Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules
Note
Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the Windows Defender Application Control feature availability.
You can use Windows Defender Application Control (WDAC) policies to control applications and also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
| Approach | Guideline |
|---|---|
| You can work from a list of plug-ins, add-ins, or modules that you want only a specific application to be able to run. Other applications would be blocked from running them. | Use New-CIPolicyRule with the -AppID option. |
| In addition, you can work from a list of plug-ins, add-ins, or modules that you want to block in a specific application. Other applications would be allowed to run them. | Use New-CIPolicyRule with the -AppID and -Deny options. |
For example, to add rules to a WDAC policy called "Lamna_FullyManagedClients_Audit.xml" that allow addin1.dll and addin2.dll to be run by ERP1.exe, Lamna's enterprise resource planning (ERP) application, run the following commands. In the second command, += is used to add a second rule to the $rule variable:
$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -AppID '.\ERP1.exe'
As another example, to create a Windows Defender Application Control policy that blocks addin3.dll from running in Microsoft Word, run the following command. You must include the -Deny option to block the specified add-ins in the specified application. Once you have all the rules you want, you can merge them into an existing WDAC policy using the Merge-CIPolicy cmdlet as shown here:
$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe'
Merge-CIPolicy -OutputFilePath .\Lamna_FullyManagedClients_Audit.xml -PolicyPaths .\Lamna_FullyManagedClients_Audit.xml -Rules $rule
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for