From 854ebb9a2ef63612f8cae0bc279ef335062f36c9 Mon Sep 17 00:00:00 2001 From: Violet Hansen Date: Fri, 16 Aug 2024 00:42:52 +0300 Subject: [PATCH] Update How to Use Microsoft Defender for Endpoint Advanced Hunting With WDAC App Control.md --- ...ndpoint Advanced Hunting With WDAC App Control.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Wiki posts/Windows Defender Application Control (WDAC)/How to Use Microsoft Defender for Endpoint Advanced Hunting With WDAC App Control.md b/Wiki posts/Windows Defender Application Control (WDAC)/How to Use Microsoft Defender for Endpoint Advanced Hunting With WDAC App Control.md index 25302d4b5..c7d2684fa 100644 --- a/Wiki posts/Windows Defender Application Control (WDAC)/How to Use Microsoft Defender for Endpoint Advanced Hunting With WDAC App Control.md +++ b/Wiki posts/Windows Defender Application Control (WDAC)/How to Use Microsoft Defender for Endpoint Advanced Hunting With WDAC App Control.md @@ -22,7 +22,7 @@ You can create Audit mode policies using the WDACConfig module based on differen For instance, the following command will create an Audit mode policy that once deployed on an endpoint, starts generating Audit logs for any file that runs but is not part of the Windows by default. ```powershell -New-WDACConfig -PrepDefaultWindowsAudit +New-WDACConfig -PolicyType DefaultWindows -Audit ```
@@ -30,7 +30,7 @@ New-WDACConfig -PrepDefaultWindowsAudit Another option would be the following command, which will create an Audit mode policy that once deployed, starts generating Audit logs for any file that runs but is not signed by Microsoft certificates. ```powershell -New-WDACConfig -PrepMSFTOnlyAudit +New-WDACConfig -PolicyType AllowMicrosoft -Audit ```
@@ -129,16 +129,16 @@ The following video demonstrates the process of collecting the data from MDE Adv After generating the Supplemental policies based off of the MDE Advanced Hunting data, you need to remove the Audit mode policies you deployed to your endpoints initially and replace them with Enforced mode policies. -#### [Generate Allow Microsoft Base Policy (Enforced Mode)](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New-WDACConfig#new-wdacconfig--makeallowmsftwithblockrules) +#### [Generate Allow Microsoft Base Policy (Enforced Mode)](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New-WDACConfig#new-wdacconfig--policytype) ```powershell -New-WDACConfig -MakeAllowMSFTWithBlockRules +New-WDACConfig -PolicyType AllowMicrosoft ``` -#### [Generate Default Windows Base Policy (Enforced Mode)](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New-WDACConfig#new-wdacconfig--makedefaultwindowswithblockrules) +#### [Generate Default Windows Base Policy (Enforced Mode)](https://github.com/HotCakeX/Harden-Windows-Security/wiki/New-WDACConfig#new-wdacconfig--policytype) ```powershell -New-WDACConfig -MakeDefaultWindowsWithBlockRules +New-WDACConfig -PolicyType DefaultWindows ```