question

PalanivelS-0424 avatar image
0 Votes"
PalanivelS-0424 asked PalanivelS-0424 edited

WDAC File Path rules

In WDAC file path rules is it possible to block high privileged commands such as cmd.exe from standard users, but still allow for administrators?

When i enable "UMCI" and deny "CMD.EXE" in WDAC custom rule it is getting blocked for all the users(Administrators and Standard User). but when i disable "UMCI" and deny block "CMD.EXE" in WDAC custom rule, it is not blocking any applications for all users(Administrators and Standard User).

My queries is In WDAC policy i wanted to block CMD.EXE only for standard user and administrator should access CMD.EXE, is it possible?

windows-10-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered PalanivelS-0424 commented

Hello there,

Yes it is possible to Block user activities and apps in WDAC by Set-Rule Option .

More details and steps to perform can be found here
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create


Hope this Answers all your queries , if not please do repost back .
If an Answer is helpful, please click "Accept Answer" and upvote it : )

Regards

Mukesh

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi There, Thank you for your response. I have just tested it in my lab environment and here is the observation.
When i enable "UMCI" and deny "CMD.EXE" in WDAC custom rule it is getting blocked for all the users(Administrators and Standard User. but when i diable "UMCI" and deny block "CMD.EXE" in WDAC custom rule, it is not blocking any applications for all users(Administrators and Standard User.

My queries is In WDAC policy i wanted to block CMD.EXE only for standard user and administrator should acess CMD.EXE, is it possible?

0 Votes 0 ·