Windows-itpro-docs: AppLocker DLL Audit Mode
The following implies that there is not an audit mode for the DLL rule collection, however, so far as I can tell the audit function for DLL rules works as intended in Windows 10 _Version 10.0.16299.461_
Note: There is no audit mode for the DLL rule collection. DLL rules affect specific apps. Therefore, test the impact of these rules first before deploying them to production. To enable the DLL rule collection, see Enable the DLL rule collection.
The below screenshot shows DLL rule collection set to audit with AppLocker logs showing audit mode functioning as expected for DLLs
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 707e490e-48ae-83e6-17e4-5045046eb295
- Version Independent ID: 3e79b496-eff3-7114-38cd-67cb2046b522
- Content: Configure an AppLocker policy for audit only (Windows 10)
- Content Source: windows/security/threat-protection/windows-defender-application-control/applocker/configure-an-applocker-policy-for-audit-only.md
- Product: w10
- GitHub Login: @brianlic-msft
- Microsoft Alias: justinha
vgrsec
All 10 comments
@vgrsec thanks for reporting this. We are confirming with the engineering team if there was any change here.
Justinha
on 8 Jun 2018
FYI testing on Server 2012 R2, DLL Audit Mode works as expected as well.
I believe audit mode worked on 2008/7 Enterprise as well, however, I don't have ISOs handy to test and report.
vgrsec
on 8 Jun 2018
@officedocsbot assign @mypil
mypil
on 6 May 2019
@Justinha - Do you have any updates on this issue?
Thanks.
mypil
on 6 May 2019
@mypil yes, sorry for delay. Can you assist with a pull request to remove the note in question. @vgrsec Thanks again for reporting and sorry to let this slip.
Justinha
on 8 May 2019
@Justinha - Yes, I will be glad to assist you with this. I have already discussed with @Malind19 to create the PR for this issue. Thank you.
mypil
on 9 May 2019
@mypil I cannot find such section in the content article. Can you kindly check.
Malind19
on 16 May 2019
@Justinha - I checked on the article but could not find the "Note section" indicated on this issue.
Is it possible that it was already removed? Can you please advise @Malind19 on which portion to edit in the article so he can create a PR for this?
Thank you.
mypil
on 17 May 2019
@mypil yes I did, sorry. @vgrsec thanks for the feedback and sorry for delay.
fyi you can check topic history, here for example: https://github.com/MicrosoftDocs/windows-itpro-docs/commit/7ebd39f45254da85432b45ae1d1bdba0861f2817#diff-921fa7bd4471960cd90002c8fa5c0ef6
Justinha
on 17 May 2019
Commit https://github.com/MicrosoftDocs/windows-itpro-docs/commit/7ebd39f45254da85432b45ae1d1bdba0861f2817 is sufficient reference for the change.
I presume it can be a lot to remember or look up
if you want to reference or close issues in all commits.
(Thank you for the follow-up, however delayed.)
illfated
on 17 May 2019
Related issues
arcotek-ltd
·
3Comments
ang216
·
3Comments
illfated
·
3Comments
zjalexander
·
3Comments
ruffy91
·
3Comments
Most helpful comment
@mypil yes I did, sorry. @vgrsec thanks for the feedback and sorry for delay.
fyi you can check topic history, here for example: https://github.com/MicrosoftDocs/windows-itpro-docs/commit/7ebd39f45254da85432b45ae1d1bdba0861f2817#diff-921fa7bd4471960cd90002c8fa5c0ef6