Forum Discussion
WDAC allow rule not working for non program or windows directories
I looked the WDAC rule. I think I found the reason. I need to disable Runtime FilePath Rule Protection (default is enable) in order to allow FilePath rules for paths that are only writable by an administrator. It explains the reason why it works for c:\users but not its subdirectories. As soon as I disable Runtime FilePath Rule Protection, it worked perfectly.
Thanks
The issue may stem from the way WDAC applies rules to different directory types, particularly system folders like "Users" and "Temp," which can have additional security or permission settings that prevent applications from running as expected. WDAC can sometimes require more specific rules for these directories, as they might involve user-specific or system-level restrictions that differ from standard program directories. I recommend reviewing the rule definitions and ensuring that the correct permissions are applied, particularly for user directories (e.g., c:\Users) and temporary directories (e.g., c:\Temp). You might need to create more granular rules or include additional exceptions for these folders. Additionally, double-check if there are any other conflicting group policies or restrictions that could interfere with WDAC's behavior in these directories.
https://m-zahid.com/