Some questions about WDAC:
1. Are there any hardware requirements for running WDAC? I've seen some articles that mention things like HVCI, UEFI and secure boot, but no clear documentation. I'm trying to understand if I can run it on any Windows Server 2016/2019 machine, physical or virtual.
2. Is it possible to configure WDAC to verify signatures only for user mode applications? I mean no drivers.
3. Can I manually edit the generated XML file from a scan?
4. My use case - I would like to ship my product together with a policy that customers can import to their machines that run my application so my signed files will actually be verified. Does it make sense? Are there any problems with this approach or things I should pay attention to?