To avoid unintentionally blocking essential applications while maintaining safety precautions

by FazalGR on Aug 9th, 2024 16:39 PM

To avoid unintentionally blocking essential applications while doing precautionary measures with PSA Software and RMM tools, you should test the policy in audit mode before deploying it in enforce mode.
1. Establish a power plant with administrative privileges
2. Create a new policy: The New CIPolicy cmdlet can be used to create a new policy. This command prompts a path to a directory or file, scans it, and creates a policy approving the execution of any files in that path, including executables and DLL files, on your network.
As an illustration, and should you wish to approve everything that has been signed by the publisher of a certain application, you may adhere to the example below:
"C:\Path\To\Application.еxе" is the new path for the CIPolicy file. Level Publisher userPEs fallback hash enabled output file path "C:\Path\To\Policy.xml"
FilePath specifies the path of the application in this command, Level Publisher indicates that the policy will permit anything signed by the same publisher as the application, and UserPEs indicates that user mode executables will be included in the policy.
Fallback Hash indicates that the policy will allow the file if it is not signed and it is based on its hash; Enable indicates that the policy will be enabled and an Output File Path specifies the path where the policy will be saved.
3. Use a binary format to represent the policy: It is necessary to implement WDAC policies in a binary format. ConvertFrom CIPolicy XmlFilePath "C:\Path\To\Policy.xml" BinaryFilePath "C:\Path\To\Policy.bin" is the cmdlet you can use to convert the policy.
4. Implement the policy: The group policy management console (GPMC) can be used to implement the policy. To implement the policy on every computer, you need to copy the.bin file to the \\Windows\Systеm32\CodеIntеgrity directory on each machine. Subsequently, you must set up the computer configuration, administrative templates, system device guard, etc. Install Windows Personalized Application Control guidelines enabling and configuring the Windows Defender Application Control to safeguard your device and enable enforcement.


[color=black][font=Calibri, sans-serif]Also Read: [/font][/color][font=Calibri, sans-serif]How to Check System Uptime on Windows[/font]