We could always add a WDAC mode to CyberLock. I have been toying with doing this for years, but never really found a great reason to do so. There are a lot of cons for WDAC, like 1) not being able to whitelist items on the fly, 2) total lack of context (which is absolutely vital to properly securing a system), 3) being forced to globally block LOLBins to be able to protect against them. That, and the fact that 4) WDAC is completely unusable without ISG, and easily bypassable with ISG. And 5) the basline WDAC policies are an absolute mess, and only block based on a single criteria, not multiple like CyberLock.
I am guessing that if CyberLock offered a WDAC mode, most users would not use it. Maybe it would be good for SMB / Enterprise, especially as a method to quickly build and manage policies. But it might be pretty cool to have WDAC block most of the executable file types, then have CyberLock's kernel mode driver block the other 100 or so file types, LOLBins, fileless malware, etc.
If someone can provide one massive advantage for adding a WDAC mode to CyberLock, I would be happy to do so.