Windows Defender Application Control deployment

Copper Contributor

Has anyone embarked on deploying WDAC?

 

Unfortunately, due to the nature of our estate, rather than trying to build a single device will "all" the apps on it, we've deployed audit mode to all our devices.

Using Windows Defender Security Center and advanced hunting -

 
DeviceEvents
| where Timestamp > ago(7d) and
ActionType startswith "AppControl"


We're hoping to be able to convert the output of advanced hunting into the WDAC xml policies.
 
Has anyone taken this approach?
0 Replies