Windows-itpro-docs: Ambiguity
"Beginning with the March 2019 quality update, each version of Windows requires blocking a specific version of the following files:"
Does this mean that (for example) on Windows 1803, I only block the files commented as <! -- RS4 Windows 1803 -->? In that case, what do I do if I need a policy that works on both Windows 1803 and 1809? The implication is that I need two policies. But why not just block all versions of those files?
Please explain more clearly what the block list should contain for these three files.
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 9d71055e-2b14-227b-0107-c8f150194d5b
- Version Independent ID: 0eab18a0-7e8f-05eb-b47f-e6913682d8e8
- Content: Microsoft recommended block rules (Windows 10)
- Content Source: windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
- Product: w10
- Technology: windows
- GitHub Login: @jsuther1974
- Microsoft Alias: justinha
Air-Git
All 6 comments
@officedocsbot assign @e0i
e0i
on 16 May 2019
@Justinha Would you kindly advise how to move forward with this issue? We would like to follow-up with PRs if necessary. Thanks.
e0i
on 21 May 2019
Would be also interested in that topic.
And what about Windows Server 2019, should we also block the files there?
Kofl
on 13 Sep 2019
@Air-Git sorry to miss this. You can create two diff policies in that case, or merge them into one broader policy.
@Kofl yes, WDAC is applicable to Windows Server 2019 in the same way as WS 2016.
@e0i can you have someone add this to the topics?
Justinha
on 13 Sep 2019
Unless one of the Microsoft internals have already started working on this, I will gladly offer a PR to add the extra statements to the page. My initial thought is that the statements could be in form of a Note "bubble" (maybe 2 notes?) at the end of the page, directly after the long XML code block. Maybe something like this:
[!Note]
To create a policy that works on both Windows 1803 and 1809, you can create two diff policies, or merge them into one broader policy.WDAC is applicable to Windows Server 2019 in the same way as for Windows Server 2016.
Maybe the last line should have its own Note "bubble", where the previous one could be placed above the XML code block and the second line at the end, after the XML. Any recommendations?
illfated
on 4 Oct 2019
@illfated thanks very much! You can add Windows Server 2019 to the Applies to list at the top. There is a topic that explains how to merge, you can add a link to that as well: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies
Justinha
on 5 Oct 2019
Related issues
helloitsliam
·
3Comments
illfated
·
3Comments
zjalexander
·
3Comments
KamilSzafarczyk
·
3Comments
Ludwig1770
·
3Comments
Most helpful comment
@illfated thanks very much! You can add Windows Server 2019 to the Applies to list at the top. There is a topic that explains how to merge, you can add a link to that as well: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/merge-windows-defender-application-control-policies