Forum Discussion

StuartK73's avatar
StuartK73
Iron Contributor
Jul 22, 2020

Can't get rid of WDAC Block

Hi All   We rolled out an Endpoint Protection policy with WDAC on, but it has had a negative effect on some users.   Now we have unassigned the Endpoint Protection policy with WDAC, yet apps are ...
Intune
Mobile Device Management (MDM)
dj675414's avatar
dj675414
Copper Contributor

StuartK73 Hello Stuart,

 

I was curious did you find a solution to this problem?

 

Thanks

StuartK73's avatar
StuartK73
Iron Contributor
Oct 16, 2020

dj675414 

 

Hi Buddy

 

I think we had some National Cyber Security Centre (NCSC) Endpoint Protection policies deployed that had a WDAC payload.

 

Check what configs are being deployed to your devices.

 

Regards

  • r0bu's avatar
    r0bu
    Brass Contributor
    Oct 17, 2020
    You can apply another policy with WDAC set to audit and that will remove the enforcement.
    • dj675414's avatar
      dj675414
      Copper Contributor
      Oct 17, 2020
      That’s exactly what I did last night, keep in mind this does cause a force reboot on all client machines this policy deploys to.

      The problem for us, I use a 3rd party packager when Win32app doesn’t fit the bill. Some of those apps looked foreign to defender and it blocked used access to them after a change in the policy.

Share