Windows 10: WDAC File Exclusions Not Working

Hi Everyone,I've been playing with this for the past two weeks and have a good grip on the way it differs from AppLocker. I have come across an issue during testing with Connectwise Control when an on-demand support session is created and a PC with WDAC implemented, the support exe file is allowed to run because of the exceptions I've implemented and the file is officially signed by Connectwise, but half way through the execution process it fails.Looking through the event logs I see:Code Integrity determined that a process \Device\HarddiskVolume3\Windows\Microsoft.NET\Framework64\v4.0.30319\d

:)

 

Unable to Remove Exclusions from Windows Defender

Thank you for posting back. If you trust a file, file type, folder, or a process that Windows Defender Antivirus has detected as malicious, you can stop Windows Defender Antivirus from alerting you or blocking the program by adding the file to
the exclusion list. It seems that it was added automatically. We suggest that you follow these steps:

• Go to Settings and select Update & security.
• Click Windows Defender.
• Look for Exclusions and select Add an exclusion.
• Navigate to the file, folder, or process, and select Exclude this file.

If the steps provided did not work, we recommend that you boot your device to
Safe Mode and redo the process.

Let us know if you need further assistance.

 

Unable to sign WDAC policy file(bin or p7b) file.

Hi,

To sign our WDAC policy file we are following Microsoft article Use signed policies to protect Windows Defender Application Control. In order to sign SIPolicy file we need to have code signing certificate. We need few clarifications which are described below:

1) As per above mentioned link, it specifically needs ContosoSigningCert code signing certificate to sign the WDAC policy, below is the mentioned command. As we are unable to get this certificate, can you please provide us this certificate. Or in case we can sign it with some other certificate, please share information regarding that.

<Path to signtool.exe> sign -v -n "ContosoSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin

2) We also checked about Device Guard Signing Service v2 (DGSS) is a code signing service. But information available over the web is too generic to apply for our case. In order to sign our WDAC policy file can we get some concrete steps wise information or any other related information regarding this.

Regards,

Vikram

 

Definition of Exclusions not working

Since I am a developer I want to exclude a couple of directories from constant virus scanning, not only because I know the code being in there but also because occasionally the scanning seems to lock certain files for short periods which can then interfere with build processes as these files are then locked and cannot be removed before a new build.

But - while I know that this has worked without issue before - when I just tried to add a new exclusion not only where there none listed anymore (i.e. the old exclusions have apparently silently disappeared :-( ) but when I define a new one, the entire dialog works fine, I eventually select a folder and hit OK, but that exclusion is then ignored. I.e. nothing appears in the list of exclusions and the whole exercise seems to be ignored!?!

Why is this beast not working any more?

This in on WIndows 10 Pro (1903) with all updates (except the pending feature update 1909) installed.