« Previous 1 2 3
Reducing your attack surface
En Garde
Conclusions
Microsoft has once again developed a new technique for controlling access to applications, drivers, and services in the form of Windows Defender Application Control. Unlike the proven AppLocker technology, WDAC supports application whitelisting with Windows Code Integrity. The initial work involved to implement WDAC should not be underestimated; plan for a large chunk of your time, particularly considering that WDAC can only run in audit mode, especially in the initial period until the IT department has created efficient policies.
After a successful WDAC implementation, however, it is easy to make changes later (e.g., by adding additional policies to the standard policies that manage the required access to or blocking of applications). Don't get confused by terminology such as code integrity policies, WDAC policies, and Device Guard: WDAC is just the new name for something old – but with a few new features.
Infos
- Windows Defender Application Control: https://www.microsoft.com/security/blog/2019/07/01/delivering-major-enhancements-in-windows-defender-application-control-with-the-windows-10-may-2019-update/
- Initial steps in the provisioning process for WDAC: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide
- Provisioning catalog files: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control
- Provisioning policy and file rules: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Endpoint Security for Windows 10
Windows 10, build 21H1, has numerous protection mechanisms out of the box. We look at the option for delaying updates, the components and features of Microsoft Defender, and recommendations for hardening the operating system. -
Fight Windows ransomware with on-board tools
Ransomware defense involves two strategies: identifying attacks and slowing the attackers to mitigate their effects. -
Group policies on Windows Server 2022
We discuss how to manage and secure clients with group policy object templates and look at some recommendations from various governmental and non-governmental security advocates. -
Data loss prevention with Microsoft Purview
Microsoft Purview combines compliance and data governance to address the security of confidential data in the new hybrid working world. -
Monitoring changes in Active Directory with built-in tools
Monitoring with built-in Windows tools can prevent the worst from happening after an attempted attack.