Inbox WDAC policies
Note
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Application Control feature availability.
This article describes the Windows Defender Application Control (WDAC) policies that ship inbox with Windows and may be active on your devices. To see which policies are active on your device, use citool.exe or check the CodeIntegrity - Operational event log for 3099 policy activation events.
Inbox WDAC Policies
| Policy Name | Policy ID | Policy Type | Description |
|---|---|---|---|
| Microsoft Windows Driver Policy | {d2bda982-ccf6-4344-ac5b-0b44427b6816} | Kernel-only Base policy | This policy blocks known vulnerable or malicious kernel drivers. It's active by default on Windows 11 22H2, Windows in S mode, Windows 11 SE, and anywhere memory integrity (also known as hypervisor-protected code integrity (HVCI)) is on. Its policy binary file is found at %windir%\System32\CodeIntegrity\driversipolicy.p7b and in the EFI system partition at <EFI System Partition>\Microsoft\Boot\driversipolicy.p7b. |
| Windows10S_Lockdown_Policy_Supplementable | {5951a96a-e0b5-4d3d-8fb8-3e5b61030784} | Base policy | This policy is active on devices running Windows in S mode. Its policy binary file is found in the EFI system partition at <EFI System Partition>\Microsoft\Boot\winsipolicy.p7b. |
| WindowsE_Lockdown_Policy | {82443e1e-8a39-4b4a-96a8-f40ddc00b9f3} | Base policy | This policy is active on devices running Windows 11 SE. Its policy binary file is found in the EFI system partition at <EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{82443e1e-8a39-4b4a-96a8-f40ddc00b9f3}.cip. |
| WindowsE_Lockdown_Flight_Policy_Supplemental | {5dac656c-21ad-4a02-ab49-649917162e70} | Supplemental policy | This policy is active on devices running Windows 11 SE that are enrolled in the Windows Insider program. Its policy binary file is found in the EFI system partition at <EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{5dac656c-21ad-4a02-ab49-649917162e70}.cip. |
| WindowsE_Lockdown_Test_Policy_Supplemental | {CDD5CB55-DB68-4D71-AA38-3DF2B6473A52} | Supplemental policy | This policy is active on devices running Windows 11 SE with Secure Boot disabled and TESTSIGNING on. Its policy binary file is found in the EFI system partition at <EFI System Partition>\Microsoft\Boot\CIPolicies\Active\{CDD5CB55-DB68-4D71-AA38-3DF2B6473A52}.cip. |
| VerifiedAndReputableDesktop | {0283ac0f-fff1-49ae-ada1-8a933130cad6} | Base policy | This policy is active on devices running Windows 11 with Smart App Control turned on. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{0283ac0f-fff1-49ae-ada1-8a933130cad6}.cip. |
| VerifiedAndReputableDesktopFlightSupplemental | {1678656c-05ef-481f-bc5b-ebd8c991502d} | Supplemental policy | This policy is active on devices running Windows 11 with Smart App Control turned on and enrolled in the Windows Insider program. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{1678656c-05ef-481f-bc5b-ebd8c991502d}.cip. |
| VerifiedAndReputableDesktopTestSupplemental | {0939ED82-BFD5-4D32-B58E-D31D3C49715A} | Supplemental policy | This policy is active on devices running Windows 11 with Smart App Control turned on and with Secure Boot disabled and TESTSIGNING on. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{0939ED82-BFD5-4D32-B58E-D31D3C49715A}.cip. |
| VerifiedAndReputableDesktopEvaluation | {1283ac0f-fff1-49ae-ada1-8a933130cad6} | Base policy | This policy is active on devices running Windows 11 with Smart App Control in evaluation mode. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{1283ac0f-fff1-49ae-ada1-8a933130cad6}.cip. |
| VerifiedAndReputableDesktopEvaluationFlightSupplemental | {2678656c-05ef-481f-bc5b-ebd8c991502d} | Supplemental policy | This policy is active on devices running Windows 11 with Smart App Control in evaluation mode and enrolled in the Windows Insider program. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{2678656c-05ef-481f-bc5b-ebd8c991502d}.cip. |
| VerifiedAndReputableDesktopEvaluationTestSupplemental | {1939ED82-BFD5-4D32-B58E-D31D3C49715A} | Supplemental policy | This policy is active on devices running Windows 11 with Smart App Control in evaluation mode and with Secure Boot disabled and TESTSIGNING on. Its policy binary file is found at %windir%\System32\CodeIntegrity\CIPolicies\Active\{1939ED82-BFD5-4D32-B58E-D31D3C49715A}.cip. |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for