Windows Server 2022 WDAC Dynamic Code Security

asked 2022-06-19T06:55:05.87+00:00
MikeCTechDude 1 Reputation point

It appears that when Dynamic Code Security is enabled in your CI Policies, there are no indications that an application was blocked due to this. The CodeIntegrity/Operational log has no errors indicating that this block took place.

You can test this out with NordVPN with its nordvpn-service and NordSec Update Service. Neither of these services start with WDAC in Enforcement mode with Dynamic Code security enabled. And there are no indications anywhere that they're not starting due to that issue.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,148 questions
No comments
{count} votes

2 answers

Sort by: Most helpful
  1. answered 2022-06-20T15:26:05.137+00:00

    SQL serverارتباط مسؤل مخصصDAC

    No comments

  2. answered 2022-06-21T07:33:01.117+00:00
    Limitless Technology 37,291 Reputation points

    Hi there,

    I suppose these events can be captured by using audit events to create WDAC policy rules.

    A Windows Defender Application Control policy logs events locally in Windows Event Viewer in either enforced or audit mode. These events are generated under two locations:

    Events about Application Control policy activation and the control of executables, dlls, and drivers appear in Applications and Services logs > Microsoft > Windows > CodeIntegrity > Operational

    Events about the control of MSI installers, scripts, and COM objects appear in Applications and Services logs > Microsoft > Windows > AppLocker > MSI and Script


    --If the reply is helpful, please Upvote and Accept it as an answer–

    No comments