Windows Defender Application Control (WDAC) Implementation - Part 3: Whitelist a Profile Installed App

Part 3 in a guide to setting up Windows Defender Application Control (WDAC)

Windows Defender Application Control (WDAC) Implementation - Part 3: Whitelist a Profile Installed App
Photo by Gabriel Heinzer / Unsplash

For some reason, some vendors insist on installing apps to the user profile. With the policy we've built so far, these policies would block those apps.

For the purposes of this policy, we'll use Postman (see: https://www.postman.com/).

  • Download and install Postman - I recommend doing this using Windows Sandbox
  • Postman should install to %LocalAppData%\Postman
  • To create a new policy enter the following PowerShell command:
New-CIPolicy -FilePath Postman.xml -ScanPath "$($env:LocalAppData)\Postman" -UserPEs -Level Publisher -NoShadowCopy -Verbose
  • The new policy with the certificates detected in the installation directory will be created named Postman.xml
  • Copy the Postman.xml file to the same directory as your base policy files
  • Run the following PowerShell command to link the Postman policy with the base policy. Replace <BasePolicyId> with the PolicyID extracted from the base policy - remember to include the curly braces:
Set-CIPolicyIdInfo -FilePath Postman.xml -PolicyName "Supplemental - Postman" -SupplementsBasePolicyID <BasePolicyId> -BasePolicyToSupplementPath DefaultWindows_Enforced.xml