Windows Defender Application Control WDAC Deployment Questions

gabriel sztejnworcel 31 Reputation points
2021-02-14T22:54:03.16+00:00

Hi,

Some questions about WDAC:

  1. Are there any hardware requirements for running WDAC? I've seen some articles that mention things like HVCI, UEFI and secure boot, but no clear documentation. I'm trying to understand if I can run it on any Windows Server 2016/2019 machine, physical or virtual.
  2. Is it possible to configure WDAC to verify signatures only for user mode applications? I mean no drivers.
  3. Can I manually edit the generated XML file from a scan?
  4. My use case - I would like to ship my product together with a policy that customers can import to their machines that run my application so my signed files will actually be verified. Does it make sense? Are there any problems with this approach or things I should pay attention to?

Thanks,
Gabriel

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,470 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,379 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,759 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,729 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Reza-Ameri 16,836 Reputation points
    2021-02-28T17:26:18.573+00:00

    To learn more about Application Control, take a look at:
    https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control
    This feature is available if PCs are part of domain or are managed PC and is not recommended for shipment. In addition, when you deploy standalone policy, it might cause conflict with existing policies.

    0 comments