To learn more about Application Control, take a look at:
https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
This feature is available if PCs are part of domain or are managed PC and is not recommended for shipment. In addition, when you deploy standalone policy, it might cause conflict with existing policies.
Windows Defender Application Control WDAC Deployment Questions
gabriel sztejnworcel
31
Reputation points
Hi,
Some questions about WDAC:
- Are there any hardware requirements for running WDAC? I've seen some articles that mention things like HVCI, UEFI and secure boot, but no clear documentation. I'm trying to understand if I can run it on any Windows Server 2016/2019 machine, physical or virtual.
- Is it possible to configure WDAC to verify signatures only for user mode applications? I mean no drivers.
- Can I manually edit the generated XML file from a scan?
- My use case - I would like to ship my product together with a policy that customers can import to their machines that run my application so my signed files will actually be verified. Does it make sense? Are there any problems with this approach or things I should pay attention to?
Thanks,
Gabriel
1 answer
Sort by: Most helpful
-
Reza-Ameri 16,836 Reputation points
2021-02-28T17:26:18.573+00:00