Introduction
In this article, you will learn how to protect your on-premises devices from malware attacks.
Windows Defender Application Control is a security software application designed to protect devices, from malware and other harmful software. Its main purpose is to allow trusted applications to run on PCs. Windows Defender Application Control is Available on Windows 10/11, Windows Server 2016, and the latest Windows Server versions.
Implement Windows Defender application control
Step 1. Download the WDAC
- Use the following link to download the Microsoft WDAC Wizard: https://webapp-wdac-wizard.azurewebsites.net/
- Then click 'Download the Installer'
- If your download does not start automatically, click here.
Step 2. Install the WDAC policy
- After downloading, double-click to open the WDAC Wizard Installer.
- By selecting "Launce When Ready, "WDAC will open automatically once the installation is complete.
- Then Click "Install"
Step 3. Creating a WDAC policy
Once the installation is finished, the Windows Defender Application Control Policy Wizard will launch automatically
In that case, I'm going to create a new base WDAC policy.
Choose the option 'Policy Creator'
Step 4. Select a policy type
Windows Defender Application Control (WDAC) has two types of policies
One is for Multiple Policy Format, and the second is for Single Policy Format.
So, In that case, I'm going to create a policy with a single policy format.
- Select "Single Policy Format"
- Then Click "Next"
Step 5. Select a base template for the policy
- Select the “Default Window Mode”
- Then modify the policy name "wdacpolicy"
- To change the folder location, click 'Browse'. If not, keep it as the default."
- Then Click "Next"
Step 6. Configure policy template
- By enabling or disabling, you can edit the policy rules.
- Disable the "Audit Mode"
If you want to test the new Windows Defender Application Control policies, you have to enable audit mode before enforcing the policies in your environment.
Turning on audit mode will not enforce the policy.
- Then Click "Next"
Step 7. File rules
You have the option to create custom rules or remove existing ones
Click "Next"
The Windows Defender Application Control (WDAC) was created successfully,
Step 8. Convert your WDAC policy XML to binary
- Open PowerShell ISEas an Administrator
- Type the following command "convertFrom-ciPolicy -XmlFilePath c:\wdac\wdacpolicy.xml -BinaryFilePath c:\wdac\siPolicy.p7b "
- Then click the "Run Script" button
In my next article, you will learn how to deploy and manage WDAC policies on a domain controller.....
Deploy and manage the WDAC Policy in the domain controller
- Go to the Windows Server 2026 or the Windows Server's latest version
- Copy the SiPolicy.p7b file and then create a new folder on the domain controller and paste it
- Then share that folder with everyone
Step 8. Deploy on Windows server
- Open the Group Policy Management from the Server manager
- Click "Tools"
- Then Click "Group Policy Management"
Step 9. Create a new GPO and link to the domain
- Right-click on your Domain "techshifa.local"
- Then Click "Create a GPO in this domain, and Link it here" to Create a GPO
Step 10. Edit the GPO policy
- Go to "Computer Configuration"
- Click "Policies"
- Then Click "Administrative Template"
- Then Select "System"
- Click on "Device Guard"
- Then double-click the Deploy Widows Defender application controller
Step 11. Deploy WDAC
- Click "Enable"
- And then put the path for the WDAC policy\\DC1.techshifa.local\wdac\SiPolicy.p7b
- Then Click OK
Note. This policy is attached to the domain and will affect all devices
Once a client computer is set up with an Active Directory-based GPO, it typically takes 20 minutes for the client computer to apply any settings after a Group Policy refresh. By default, the Group Policy refresh occurs in the background every 90 minutes with a delay of 0 to 30 minutes. (Source Microsoft)
To update the group policy on a computer, you can follow these steps
By following these steps, you can manually update the group policy on your computer through the command prompt as an administrator.
- Open the command prompt as an administrator.
- Type the following command to update the policy "gpupdate /force"
- Press Enter to execute the command.
Note. This will initiate an update of the group policy settings, on your computer.