deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-25 07:13:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
7302da0dcb17bb18b51fc021f82b9d152892b498
windows-itpro-docs/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
Alekhya Jupudi 426955319f Improper acronyms review update-04 
The updates here are made for acronym :WDAC as per the task 6027362. Thanks!
2022-06-09 12:41:59 +05:30

3.1 KiB
Raw Blame History

title, description, keywords, ms.assetid, manager, ms.author, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.localizationpriority, audience, ms.collection, author, ms.reviewer, ms.date, ms.technology
title description keywords ms.assetid manager ms.author ms.prod ms.mktglfcycl ms.sitesec ms.pagetype ms.localizationpriority audience ms.collection author ms.reviewer ms.date ms.technology
Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules (Windows) WDAC policies can be used not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps. security, malware 8d6e0474-c475-411b-b095-1c61adb2bdbb dansimp dansimp m365-security deploy library security medium ITPro M365-security-compliance jsuther1974 isbrahm 02/10/2022 windows-sec

Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules

Applies to:

  • Windows 10
  • Windows 11
  • Windows Server 2016 and above

Note

Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Windows Defender Application Control feature availability.

As of Windows 10, version 1703, you can use Windows Defender Application Control (WDAC) policies not only to control applications, but also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):

Approach (as of Windows 10, version 1703) Guideline
You can work from a list of plug-ins, add-ins, or modules that you want only a specific application to be able to run. Other applications would be blocked from running them. Use New-CIPolicyRule with the -AppID option.
In addition, you can work from a list of plug-ins, add-ins, or modules that you want to block in a specific application. Other applications would be allowed to run them. Use New-CIPolicyRule with the -AppID and -Deny options.

To work with these options, the typical method is to create a policy that only affects plug-ins, add-ins, and modules, then merge it into your 'master' policy (merging is described in the next section).

For example, to create a Windows Defender Application Control policy allowing addin1.dll and addin2.dll to run in ERP1.exe, your organization's enterprise resource planning (ERP) application, run the following commands. Note that in the second command, += is used to add a second rule to the $rule variable:

$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -AppID '.\ERP1.exe'
New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs

As another example, to create a Windows Defender Application Control policy that blocks addin3.dll from running in Microsoft Word, run the following command. You must include the -Deny option to block the specified add-ins in the specified application:

$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe'
New-CIPolicy -Rules $rule -FilePath ".\BlockAddins.xml" -UserPEs