LOLBAS icon indicating copy to clipboard operation
LOLBAS copied to clipboard

Published 20 hours ago verified publisher icon LOLBAS-Project

Cross reference WDAC recommended block rules and add missing LOLBAS

Open ConsciousHacker opened this issue 4 years ago • 2 comments

Note: Use the XML, not the bulleted list towards the top of the following page.

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules

ConsciousHacker avatar Aug 28 '20 14:08 ConsciousHacker

The following binaries are missing from the bulleted list:

  • addinprocess.exe
  • addinprocess32.exe
  • addinutil.exe
  • aspnet_compiler.exe
  • dbghost.exe
  • dbgsvc.exe
  • fsi.exe
  • fsiAnyCpu.exe
  • kd.exe
  • kill.exe
  • lxrun.exe
  • ntkd.exe
  • ntsd.exe
  • powershellcustomhost.exe
  • texttransform.exe
  • visualuiaverifynative.exe
  • wfc.exe
  • windbg.exe
  • wslconfig.exe
  • wslhost.exe

ConsciousHacker avatar Sep 03 '20 13:09 ConsciousHacker

A couple of executables listed above are now present in the project, e.g. aspnet_compiler.exe, fsi.exe and fsiAnyCpu.exe.

(FYI, slightly unrelated but all blockrules executables that ARE present in this project have been marked as such in #179)

wietze avatar Nov 15 '21 00:11 wietze