This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 44%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET6%3C/text%3E%3C/svg%3E)
Dear community,
I'm trying to implement WDAC on a Windows 11 workstation.
I successfully deployed
What I'm trying now is to implement a supplemental policy based on the FilePublisher Level. Unfortunately it fails for no known reason.
What I did basically is the following to create the supplemental policy:
$files = Get-SystemDriver -ScanPath "C:\Users\tristan\AppData\Local\CommuSoft\client" -NoScript -UserPEs
$rules = New-CIPolicyRule -Level FilePublisher -SpecificFileNameLevel FilePath -DriverFiles $files
New-CIPolicy -MultiplePolicyFormat -FilePath CommuSoft.xml -Rules $rules
Then I applied this Supplemental policy as I did before.
But, when launching my CommuSoft program, it is blocked by WDAC with the folllowing event log:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\explorer.exe) attempted to load \Device\HarddiskVolume3\Users\user\AppData\Local\CommuSoft\client\CommuSoftClient.exe that did not meet the Enterprise signing level requirements or violated code integrity policy (Policy ID:{6e3eb6b2-4061-4c75-bf30-4c20b17bea73}).
6e3eb6b2-4061-4c75-bf30-4c20b17bea73 is my base policy.
What's strange is that the executable is in my CommuSoft.xml file:
<FileRules>
<FileAttrib ID="ID_FILEATTRIB_F_122_0" FriendlyName="C:\Users\user\AppData\Local\CommuSoft\client\CommuSoftClient.exe FileAttribute" MinimumFileVersion="17.1.6.0" FilePath="C:\Users\user\AppData\Local\CommuSoft\client\CommuSoftClient.exe"/>
</FileRules>
<Signers>
<Signer ID="ID_SIGNER_F_147" Name="DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1"> <CertRoot Type="TBS" Value="65B1D4076A89AE273F57E6EEEDECB3EAE129B4168F76FA7671914CDF461D542255C59D9B85B916AE0CA6FC0FCF7A8E64"/>
<CertPublisher Value="CommuSoft"/>
<FileAttribRef RuleID="ID_FILEATTRIB_F_122"/>
</Signers>
<SigningScenarios>
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="Auto generated policy on 06-19-2024">
<ProductSigners>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_F_147"/>
</AllowedSigners>
</ProductSigners>
</SigningScenario>
</SigningScenarios>
So, I have the impression some rules are not taken into account, but I do not know how to dig deeper with the only log file I have. Any clue? Thank you for your help :)
