The FileName rule level in WDAC App Control for Business allows or denies execution based on metadata embedded in the file's PE VERSIONINFO resource — not base

FilePublisher is the gold standard rule level for most enterprise WDAC deployments. It offers the optimal balance between specificity and maintainability — tigh

The FilePath rule level in WDAC App Control for Business allows execution of any code located at a specified filesystem path — without checking what that code a

The LeafCertificate rule level trusts files based on the end-entity certificate that was used to directly sign those files. This is the actual code-signing cer

The Hash rule level in Windows Defender Application Control is the most granular and cryptographically precise rule level available. A Hash rule allows or deni

The PcaCertificate rule level in Windows Defender Application Control trusts files based on the intermediate Certificate Authority certificate that sits betwee

The Publisher rule level is one of the most practical and widely used certificate-based trust levels in Windows Defender Application Control , also known as App

> CRITICAL: The RootCertificate level is NOT SUPPORTED in App Control for Business . This document explains why, what happens if you try to use it, and what you

The SignedVersion rule level in WDAC App Control for Business grants execution rights based on two combined criteria: the file must be signed by a specific publ

> Windows Hardware Quality Lab signing — a Microsoft-operated certification program that tests and cryptographically endorses hardware drivers. The WHQL level i

> The most specific WHQL-family rule level: combines the WHQL EKU trust check, vendor leaf certificate CN, specific driver filename, and a minimum version floor

> Combines the WHQL EKU trust check with the Common Name of the leaf certificate — allowing only WHQL-certified drivers from a specific named hardware vendor,

> Formerly known as: Windows Defender Application Control

Enabled:UMCI extends Windows Defender Application Control enforcement from kernel-mode code down into the full user-mode execution space. Without this option,

Required:WHQL tightens the kernel-mode driver signing standard from the broader Microsoft-signed requirement to the stricter Windows Hardware Quality Labs cert

Current Support Status: Not currently supported by Windows

Enabled:Audit Mode places an App Control for Business policy in a non-enforcing observation state. When Audit Mode is active, the Code Integrity engine evaluate

Disabled:Flight Signing removes the implicit trust that WDAC / App Control for Business policies grant to Windows Insider build certificates. In the default WD

XML Value: <Rule><Option>Enabled:Inherit Default Policy</Option></Rule>

XML Value: <Rule><Option>Allowed:Debug Policy Augmented</Option></Rule>

XML Value: <Rule><Option>Enabled:Unsigned System Integrity Policy</Option></Rule>

XML Value: <Rule><Option>Required:EV Signers</Option></Rule>

XML Value: <Rule><Option>Enabled:Advanced Boot Options Menu</Option></Rule>

Applies to Supplemental Policies: No