Forum Discussion
WDAC allow rule not working for non program or windows directories
I looked the WDAC rule. I think I found the reason. I need to disable Runtime FilePath Rule Protection (default is enable) in order to allow FilePath rules for paths that are only writable by an administrator. It explains the reason why it works for c:\users but not its subdirectories. As soon as I disable Runtime FilePath Rule Protection, it worked perfectly.
Thanks
Hi James, have you come across a lot of DLLs files are getting blocked? especially when deploying windows
updates? Cheers
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\ManageEngine\UEMS_Agent\patches\112079-SQLServer2022-KB5048038-x64.exe) attempted to load \Device\HarddiskVolume3\ffba7c85dc0bb82b1e8ccd77a6f6aeaa\SETUP.EXE that did not meet the Enterprise signing level requirements or violated code integrity policy (Policy ID:{dfdf74bc5-c0e7-4e17-af3b-903f49b7df0c}).
I did have some DLLs files blocked in \Device\HarddiskVolume3\Windows\System32, but nothing gets blocked in \Device\HarddiskVolume3\Program Files (x86). At this moment, I just turn on WDAC in my machines for testing. Haven't roll out for wider group testing. Also, the blocking seems not impact anything in my machines.
Could it be you need to whitelist \Device\HarddiskVolume3\Program Files (x86)\ in addition to %OSDRIVE%\Program Files (x86)\*?