application-control/event-tag-explanations.md
@ -94,28 +94,28 @@ Represents why verification failed, or if it succeeded.
 ## Microsoft Root CAs trusted by Windows
-The rule means trust anything signed by a cert that chains to this root CA.
+The rule means trust anything signed by a certificate that chains to this root CA.
 | Root ID | Root Name |
 |---|----------|
-|0| None |
+| 0| None |
-|1| Unknown |
+| 1| Unknown |
-|2 | Self-Signed |
+| 2 | Self-Signed |
-|3 | Authenticode |
+| 3 | Authenticode |
-|4 | Microsoft Product Root 1997 |
+| 4 | Microsoft Product Root 1997 |
-|5 | Microsoft Product Root 2001 |
+| 5 | Microsoft Product Root 2001 |
-|6 | Microsoft Product Root 2010 |
+| 6 | Microsoft Product Root 2010 |
-|7 | Microsoft Standard Root 2011 |
+| 7 | Microsoft Standard Root 2011 |
-|8 | Microsoft Code Verification Root 2006 |
+| 8 | Microsoft Code Verification Root 2006 |
-|9 | Microsoft Test Root 1999 |
+| 9 | Microsoft Test Root 1999 |
-|10 | Microsoft Test Root 2010 |
+| 10 | Microsoft Test Root 2010 |
-|11 | Microsoft DMD Test Root 2005 |
+| 11 | Microsoft DMD Test Root 2005 |
-|12 | Microsoft DMDRoot 2005 |
+| 12 | Microsoft DMDRoot 2005 |
-|13 | Microsoft DMD Preview Root 2005 |
+| 13 | Microsoft DMD Preview Root 2005 |
-|14 | Microsoft Flight Root 2014 |
+| 14 | Microsoft Flight Root 2014 |
-|15 | Microsoft Third Party Marketplace Root  |
+| 15 | Microsoft Third Party Marketplace Root  |
-|16 | Microsoft ECC Testing Root CA 2017 |
+| 16 | Microsoft ECC Testing Root CA 2017 |
-|17 | Microsoft ECC Development Root CA 2018 |
+| 17 | Microsoft ECC Development Root CA 2018 |
-|18 | Microsoft ECC Product Root CA 2018 |
+| 18 | Microsoft ECC Product Root CA 2018 |
-|19 | Microsoft ECC Devices Root CA 2017 |
+| 19 | Microsoft ECC Devices Root CA 2017 |
 For well-known roots, the TBS hashes for the certificates are baked into the code for WDAC. For example, they don’t need to be listed as TBS hashes in the policy file.