I'm looking for advice on using Windows Defender Application Control (WDAC) to block unauthorized applications in our company, especially since we develop software for other businesses and need to manage admin rights more effectively. My goal is to block certain apps, especially games or unlicensed software, but I'm having trouble figuring out how to implement block rules. I've tried using the allowall policy as a base and adding a deny rule for an app (like sublime_text.exe) but it still gets through. What's the best way to set this up? Any tips or tricks would be appreciated!
1 Answer
You can actually set deny rules in your base WDAC policy. Microsoft has some guidance on blocking apps that might circumvent application controls, which could be helpful for your case. Check out their documentation [here](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/applications-that-can-bypass-appcontrol). Also, HotCakeX has a tool that simplifies creating deny policies, which you might find useful. Don’t forget to spend some time learning about troubleshooting with Event Viewer, as it can provide insights into why certain policies aren't being enforced.
My policies seem to be correct but they just don't work. I'll take a look at this tool you mentioned. Thanks!