January 2024 WDAC Advanced Hunting changes
Andrew Microsoft today published an update advisory for Windows Defender Application Control (WDAC) Advanced Hunting changes that could have an impact if you have any hunting rules or dashboards in place.…
Creating a policy with the WDAC Wizard
The goal of this post is to step through the process of using the WDAC Wizard to create a sample WDAC policy and deploy it to a test Windows 10…
Application control with Microsoft WDAC
This blog post will be the first (of many) in a series relating to Microsoft WDAC and how to understand, implement and manage it. In the current cyber security landscape…
WDAC feature limitations on Windows Server versions
Windows Defender Application Control (WDAC) is a core component of Windows, since Windows 10 and Server 2016, which can be used as part of your security posture to secure workstations…
#TIL WDAC logging and Policy Names from Windows Server 2016
In implementing a Windows Defender Application Control (WDAC) audit policy we discovered an interesting quirk with the information logged in the Windows Event Logs on Server 2016, that can make…
PowerShell script to convert WDAC XML file to binary CIP format
The Microsoft WDAC Wizard is a great tool for building and modifying WDAC policies, but there are times where it is necessary to manually modify the policy XML file. If…
WDAC 3033 error workarounds
On a Windows Defender Application Control (WDAC) project one issue you may encounter is driver .dll or .sys files that are digitally signed, but the certificate has now expired. The…
Confirm what WDAC policies are present on a device
Windows Defender Application Control (WDAC) is an application control system integrated into Windows 10/11 and is used within Enterprise to whitelist trusted applications, allowing them to run, and blocking either…