Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
WDACConfig module - WDAC Policy Deployment Simulation
Message
<blockquote data-quote="SpyNetGirl" data-source="post: 1060587" data-attributes="member: 98858"><p>[ATTACH=full]279052[/ATTACH]</p><p></p><p></p><p>This feature allows you to simulate a WDAC (App Control for Business) policy deployment. Simply select a folder and a policy xml file, it will show you whether the files in the folder would be allowed or blocked by your WDAC policy if it was actually deployed on a system and those files were run.</p><p></p><p>Upon completion of the simulation, you will obtain a CSV file in the current working directory containing the output of the simulation with exhaustive details of each file that would be blocked/allowed by the selected policy. It will be very useful, specially if the folder that was being scanned had thousands of files.</p><p></p><p>Currently, this cmdlet is only suitable for xml policy files generated by <strong>Level: FilePublisher</strong> and <strong>Fallback: Hash</strong>, <a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Notes#file-rule-levels-security" target="_blank">which are actually the safest and best options</a>, and are also the defaults used by the WDACConfig module. If the policy was generated by other levels and fallbacks such as filepaths, the output of this cmdlet will not be accurate.</p><p></p><p>The feature is out of beta phase and is fully functional after a big update I pushed today. I'm very happy with it because after testing more than 100k unique files with it It's been always successful.</p><p></p><h2><a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/Invoke-WDACSimulation#some-use-cases" target="_blank"><span style="font-size: 15px">Some Use Cases</span></a></h2> <ul> <li data-xf-list-type="ul">Have a WDAC policy and you want to test whether all of the files of a program will be allowed by the policy without running the program first? Use this WDAC simulation to find out.</li> <li data-xf-list-type="ul">Employ this simulation method to discover files that are not explicitly specified in the WDAC policy but are still authorized to run by it. When you scan a folder to create a Supplemental policy for the files inside it, some files might not require to be mentioned in the xml policy file because they are already sanctioned using their certificate details by other files, so it would not be possible to check their availability merely by examining the XML file. Using this simulation, you will be able to confirm their eligibility and whether or not they are permitted by the WDAC policy, using robust automated methods of verification.</li> <li data-xf-list-type="ul">Identify files that have hash mismatch and will not be permitted by WDAC engine using signature. These files are typically found in <a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Notes#allowing-questionable-software-in-a-wdac-policy" target="_blank"><em>questionable</em> software</a> because they are tampered with. They are still incorporated into the WDAC policy based on their certificate signature but when you execute them you will receive a blocked message. Use this WDAC simulation feature to detect them without running them first.</li> <li data-xf-list-type="ul">And more.</li> </ul><p></p><ul> <li data-xf-list-type="ul"><a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/Invoke-WDACSimulation" target="_blank">More info related to WDAC Simulation</a></li> <li data-xf-list-type="ul"><a href="https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig" target="_blank">WDACConfig module</a></li> </ul></blockquote><p></p>
[QUOTE="SpyNetGirl, post: 1060587, member: 98858"] [ATTACH type="full" alt="1696970923373.png"]279052[/ATTACH] This feature allows you to simulate a WDAC (App Control for Business) policy deployment. Simply select a folder and a policy xml file, it will show you whether the files in the folder would be allowed or blocked by your WDAC policy if it was actually deployed on a system and those files were run. Upon completion of the simulation, you will obtain a CSV file in the current working directory containing the output of the simulation with exhaustive details of each file that would be blocked/allowed by the selected policy. It will be very useful, specially if the folder that was being scanned had thousands of files. Currently, this cmdlet is only suitable for xml policy files generated by [B]Level: FilePublisher[/B] and [B]Fallback: Hash[/B], [URL='https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Notes#file-rule-levels-security']which are actually the safest and best options[/URL], and are also the defaults used by the WDACConfig module. If the policy was generated by other levels and fallbacks such as filepaths, the output of this cmdlet will not be accurate. The feature is out of beta phase and is fully functional after a big update I pushed today. I'm very happy with it because after testing more than 100k unique files with it It's been always successful. [HEADING=1][URL='https://github.com/HotCakeX/Harden-Windows-Security/wiki/Invoke-WDACSimulation#some-use-cases'][SIZE=4]Some Use Cases[/SIZE][/URL][/HEADING] [LIST] [*]Have a WDAC policy and you want to test whether all of the files of a program will be allowed by the policy without running the program first? Use this WDAC simulation to find out. [*]Employ this simulation method to discover files that are not explicitly specified in the WDAC policy but are still authorized to run by it. When you scan a folder to create a Supplemental policy for the files inside it, some files might not require to be mentioned in the xml policy file because they are already sanctioned using their certificate details by other files, so it would not be possible to check their availability merely by examining the XML file. Using this simulation, you will be able to confirm their eligibility and whether or not they are permitted by the WDAC policy, using robust automated methods of verification. [*]Identify files that have hash mismatch and will not be permitted by WDAC engine using signature. These files are typically found in [URL='https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDAC-Notes#allowing-questionable-software-in-a-wdac-policy'][I]questionable[/I] software[/URL] because they are tampered with. They are still incorporated into the WDAC policy based on their certificate signature but when you execute them you will receive a blocked message. Use this WDAC simulation feature to detect them without running them first. [*]And more. [/LIST] [LIST] [*][URL='https://github.com/HotCakeX/Harden-Windows-Security/wiki/Invoke-WDACSimulation']More info related to WDAC Simulation[/URL] [*][URL='https://github.com/HotCakeX/Harden-Windows-Security/wiki/WDACConfig']WDACConfig module[/URL] [/LIST] [/QUOTE]
Insert quotes…
Verification
Post reply
Top