New-CIPolicy
Creates a Code Integrity policy as an .xml file.
Syntax
New-CIPolicy
[-FilePath] <String>
[-DriverFiles <DriverFile[]>]
-Level <RuleLevel>
[-Fallback <RuleLevel[]>]
[-Audit]
[-ScanPath <String>]
[-ScriptFileNames]
[-AllowFileNameFallbacks]
[-SpecificFileNameLevel <FileNameLevel>]
[-UserWriteablePaths]
[-UserPEs]
[-NoScript]
[-Deny]
[-NoShadowCopy]
[-MultiplePolicyFormat]
[-OmitPaths <String[]>]
[-PathToCatroot <String>]
[-AppIdTaggingPolicy]
[-AppIdTaggingKey <String[]>]
[-AppIdTaggingValue <String[]>]
[<CommonParameters>]New-CIPolicy
[-FilePath] <String>
-Rules <Rule[]>
[-Audit]
[-ScanPath <String>]
[-ScriptFileNames]
[-AllowFileNameFallbacks]
[-SpecificFileNameLevel <FileNameLevel>]
[-UserWriteablePaths]
[-UserPEs]
[-NoScript]
[-Deny]
[-NoShadowCopy]
[-MultiplePolicyFormat]
[-OmitPaths <String[]>]
[-PathToCatroot <String>]
[-AppIdTaggingPolicy]
[-AppIdTaggingKey <String[]>]
[-AppIdTaggingValue <String[]>]
[<CommonParameters>]Description
The New-CIPolicy cmdlet creates a Code Integrity policy as an .xml file.
If you specify DriverFile objects, this cmdlet generates rules based on the Level parameter. This cmdlet creates a policy based on those rules for the specified driver files.
If you specify Rule objects, this cmdlet creates a policy based on those objects. Because the rules that you specify are created at a specific level, do not specify a level.
If you do not supply either driver files or rules, this cmdlet performs a system scan similar to the Get-SystemDriver cmdlet. The cmdlet generates rules based on Level. If you specify the Audit parameter, this cmdlet scans the Code Integrity Audit log instead.
Examples
Example 1: Create a policy in multiple policy format
PS C:\> New-CIPolicy -ScanPath '.\temp\' -UserPEs -OmitPaths '.\temp\ConfigCITestBinaries' -NoScript -FilePath '.\Policy.xml' -Level Publisher -MultiplePolicyFormat
Scan completed successfully
The second command displays the contents of the policy.
PS C:\> Get-Content -Path '.\policy.xml'
<?xml version="1.0" encoding="utf-8"?>
<SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Base Policy">
<VersionEx>10.0.0.0</VersionEx>
<BasePolicyID>{BB9EC112-DD85-41AD-9778-22680D3D8A22}</BasePolicyID>
<PolicyID>{BB9EC112-DD85-41AD-9778-22680D3D8A22}</PolicyID>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<Rules>
<Rule>
<Option>Enabled:Unsigned System Integrity Policy</Option>
</Rule>
<Rule>
<Option>Enabled:Audit Mode</Option>
</Rule>
<Rule>
<Option>Enabled:Advanced Boot Options Menu</Option>
</Rule>
<Rule>
<Option>Enabled:UMCI</Option>
</Rule>
<Rule>
<Option>Disabled:Script Enforcement</Option>
</Rule>
</Rules>
<!--EKUS-->
<EKUs />
<!--File Rules-->
<FileRules>
<Allow ID="ID_ALLOW_A_2F" FriendlyName="\\?\E:\cmdlets\temp\Microsoft.ConfigCI.Commands.dll Hash Sha1" Hash="BE0777
F5AF88628D4555A875036648DF1AD19BBE" />
<Allow ID="ID_ALLOW_A_30" FriendlyName="\\?\E:\cmdlets\temp\Microsoft.ConfigCI.Commands.dll Hash Sha256" Hash="6FA5
AF724499C338A77FEEAD90F55DDF5F23D081C6DCE8E9DF486E95C6A9B310" />
<Allow ID="ID_ALLOW_A_31" FriendlyName="\\?\E:\cmdlets\temp\Microsoft.ConfigCI.Commands.dll Hash Page Sha1" Hash="D
41570F2E6E7E6245CF342131D4706C944562B1E" />
<Allow ID="ID_ALLOW_A_32" FriendlyName="\\?\E:\cmdlets\temp\Microsoft.ConfigCI.Commands.dll Hash Page Sha256" Hash=
"F714D9784E15B88F56180C8EE2B40C769CC83428954585A1DCF9A260FE967CDD" />
<Allow ID="ID_ALLOW_A_37" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\ntoskrnl.exe Hash Sha1" Ha
sh="FD58E1BFA1E661C809F8A2437932B0F0308A99F8" />
<Allow ID="ID_ALLOW_A_38" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\ntoskrnl.exe Hash Sha256"
Hash="A1C9FA473C2D79D0F68DF6EC72E31847F0FDA283D3A9E6B1405B0DF5929CCCB8" />
<Allow ID="ID_ALLOW_A_39" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\ntoskrnl.exe Hash Page Sha
1" Hash="6D3764B75C6502634234911B8F224FC9568217C9" />
<Allow ID="ID_ALLOW_A_3A" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\ntoskrnl.exe Hash Page Sha
256" Hash="2196AD3A00A59F4C35EEF7FE843FA3D6F80D5EFB3C674ADC087396B77AB35768" />
<Allow ID="ID_ALLOW_A_3F" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\storahci.sys Hash Sha1" Ha
sh="28FAEFE1B18A979F9FF55744B22C6E5EA2949959" />
<Allow ID="ID_ALLOW_A_40" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\storahci.sys Hash Sha256"
Hash="DA737C142A51A73D82E6AD677474C8031486FDEF018A6FE9D178564F83AB284B" />
<Allow ID="ID_ALLOW_A_41" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\storahci.sys Hash Page Sha
1" Hash="029606A9B560F4921EC1122AA73C19C9B97F7764" />
<Allow ID="ID_ALLOW_A_42" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\storahci.sys Hash Page Sha
256" Hash="2A5D6BCBFA55DB0F0487F45F4A6986AFC2C4783820EDA48DE9E0560E51D8DB56" />
<Allow ID="ID_ALLOW_A_33" FriendlyName="\\?\E:\cmdlets\temp\Microsoft.ConfigCI.Commands.dll Hash Sha1" Hash="BE0777F5AF88628D4555A875036648DF1AD19BBE" />
<Allow ID="ID_ALLOW_A_34" FriendlyName="\\?\E:\cmdlets\temp\Microsoft.ConfigCI.Commands.dll Hash Sha256" Hash="6FA5
AF724499C338A77FEEAD90F55DDF5F23D081C6DCE8E9DF486E95C6A9B310" />
<Allow ID="ID_ALLOW_A_35" FriendlyName="\\?\E:\cmdlets\temp\Microsoft.ConfigCI.Commands.dll Hash Page Sha1" Hash="D
41570F2E6E7E6245CF342131D4706C944562B1E" />
<Allow ID="ID_ALLOW_A_36" FriendlyName="\\?\E:\cmdlets\temp\Microsoft.ConfigCI.Commands.dll Hash Page Sha256" Hash=
"F714D9784E15B88F56180C8EE2B40C769CC83428954585A1DCF9A260FE967CDD" />
<Allow ID="ID_ALLOW_A_3B" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\ntoskrnl.exe Hash Sha1" Hash="FD58E1BFA1E661C809F8A2437932B0F0308A99F8" />
<Allow ID="ID_ALLOW_A_3C" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\ntoskrnl.exe Hash Sha256"
Hash="A1C9FA473C2D79D0F68DF6EC72E31847F0FDA283D3A9E6B1405B0DF5929CCCB8" />
<Allow ID="ID_ALLOW_A_3D" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\ntoskrnl.exe Hash Page Sha
1" Hash="6D3764B75C6502634234911B8F224FC9568217C9" />
<Allow ID="ID_ALLOW_A_3E" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\ntoskrnl.exe Hash Page Sha
256" Hash="2196AD3A00A59F4C35EEF7FE843FA3D6F80D5EFB3C674ADC087396B77AB35768" />
<Allow ID="ID_ALLOW_A_43" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\storahci.sys Hash Sha1" Ha
sh="28FAEFE1B18A979F9FF55744B22C6E5EA2949959" />
<Allow ID="ID_ALLOW_A_44" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\storahci.sys Hash Sha256"
Hash="DA737C142A51A73D82E6AD677474C8031486FDEF018A6FE9D178564F83AB284B" />
<Allow ID="ID_ALLOW_A_45" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\storahci.sys Hash Page Sha
1" Hash="029606A9B560F4921EC1122AA73C19C9B97F7764" />
<Allow ID="ID_ALLOW_A_46" FriendlyName="\\?\E:\cmdlets\temp\PackageInspectorTestBinaries\storahci.sys Hash Page Sha
256" Hash="2A5D6BCBFA55DB0F0487F45F4A6986AFC2C4783820EDA48DE9E0560E51D8DB56" />
</FileRules>
<!--Signers-->
<Signers>
<Signer ID="ID_SIGNER_S_D" Name="MSIT Test CodeSign CA 3">
<CertRoot Type="TBS" Value="FA6B9A2230CE08BCA81D096B28CF495672401D3A43A0D285CF352464A6C9C7FD" />
<CertPublisher Value="Microsoft Windows" />
</Signer>
<Signer ID="ID_SIGNER_S_E" Name="MSIT Test CodeSign CA 3">
<CertRoot Type="TBS" Value="FA6B9A2230CE08BCA81D096B28CF495672401D3A43A0D285CF352464A6C9C7FD" />
<CertPublisher Value="Microsoft Windows" />
</Signer>
<Signer ID="ID_SIGNER_S_13" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
<CertPublisher Value="NVIDIA Corporation" />
</Signer>
<Signer ID="ID_SIGNER_S_14" Name="Microsoft Windows Third Party Component CA 2012">
<CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
<CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
</Signer>
<Signer ID="ID_SIGNER_S_15" Name="VeriSign Class 3 Code Signing 2010 CA">
<CertRoot Type="TBS" Value="4843A82ED3B1F2BFBEE9671960E1940C942F688D" />
<CertPublisher Value="NVIDIA Corporation" />
</Signer>
<Signer ID="ID_SIGNER_S_16" Name="Microsoft Windows Third Party Component CA 2012">
<CertRoot Type="TBS" Value="CEC1AFD0E310C55C1DCC601AB8E172917706AA32FB5EAF826813547FDF02DD46" />
<CertPublisher Value="Microsoft Windows Hardware Compatibility Publisher" />
</Signer>
</Signers>
<!--Driver Signing Scenarios-->
<SigningScenarios>
<SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Auto generated policy on 11-13-2015">
<ProductSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_ALLOW_A_2F" />
<FileRuleRef RuleID="ID_ALLOW_A_30" />
<FileRuleRef RuleID="ID_ALLOW_A_31" />
<FileRuleRef RuleID="ID_ALLOW_A_32" />
<FileRuleRef RuleID="ID_ALLOW_A_37" />
<FileRuleRef RuleID="ID_ALLOW_A_38" />
<FileRuleRef RuleID="ID_ALLOW_A_39" />
<FileRuleRef RuleID="ID_ALLOW_A_3A" />
<FileRuleRef RuleID="ID_ALLOW_A_3F" />
<FileRuleRef RuleID="ID_ALLOW_A_40" />
<FileRuleRef RuleID="ID_ALLOW_A_41" />
<FileRuleRef RuleID="ID_ALLOW_A_42" />
</FileRulesRef>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_S_D" />
<AllowedSigner SignerId="ID_SIGNER_S_13" />
<AllowedSigner SignerId="ID_SIGNER_S_14" />
</AllowedSigners>
</ProductSigners>
</SigningScenario>
<SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="Auto generated policy on 11-13-2015">
<ProductSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_ALLOW_A_33" />
<FileRuleRef RuleID="ID_ALLOW_A_34" />
<FileRuleRef RuleID="ID_ALLOW_A_35" />
<FileRuleRef RuleID="ID_ALLOW_A_36" />
<FileRuleRef RuleID="ID_ALLOW_A_3B" />
<FileRuleRef RuleID="ID_ALLOW_A_3C" />
<FileRuleRef RuleID="ID_ALLOW_A_3D" />
<FileRuleRef RuleID="ID_ALLOW_A_3E" />
<FileRuleRef RuleID="ID_ALLOW_A_43" />
<FileRuleRef RuleID="ID_ALLOW_A_44" />
<FileRuleRef RuleID="ID_ALLOW_A_45" />
<FileRuleRef RuleID="ID_ALLOW_A_46" />
</FileRulesRef>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_S_E" />
<AllowedSigner SignerId="ID_SIGNER_S_15" />
<AllowedSigner SignerId="ID_SIGNER_S_16" />
</AllowedSigners>
</ProductSigners>
</SigningScenario>
</SigningScenarios>
<UpdatePolicySigners />
<CiSigners>
<CiSigner SignerId="ID_SIGNER_S_E" />
<CiSigner SignerId="ID_SIGNER_S_15" />
<CiSigner SignerId="ID_SIGNER_S_16" />
</CiSigners>
<HvciOptions>0</HvciOptions>
</SiPolicy>The first command scans for user-mode executables (applications) along with kernel-mode binaries such as drivers and creates rules at the Publisher level. The command creates a policy in multiple policy format and stores it in the file that is named Policy.xml. This command specifies the OmitPaths parameter to exclude files in the temp\ConfigCITestBinaries folder. The command specifies the NoScript parameter so that it gets information for only portable executable files (PE files).
Example 2: Scan unsigned files
PS C:\> New-CIPolicy -ScanPath '.\temp\' -UserPEs -FilePath ".\policy.xml" -Level Publisher -Fallback Hash
Unable to generate rules for all scanned files at the requested level. A list
of files not covered by the current policy can be found at
C:\Users\tocal\AppData\Local\Temp\tmp2F2D.tmp. If it is safe to not include
these files, no action needs to be taken, otherwise a more complete policy may
be created using the -fallback switchThis command scans for user-mode executables (applications) along with kernel-mode binaries such as drivers, and then creates rules at the Publisher level, just as the first example did. This command does not specify the OmitPaths and NoScript parameters. The command encounters files that have an invalid or corrupted signature format. The cmdlet returns an informational message about generated rules.
Example 3: Create rules for driver files in a variable
PS C:\> $DriverFiles = Get-SystemDriver -ScanPath '.\temp\' -UserPEs -OmitPaths '.\temp\ConfigCITestBinaries' -NoScript
PS C:\> New-CIPolicy -Level Publisher -Fallback Hash -FilePath '.\policy02.xml' -DriverFiles $DriverFilesThe first command gets drivers by using the Get-SystemDriver cmdlet, and then stores them in the $DriverFiles variable.
The second command creates rules at the Publisher level for the items stored in $DriverFiles. This example has the same effect as the single command in the second example.
Example 4: Create a policy with exception rules
PS C:\> $Rule_1 = New-CIPolicyRule -Level PcaCertificate -DriverFilePath '.\temp\signedFile.exe'
PS C:\> $Exception_1 = New-CIPolicyRule -Level FileName -SpecificFileNameLevel OriginalFileName -DriverFilePath '.\temp\FileToBlock.exe' -Deny
PS C:\> $Exception_1
Name : C:\temp\FileToBlock.exe FileRule
Id : ID_DENY_D_1
TypeId : Deny
Root :
FileVersionRef :
AppIDRef :
Wellknown : False
Ekus :
Exceptions :
FileAttributes :
FileException : False
UserMode : False
attributes : {[AppIDs, ], [MinimumFileVersion, ], [FileName, FileToBlock.exe]}
Name : C:\temp\FileToBlock.exe FileRule
Id : ID_DENY_D_2
TypeId : Deny
Root :
FileVersionRef :
AppIDRef :
Wellknown : False
Ekus :
Exceptions :
FileAttributes :
FileException : False
UserMode : True
attributes : {[AppIDs, ], [MinimumFileVersion, ], [FileName, FileToBlock.exe]}
PS C:\> $Exception_1[0].FileException = 1
PS C:\> $Exception_1[1].FileException = 1
PS C:\> $Rule_1[0].Exceptions += $Exception_1.ID
PS C:\> $Rule_1
Name : Microsoft Testing PCA 2010
Id : ID_SIGNER_S_1
TypeId : Allow
Root : CCEA4720A5D9D56ACFAA31C19D9D34FA4CC0771720A99DC8A2C7A4CF38A9DEE8
FileVersionRef :
AppIDRef :
Wellknown : False
Ekus :
Exceptions : {ID_DENY_D_1, ID_DENY_D_2}
FileAttributes :
FileException : False
UserMode : True
attributes : {}
$Rules += $Rule_1 + $Exception_1
New-CIPolicy -MultiplePolicyFormat -FilePath ".\temp\Policy.xml" -Rules $RulesThe first set of commands creates an allow file rule based on the CA certificate used to sign the test application as well as a deny exception rule based on the original file name of the application to block. The deny rule has a user mode and kernel mode component which requires both sections' file exception boolean fields to be set to '1'.
The second set of commands sets the exceptions field of the allow file rule to the identifier of the exception rule. If the allow rule has both a user mode and kernel mode component, the exception fields of both components must have the identifier of the exception rule set.
The last commands merge the allow file rule and its deny rule exceptions into one rule variable which can be used in the New-CIPolicy creation step. The same process can be repeated for a deny file rule with allow exception rules.
File rule exceptions cannot use the PCA Certificate, Publisher, Signed Version, or File Publisher rule levels.
Parameters
-AllowFileNameFallbacks
Indicates that files that do not have an OriginalFileName fall back in the following order:
- InternalName
- FileDescription
- ProductName
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AppIdTaggingKey
This parameter is reserved for future use.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AppIdTaggingPolicy
This parameter is reserved for future use.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-AppIdTaggingValue
This parameter is reserved for future use.
| Type: | String[] |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Audit
Indicates that this cmdlet searches the Code Integrity Audit log for drivers. It does not perform a full system scan. Specify this parameter only if you do not provide driver files or rules.
| Type: | SwitchParameter |
| Aliases: | a |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Deny
Indicates that this cmdlet creates deny rules instead of the default allow rules.
| Type: | SwitchParameter |
| Aliases: | d |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-DriverFiles
Specifies an array of DriverFile objects on which this cmdlet bases rules. To obtain a driver file, use the Get-SystemDriver cmdlet.
| Type: | DriverFile[] |
| Aliases: | df |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Fallback
Specifies an array of levels of detail for generated rules. If this cmdlet cannot generate a rule at the specified level, this cmdlet attempts to generate it at a fallback level. The acceptable values for this parameter are the same as for Level. If you specify multiple fallback levels, this cmdlet tries them in order.
| Type: | RuleLevel[] |
| Accepted values: | None, Hash, FileName, FilePath, SignedVersion, PFN, Publisher, FilePublisher, LeafCertificate, PcaCertificate, RootCertificate, WHQL, WHQLPublisher, WHQLFilePublisher |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-FilePath
Specifies the path for the Code Integrity policy .xml file.
| Type: | String |
| Aliases: | f |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Level
Specifies the primary level of detail for generated rules. Refer to WDAC File Rule Levels for acceptable parameter values and descriptions.
| Type: | RuleLevel |
| Aliases: | l |
| Accepted values: | None, Hash, FileName, FilePath, SignedVersion, PFN, Publisher, FilePublisher, LeafCertificate, PcaCertificate, RootCertificate, WHQL, WHQLPublisher, WHQLFilePublisher |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-MultiplePolicyFormat
Indicates that this cmdlet should create a policy in multiple policy format as opposed to a single policy format. Refer to Create WDAC policies in Multiple Policy Format for the difference between the policy formats.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NoScript
Indicates that this cmdlet does not search script files. It searches portable executable files (PE files) only. Specify this parameter only if you do not provide driver files or rules.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-NoShadowCopy
Indicates that the Volume Snapshot Service (VSS) does not make a shadow copy of the disk while the scan runs. This parameter could cause an incomplete scan for a system that is running.
If a scan fails due to VSS errors caused by low disk space on the target drive, this cmdlet prompts you to specify this parameter.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-OmitPaths
Specifies an array of paths that this cmdlet omits from the search. Specify this parameter only if you do not provide driver files or rules. We recommend that you omit C:\Windows.old.
| Type: | String[] |
| Aliases: | o |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PathToCatroot
Specifies the path of the CatRoot folder. Specify this parameter to scan a remote or mounted drive. Specify this parameter only if you do not provide driver files or rules.
| Type: | String |
| Aliases: | c |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Rules
Specifies an array of Rule objects that this cmdlet includes in the policy. To obtain a rule object, use the Get-CIPolicy or New-CIPolicyRule cmdlets.
| Type: | Rule[] |
| Aliases: | r |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ScanPath
Specifies the path for this cmdlet to scan. You can specify a local or remote path. Specify this parameter only if you do not provide driver files or rules. If you specify a remote or mounted drive, also specify the PathToCatroot parameter.
| Type: | String |
| Aliases: | s |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ScriptFileNames
This parameter is reserved for internal Microsoft use.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SpecificFileNameLevel
Specifies the attribute of the file off which to base a file name rule. The -Level must be set to FileName for this option. Possible values are: None, OriginalFileName, InternalName, FileDescription, ProductName, PackageFamilyName, and FilePath. Refer to File Name Rules Info for a description of the acceptable values.
| Type: | FileNameLevel |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserPEs
Indicates that this cmdlet includes user-mode files in the scan. Specify this parameter only if you do not provide driver files or rules.
| Type: | SwitchParameter |
| Aliases: | u |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-UserWriteablePaths
Indicates that this cmdlet includes files identified as user writeable in the policy.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |