Skip to content

Application Control (WDAC) Frequently Asked Questions (FAQs)

What's The Difference Between Application Control Policies And An Antivirus?

What's The Difference Between Application Control Policies And An Antivirus


Application Control policies are based on whitelisting strategy, meaning everything is blocked by default unless explicitly allowed. Antiviruses on the other hand are based on blacklisting strategy, meaning everything is allowed by default unless explicitly blocked.


How Does App Control In The OS Compare To 3rd Party Solutions?

How Does App Control In The OS Compare To 3rd Party Solutions


App Control which is built deep inside of the OS kernel doesn’t need any “agents” to be installed, that means it can’t be killed using techniques used against 3rd party solutions, it also doesn’t increase the attack surface of the system. It’s native and exceedingly fast which makes it transparent to the user.


Can I Use Microsoft Defender For Endpoint (MDE) To Collect App Control Logs?

Can I Use Microsoft Defender For Endpoint (MDE) To Collect App Control Logs


Yes. MDE Should definitely be used to manage your endpoints and collect Code Integrity logs used to create App Control policies. They provide very detailed CI info at scale for your entire fleet of machines. Then Intune can be used for at scale deployment of the policies after creation.


Can Supplemental Policies Have Deny Rules?

Can Supplemental Policies Have Deny Rules


No, Supplemental policies are only used to expand a base policy by allowing more files.


How Can I Make My App Control Policy Tamper Proof?

How Can I Make My App Control Policy Tamper Proof


If you cryptographically sign and deploy your App Control policy, it will be tamper-proof and even the system administrator won't be able to remove it without the certificate's private keys 🔑.


How Do Enterprises And Businesses Use App Control?

How Do Enterprises And Businesses Use App Control


Businesses and Enterprises have a variety of options. They can set Intune as Managed Installer so any application pushed by the administrator to the endpoints will be trusted and installed but the users won't be able to install new applications on their own.


How Many App Control Policies Can Be Deployed On a System?

How Many WDAC Policies Can Be Deployed On a System


There is no limit on how many App Control policies you can deploy on a system.


What Is ISG And How Can I Use It In An App Control Policy?

What Is ISG And How Can I Use It In An App Control Policy


ISG stands for The Intelligent Security Graph. It's a very powerful AI-based system that processes Trillions of signals from all kinds of data sources every day. You can utilize it as the arbiter in App Control policies so it can help you allow trusted apps and block unknown or malicious apps automatically.


What Is Smart App Control?

What Is Smart App Control


Smart App Control is an automated AI-based Application Control mechanism that uses the same underlying components as App Control for Business. It can be used in all Windows editions and provides great level of security by default for all systems it's enabled on.


What Is The Most Secure Level To Use For Authorizing Files?

What Is The Most Secure Level To Use For Authorizing Files


For signed files, you should always use WHQLFilePublisher as main level and FilePublisher as fallback. For unsigned files, use Hash level.


Is There A More Automated Way To Use Application Control At Scale?

Is There A More Automated Way To Use Application Control At Scale


Yes. Microsoft Defender for Cloud's adaptive application controls enhance your security with this data-driven, intelligent automated solution that defines allowlists of known-safe applications for your machines. It uses Machine Learning models and is based on the collected telemetry data.