1.9 KiB
title, description, keywords, ms.prod, audience, ms.collection, author, ms.reviewer, ms.author, ms.manager, manager, ms.date, ms.technology, ms.topic, ms.localizationpriority
| title | description | keywords | ms.prod | audience | ms.collection | author | ms.reviewer | ms.author | ms.manager | manager | ms.date | ms.technology | ms.topic | ms.localizationpriority |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| WDAC Admin Tips & Known Issues | WDAC Known Issues | security, malware | m365-security | ITPro | M365-security-compliance | jsuther1974 | jogeurte | jogeurte | jsuther | dansimp | 04/14/2021 | windows-sec | article | medium |
WDAC Admin Tips & Known Issues
Applies to:
- Windows 10
- Windows 11
- Windows Server 2016 and above
Note
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Application Control feature availability.
This topic covers tips and tricks for admins as well as known issues with Windows Defender Application Control (WDAC). Test this configuration in your lab before enabling it in production.
.NET native images may generate false positive block events
In some cases, the code integrity logs where Windows Defender Application Control errors and warnings are written will contain error events for native images generated for .NET assemblies. Typically, native image blocks are functionally benign as a blocked native image will fallback to its corresponding assembly and .NET will regenerate the native image at its next scheduled maintenance window.
MSI Installations launched directly from the internet are blocked by WDAC
Installing .msi files directly from the internet to a computer protected by WDAC will fail. For example, this command will not work:
msiexec –i https://download.microsoft.com/download/2/E/3/2E3A1E42-8F50-4396-9E7E-76209EA4F429/Windows10_Version_1511_ADMX.msi
As a workaround, download the MSI file and run it locally:
msiexec –i c:\temp\Windows10_Version_1511_ADMX.msi