Forum Discussion

JamesY650's avatar
JamesY650
Brass Contributor
Nov 20, 2024
Solved

WDAC allow rule not working for non program or windows directories

I was testing WDAC. I used App Control Wizard to create a Multiple Policy Format Base Policy. I selected the Default Windows Mode and left all option as default (except I turned off audit mode as I w...
wdac
  • JamesY650's avatar
    JamesY650
    Nov 20, 2024

    I looked the WDAC rule. I think I found the reason. I need to disable Runtime FilePath Rule Protection (default is enable) in order to allow FilePath rules for paths that are only writable by an administrator. It explains the reason why it works for c:\users but not its subdirectories. As soon as I disable Runtime FilePath Rule Protection, it worked perfectly.

    Thanks

JamesY650's avatar
JamesY650
Brass Contributor
Nov 20, 2024

I looked the WDAC rule. I think I found the reason. I need to disable Runtime FilePath Rule Protection (default is enable) in order to allow FilePath rules for paths that are only writable by an administrator. It explains the reason why it works for c:\users but not its subdirectories. As soon as I disable Runtime FilePath Rule Protection, it worked perfectly.

Thanks

Resources