Recommended Block Rules Allow All?

[miketheitguy]

By default the block rules allows all files. The specifics around deployment of this policy aren't specified in this page. For example, if you Merge-CIPolicy this policy into another policy--and don't really check what's going on, you'll actually "Allow All" files inadvertently. This caused me a little confusion as to why my WDAC log wasn't firing when I executed Putty.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 6e8740b8-c1f2-4b88-3d4d-66cdbf20215f
• Version Independent ID: 7986a684-b35d-06bd-be30-dfca9923cb9c
• Content: Microsoft recommended driver block rules (Windows) - Windows security
• Content Source: windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
• Product: m365-security
• GitHub Login: @jgeurten
• Microsoft Alias: dansimp