To learn more, start here:I don't know how to implement this: Microsoft recommended block rules
So WhiteMouse, I followed your instructions re WDAC and rebooted. Then I downloaded Firefox to my Downloads folder and the installer runs! I suppose this is due to some existing rule having Option 14 Enabled:Intelligent Security Graph Authorization specified, allowing programs with 'good reputation' to run. What if someone breaks into my desktop using scripts to install a signed RAT? I would be screwed. There are several existing policies inside the policy folder, and I don't know what they are allowing, and I can't remove them because one of them must be designed to allow MS Windows System32 programs to run.
EDIT: So I created a cip for the Windows folder. Moved all the existing cips to another folder. And copied in my cip to the Active folder. So now I only have the 2 cips I created. And the Firefox installer still runs!
My computer doesn't meet the requirements for Windows 11 and I don't have a TPM.Do you think my WDAC not working can be due to my Win 11 machine is over 10 yrs old and was installed using a workaround for not having a TPM? Or maybe because my old CPU does not support virtualization protection VBS?