Hello, 

I would like to deploy WDAC for my clients using an SCCM endpoint security policy , but I wish to exclude all applications that has been previously installed through the Configuration Manager Installer and only those, from the scope of WDAC.

An additional constraint is to not use the absolute path binary whitelist as a mean to achieve this goal, for security concerns.

Is there any  way (that doesn't imply absolute path whitelisting) to apply WDAC through SCCM while keeping the formerly deployed applications active ?

Best regards