This reminds me of when they introduced DEP. I had to add gta-vc.exe to the exclusions in order to get it to run.I would if I could, but there's too many software which doesn't work with it. And game mods too, like skyrim .dll based mods which are not signed.
That is really nonsense when you are hinting on WDAC - ISG Microsoft even advises system admins to use WDAC over SACI worth mentioning that security solutions mentioned in this thread cannot replace SAC protection.
Microsoft said:WDAC will check the file's reputation by sending its hash and signing information to the cloud. If the ISG reports that the file has a "known good" reputation, then the file will be allowed to run. Otherwise, it will be blocked by WDAC.
Microsoft said:When you try to run an app on Windows, Smart App Control will check to see if our intelligent cloud-powered security service can make a confident prediction about its safety. If the service believes the app to be safe, Smart App Control will let it run. If the app is believed to be malicious or potentially unwanted, then Smart App Control will block it.
That is really nonsense when you are hinting on WDAC - ISG Microsoft even advises system admins to use WDAC over SAC