Microsoft Defender Endpoint Application Control Policies

Copper Contributor

Hi all,


I would like to find out if MDE application control is capable of the following and how they can be implemented (Im not expecting all to be answered):-


  • Monitoring of process launch attempts

  • Can processes be block

  • Can processes be defined by fingerprint/hash

  • Process exclusion based on argument regex string

  • File read/create/delete/write attempt monitoring

  • Is DLL Load monitoring possible

  • Can processes be monitored whilst allowing further rules to be analyzed (continue processing other rules)

  • Can log events including severity

  • Can notify user of policy actions

  • Can processes be monitored based on wildcard expressions

Any help is much appreciated, thank you.

0 Replies