Andy Ful
From Hard_Configurator Tools
Thread author
Verified
Honorary Member
Top Poster
Developer
Well-known
- Dec 23, 2014
- 8,458
Is it possible to use WD Application Control (WDAC) on Windows 10 Home, with disabled WD? The answer is somewhat surprising. Why?
WDAC is the Windows 10 security feature, which was introduced for Windows Enterprise editions. It can be used only on the computers with UEFI. The working WDAC (WD Application Control) code integrity policy cannot be created on WIndows Home and Windows Pro via registry tweaks or PowerShell, or GPO.
But, WDAC code integrity policy can be applied on any Windows 10 editions, if the user has the file SIPolicy.p7b, that was created on the machine with Windows Enterprise.
So, yes - WDAC can be used on Windows 10 Home and Pro. But, for the standard home user applying it, in the usual way (block applications), would be impractical.
Yet, WDAC can be used as a very practical diagnostic tool, to monitor the execution of processes, which are not whitelisted by WDAC.
The below events are logged in the Windows Event Log :
Applying it is very easy. Make a binary WDAC policy SIPolicy.p7b and copy it to C:\Windows\System32\CodeIntegrity (admin rights are required), and reboot.
The details are available in Matt Graeber's article:
Threat Detection using Windows Defender Application Control (Device Guard) in Audit Mode
Edit (September 2022).
Currently, the prebuild file SIPolicy.p7b is no longer available. One can use the Microsoft tool on Windows Pro to make the WDAC policy:
WDAC is the Windows 10 security feature, which was introduced for Windows Enterprise editions. It can be used only on the computers with UEFI. The working WDAC (WD Application Control) code integrity policy cannot be created on WIndows Home and Windows Pro via registry tweaks or PowerShell, or GPO.
But, WDAC code integrity policy can be applied on any Windows 10 editions, if the user has the file SIPolicy.p7b, that was created on the machine with Windows Enterprise.
So, yes - WDAC can be used on Windows 10 Home and Pro. But, for the standard home user applying it, in the usual way (block applications), would be impractical.
Yet, WDAC can be used as a very practical diagnostic tool, to monitor the execution of processes, which are not whitelisted by WDAC.
The below events are logged in the Windows Event Log :
- All user-mode code not built-in to the OS or originating from the Microsoft Store.
- All kernel drivers except Windows, HAL, and ELAM-signed drivers.
Applying it is very easy. Make a binary WDAC policy SIPolicy.p7b and copy it to C:\Windows\System32\CodeIntegrity (admin rights are required), and reboot.
The details are available in Matt Graeber's article:
Threat Detection using Windows Defender Application Control (Device Guard) in Audit Mode
Edit (September 2022).
Currently, the prebuild file SIPolicy.p7b is no longer available. One can use the Microsoft tool on Windows Pro to make the WDAC policy:
Microsoft WDAC Wizard
webapp-wdac-wizard.azurewebsites.net
Last edited: