Windows 10 Allow WDAC application Control policy to allow Microsoft patches to run

  • Thread starter Thread starter Alles Fernando
  • Start date Start date
A

Alles Fernando

Hello All,

I have created WDAC policy on Windows 10 enterprise. I created the WDAC policy in the following method:

I used the following files to merged and created the .BIN file


1. AllowMicrosoft.xml(default Microsoft example files that comes with he OS- to allow Microsoft program to run)

2.Program Files.xml(scanned the program Files for installed applications)

3.Program Filesx86.xml(scanned the program Filesx86 for installed applications)

4 BlockRules.xml(Microsoft recommended block rules for WDAC)

Merged the above 4 files and created the Mypolicy.xml and convertd to .bin files and copy to SIPolicy.p7b



However I can see Microsoft office patches(.MSP) downloaded from WSUs violated the code integrity.

I would like to know how to bypass the patch files in CI policy.I believe I cant scan the folder and merge with the existing policy as patch files would be different for different period?

one of the error msg :

code integriy module \windows\installer\MSI8448.tmp against policy

anybody can shed some light would be appreciated.



Thank you,



Regards,

Alles

Continue reading...
 
You must log in or register to reply here.

Similar threads

T
Windows 11 Is Microsoft Defender or Windows Defender Application Control (WDAC) included in Windows 11 Pro?
Replies
0
Views
16
Tristan Kelly1
T
P
Windows 11 Unable to sign WDAC policy file(bin or p7b) file.
Replies
0
Views
19
pavan_446
P
R
Windows 10 Why is "Allow Search Highlights" removed from domain level group policy but is in local group policy? Location Computer Configuration > Administrati
Replies
0
Views
15
Rodney Hopper
R
D
Windows 11 How to Create a Desktop Shortcut for a Microsoft Store App ?
Replies
0
Views
6
Damien Henrotte
D
H
Windows 10 WDAC How to allow .tmp.node file by Electron app?
Replies
0
Views
34
Henry 21th
H
Back
Top