Some application installers may automatically run the application at the end of the installation process. If a managed installer process runs in the context of a user with standard privileges, then it's possible that standard users or malware running as standard user may be able to circumvent the intent of your WDAC policies. Users with administrator privileges, or malware running as an administrator user on the system, may be able to circumvent the intent of your WDAC policies when the managed installer option is allowed. Managed installer is best suited where users operate as standard user, and where all software is deployed and installed by a software distribution solution such as MEMCM. Since managed installer is a heuristic-based mechanism, it doesn't provide the same security guarantees as explicit allow or deny rules do. Security considerations with managed installer As long as there are no deny rules for the binary, WDAC will allow it to run based purely on its managed installer origin. When that option is set, WDAC will check for managed installer origin information when determining whether or not to allow a binary to run. You can then configure WDAC to trust files that are installed by a managed installer by adding the "Enabled:Managed Installer" option to your WDAC policy. As files are written, they're tagged as originating from a managed installer. When one of these trusted binaries runs, Windows monitors the binary's process (and any child processes it launches) and watches for files being written to disk. Managed installer uses a special rule collection in AppLocker to designate binaries that are trusted by your organization as an authorized source for application installation. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune. Windows Defender Application Control (WDAC) includes an option called managed installer that helps balance security and manageability when enforcing application control policies. Learn more about the Windows Defender Application Control feature availability. Some capabilities of Windows Defender Application Control are only available on specific Windows versions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |