Microsoft Defender Endpoint Application Control Policies

%3CLINGO-SUB%20id%3D%22lingo-sub-2864265%22%20slang%3D%22en-US%22%3EMicrosoft%20Defender%20Endpoint%20Application%20Control%20Policies%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2864265%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20like%20to%20find%20out%20if%20MDE%20application%20control%20is%20capable%20of%20the%20following%20and%20how%20they%20can%20be%20implemented%20(Im%20not%20expecting%20all%20to%20be%20answered)%3A-%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3E%3CP%3EMonitoring%20of%20process%20launch%20attempts%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3ECan%20processes%20be%20block%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3ECan%20processes%20be%20defined%20by%20fingerprint%2Fhash%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EProcess%20exclusion%20based%20on%20argument%20regex%20string%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EFile%20read%2Fcreate%2Fdelete%2Fwrite%20attempt%20monitoring%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3EIs%20DLL%20Load%20monitoring%20possible%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3ECan%20processes%20be%20monitored%20whilst%20allowing%20further%20rules%20to%20be%20analyzed%20(continue%20processing%20other%20rules)%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3ECan%20log%20events%20including%20severity%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3ECan%20notify%20user%20of%20policy%20actions%3C%2FP%3E%3C%2FLI%3E%3CLI%3E%3CP%3ECan%20processes%20be%20monitored%20based%20on%20wildcard%20expressions%3C%2FP%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3EAny%20help%20is%20much%20appreciated%2C%20thank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi all,

 

I would like to find out if MDE application control is capable of the following and how they can be implemented (Im not expecting all to be answered):-

 

  • Monitoring of process launch attempts

  • Can processes be block

  • Can processes be defined by fingerprint/hash

  • Process exclusion based on argument regex string

  • File read/create/delete/write attempt monitoring

  • Is DLL Load monitoring possible

  • Can processes be monitored whilst allowing further rules to be analyzed (continue processing other rules)

  • Can log events including severity

  • Can notify user of policy actions

  • Can processes be monitored based on wildcard expressions

Any help is much appreciated, thank you.

0 Replies