This video show how the WDACConfig module can be used to Simulate the deployment of an Application Control policy (WDAC) without running any files or actually deploying any policies.
This cmdlet allows you to simulate a WDAC (App Control for Business) policy deployment. Simply select folders or files and a policy XML file, it will show you whether the selected files would be allowed or blocked by your WDAC policy if it was actually deployed on a system and those files were run.
Full command details:
github.com/HotCakeX/Harden-Wi...
WDACConfig module:
github.com/HotCakeX/Harden-Wi...
My GitHub:
github.com/HotCakeX/Harden-Wi...
Some Use Cases
Have a WDAC policy and you want to test whether all of the files of a program will be allowed by the policy without running the program first? Use this WDAC simulation to find out.
Employ this simulation method to discover files that are not explicitly specified in the WDAC policy but are still authorized to run by it.
Identify files that have hash mismatch and will not be permitted by WDAC engine using signature. These files are typically found in questionable software because they are tampered with.
And many more.
2 июл 2024
