Windows Defender Application Control (WDAC) basics

Windows 1 Minute

Windows Defender Application Control, like Windows AppLocker is a way to control what executes on your Windows 10 Professional and Enterprise workstation. For more information have a look at this article from Microsoft:

Windows Defender Application Control and AppLocker Overview

You can easily configure WDAC using PowerShell and Microsoft provides a number of example policies that you can use to get started. This video will demonstrate that process on a stand alone Windows 10 Enterprise workstation:

https://www.youtube.com/watch?v=Nj5vBloAWy0

Both WDAC and AppLocker can be used together but the recommendation is use WDAC as it is a more modern approach to whitelisting and has greater security controls and enforcements.

You can also deploy WDAC using Intune and Endpoint Manager which I’ll look to demonstrate in an upcoming article.

So, much like AppLocker, you can use WDAC to prevent executables on your Windows 10 environment. This is a great way to minimise the risk of ransomware and should be part of your defence in depth strategy.

Published by directorcia

Published

2 thoughts on “Windows Defender Application Control (WDAC) basics

  1. Pingback: All the Guards–Part 3 – CIAOPS
  2. Pingback: Microsoft Defender for Endpoint Restrict app execution – CIAOPS

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s