New-WDACConfig available parameters

New-WDACConfig -PolicyType

Syntax

New-WDACConfig
    [-PolicyType <String>]
    [-Deploy]
    [-Audit]
    [-TestMode]
    [-RequireEVSigners]
    [-EnableScriptEnforcement]
    [-LogSize <UInt64>]

Description

Use this parameter to create a new App Control base policy with different policy types and configurations.

Note

If the selected policy type is DefaultWindows and the detected PowerShell is not installed through Microsoft Store, the module will scan the PowerShell files and add them to the DefaultWindows base policy as allowed files so you will be able to continue using the module after deploying the policy.

Tip

The SignedAndReputable policy type uses ISG, The Microsoft Intelligent Security Graph.

Parameters

-PolicyType

There are 3 policy types you can choose from and they are listed below:

Type:	String
Position:	Named
Accepted values:	AllowMicrosoft, DefaultWindows, SignedAndReputable
Default value:	None
Required:	True
Accept pipeline input:	False
Accept wildcard characters:	False

-Deploy

Indicates that the policy is to be deployed to the local machine.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-Audit

Turns on Audit mode in the policy so that the policy will be auditing files after deployment instead of blocking them.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-TestMode

Indicates that the created policy will have Enabled:Boot Audit on Failure and Enabled:Advanced Boot Options Menu policy rule options.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-RequireEVSigners

Indicates that the created policy will have Require EV Signers policy rule option.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-EnableScriptEnforcement

Enables script enforcement in the created policy.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-LogSize

Note

This parameter is only available when the -Audit parameter is used.

Specifies the log size for Microsoft-Windows-CodeIntegrity/Operational events. The values must be in the form of <Digit + Data measurement unit>. e.g., 2MB, 10MB, 1GB, 1TB. The minimum accepted value is 1MB which is the default.

Type:	UInt64
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

New-WDACConfig -GetUserModeBlockRules

Syntax

New-WDACConfig
    [-GetUserModeBlockRules]
    [-Deploy]

Description

Downloads the latest Microsoft Recommended User-Mode Block Rules.

Parameters

-Deploy

Indicates that the policy is to be deployed to the local machine.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

New-WDACConfig -GetDriverBlockRules

Syntax

New-WDACConfig
    [-GetDriverBlockRules]
    [-Deploy]
    [-AutoUpdate]

Description

Downloads the latest Microsoft Recommended Drivers Block rules.

Parameters

-Deploy

Indicates that the policy is to be deployed to the local machine.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False

-AutoUpdate

Creates a scheduled task that runs every 7 days to automatically perform the official method for updating Microsoft recommended driver block rules.

Type:	SwitchParameter
Position:	Named
Default value:	None
Required:	False
Accept pipeline input:	False
Accept wildcard characters:	False