Forum Discussion

StuartK73's avatar
StuartK73
Steel Contributor
Jul 22, 2020

Can't get rid of WDAC Block

Hi All   We rolled out an Endpoint Protection policy with WDAC on, but it has had a negative effect on some users.   Now we have unassigned the Endpoint Protection policy with WDAC, yet apps are ...
Intune
mobile device management (mdm)
StuartK73's avatar
StuartK73
Steel Contributor
Oct 16, 2020

dj675414 

 

Hi Buddy

 

I think we had some National Cyber Security Centre (NCSC) Endpoint Protection policies deployed that had a WDAC payload.

 

Check what configs are being deployed to your devices.

 

Regards

r0bu's avatar
r0bu
Brass Contributor
Oct 17, 2020
You can apply another policy with WDAC set to audit and that will remove the enforcement.
  • dj675414's avatar
    dj675414
    Copper Contributor
    Oct 17, 2020
    That’s exactly what I did last night, keep in mind this does cause a force reboot on all client machines this policy deploys to.

    The problem for us, I use a 3rd party packager when Win32app doesn’t fit the bill. Some of those apps looked foreign to defender and it blocked used access to them after a change in the policy.