Aaron Margosis
User profile directories are never safe directories
"AaronLocker" and its documentation distinguish between "safe" and "unsafe" paths. The former are directories within which only admins can create, modify, or delete content. (E.g., "Program Files" and its subdirectories...
You'll _never_ want to create a Path rule for _anything_ under %OSDRIVE%\Users\*. **Ever**. If you want to allow non-admins to download/update and execute unsigned files, you cannot implement whitelisting in...
Re whitelisting for developers - you're correct, to a point. I do exactly that on my own machine - I have a small number of paths that I can write...
WDAC is supported on WS2016 and later, but the WDAC feature set has evolved quite a lot since its first release in 2015. The features required for AaronLocker-like functionality using...
To save you some time: ask Rick Munck. He's in the GAL.
When will the changes be made, and what will the changes be? The text is still incorrect.
I don't see a way for me to reopen this issue, but the text is still incorrect. Per what I wrote when I first opened this issue, the SCT recommends...