« Previous 1 2 3
Reducing your attack surface
En Garde
Conclusions
Microsoft has once again developed a new technique for controlling access to applications, drivers, and services in the form of Windows Defender Application Control. Unlike the proven AppLocker technology, WDAC supports application whitelisting with Windows Code Integrity. The initial work involved to implement WDAC should not be underestimated; plan for a large chunk of your time, particularly considering that WDAC can only run in audit mode, especially in the initial period until the IT department has created efficient policies.
After a successful WDAC implementation, however, it is easy to make changes later (e.g., by adding additional policies to the standard policies that manage the required access to or blocking of applications). Don't get confused by terminology such as code integrity policies, WDAC policies, and Device Guard: WDAC is just the new name for something old – but with a few new features.
Infos
- Windows Defender Application Control: https://www.microsoft.com/security/blog/2019/07/01/delivering-major-enhancements-in-windows-defender-application-control-with-the-windows-10-may-2019-update/
- Initial steps in the provisioning process for WDAC: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide
- Provisioning catalog files: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control
- Provisioning policy and file rules: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)