Open dennyamarojr opened 1 year ago
Hi @dennyamarojr,
Can you see whether our official docs answer your questions:
That's a good documentation and I checked the informations but I couldn't find which Policy Rules in the Table 1. Windows Defender Application Control policy - policy rule options is recommended to use.
To explain my point, for example I fully managed device as described in the 3 link in common scenarios The recommended policy rules: 0 Enabled:UMCI 2 Required:WHQL 10 Enabled:Boot Audit on Failure 12 Required:Enforce Store Applications
and for Lightly manage device is X X X X
This could be useful for beginners and also if the template is described which one is recommended to use for the scenario, since in the link 2, we just have the description for templates but in the third link I couldn't see which templates is used for each scenario.
@dennyamarojr
Rule number | Rule option |
---|---|
0 | Enabled:UMCI |
2 | Required:WHQL |
5 | Enabled:Inherit Default Policy |
6 | Enabled:Unsigned System Integrity Policy |
11 | Disabled:Script Enforcement |
12 | Required:Enforce Store Applications |
16 | Enabled:Update Policy No Reboot |
17 | Enabled:Allow Supplemental Policies |
19 | Enabled:Dynamic Code Security |
20 | Enabled:Revoked Expired As Unsigned |
Rule number | Rule option |
---|---|
0 | Enabled:UMCI |
2 | Required:WHQL |
5 | Enabled:Inherit Default Policy |
6 | Enabled:Unsigned System Integrity Policy |
11 | Disabled:Script Enforcement |
12 | Required:Enforce Store Applications |
14 | Enabled:Intelligent Security Graph Authorization |
15 | Enabled:Invalidate EAs on Reboot |
16 | Enabled:Update Policy No Reboot |
17 | Enabled:Allow Supplemental Policies |
19 | Enabled:Dynamic Code Security |
20 | Enabled:Revoked Expired As Unsigned |
Required:EV Signers
too but then (in my experience) some 3rd party programs' drivers might not work as they aren't signed by an EV certificate.
1 Enabled:Boot Menu Protection
but the document says they aren't supported (yet?).
Hi,
This is my second issue here, and this time I come to make an suggestion to WDAC Toolkit. I see that have a lot of templates available and also in the WDAC Policy Wizard has some templates, Default windows mode, Allow Microsoft mode and Signed and reputable mode. Which is good templates to use as a start point, but we also have the templates of WDAC in windows, and this could have some trouble for beginners to decide which one is the best and what is the best for the environment of the user. Policy rules is another one that we may need some information, to decide which are the best rules for enforced and some explanation of each one (maybe have in the official documentation) , and also tell which are the rules to troubleshoot any issues in the environment.