Windows 10: Is Microsoft Defender or Windows Defender Application Control WDAC included in Windows 11 Pro?

I have been going through the process of hardening my Windows 11 device, following this guide where I can: ACSC Essential Eight - Essential Eight Microsoft Learn. Because I only have Windows Pro account not 365, some of the guide does not apply to me.Windows Defender Application Control WDAC is suggested for some tasks e.g. Application Control, while Microsoft Defender is suggested for some others e.g. Patch Applications. At first I did not believe I have either of these with a Windows Pro account, then I discovered that I still had some group policies related to WDAC and Microsoft D

:)

 

Use Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph

Hi,



Thank you for writing to Microsoft Community Forums.



In order to enable trust for executables based on classifications in the ISG, the
Enabled:Intelligent Security Graph authorization option must be specified in the WDAC policy. This can be done with the Set-RuleOption cmdlet. In addition, it is recommended from a security perspective to also enable the
Enabled:Invalidate EAs on Reboot option to invalidate the cached ISG results on reboot to force rechecking of applications against the ISG.



Since the ISG relies on identifying executables as being known good, there are cases where it may classify legitimate executables as unknown, leading to blocks that need to be resolved either with a rule in the WDAC policy, a catalog signed by a certificate
trusted in the WDAC policy or by deployment through a WDAC managed installer. Typically, this is due to an installer or application using a dynamic file as part of execution. These files do not tend to
build up known good reputation. Auto-updating applications have also been observed using this mechanism and may be flagged by the ISG.



Modern apps are not supported with the ISG heuristic and will need to be separately authorized in your WDAC policy. As modern apps are signed by the Microsoft Store and Microsoft Store for Business. It is straightforward to authorize modern apps with
signer rules in the WDAC policy.



Enabled:Intelligent Security Graph Authorization -> Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG).



Enabled:Invalidate EAs on Reboot -> When the Intelligent Security Graph option (14) is used, WDAC sets an extended file attribute that indicates that the file was authorized to run. This option will cause WDAC to periodically
re-validate the reputation for files that were authorized by the ISG.



For more information, you may refer the below articles.

• Use
  Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph.
  
• Deploy Windows
  Defender Application Control policy rules and file rules.
  
• Use
  signed policies to protect Windows Defender Application Control against tampering.
  

If you still have questions, then I suggest you to post your query in
IT Pro TechNet Forums, where we have support
professionals who are well equipped with the knowledge on Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph.



Please feel free to contact us back, in case you have any other questions/issues with Windows in future.

 

Use Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph

Hi,

Thank you for replying and I apologize for the delayed response.

I suggest you to post this query in IT Pro TechNet Forums, where we have support professionals, who will answer all your questions related to Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph and provide you more information
on this.

 

Windows Defender Released

Microsoft has released the final version of its Windows Defender anti-spyware utility. Windows Defender is a product of the Microsoft acquisition of GIANT Software. Previously known as Windows AntiSpyware, after a two years beta period it's now available for Windows XP and Windows Server 2003 under the name Windows Defender. Windows Defender incorporates Real-Time Protection to monitor systems for spyware activity, automated spyware removal with scheduled scans, full integration with Internet Explorer 7.0 and automatic spyware definition updates from Microsoft. Windows Defender is available freely to all customers running a genuine copy of Windows. Microsoft has also announced that customers will each be allowed to report two support incidents for free with Windows XP and Windows Server 2003.

Source: DailyTech