I analyzed all Microsoft Defender for Endpoint threat intelligence reports published in 2025 to measure the real-world effectiveness of Windows application allowlisting. The results are now available in the yearly report shared by AppControl.AI. Enjoy the reading. #wdac
lnkd.in/eAsjaqxi
Elastic finds RONINGLOADER: trojanized NSIS installers, signed driver ollama.sys, PPL (ClipUp) abuse to tamper with Defender, custom WDAC blocking 360/Huorong, and thread-pool injection; linked to DragonBreath. #RONINGLOADER #PPL #WDAC https://bit.ly/47TE0Pa
Read how you can make your WDAC deployment a lot easier by using a (or multiple) Managed Installers #WDAC #AppControl www.appcontrol.ai/post/wdac-ma...
New blog post: Easily getting started with Intune Management Extension as managed installer
petervanderwoude.nl/post/easily-...
#MSIntune #Intune #EMS #MDM #Windows10 #Windows11 #IME #AppControl #WDAC
@Mister_MDM addressed an issue he discussed with the #ITCommunity at #WPNinjaS25: how the Managed Installer (#WDAC) policy in #Intune can break #Autopilot Device Prep reporting, even when enrollment looks fine.
Here's to Rudy, for turning issues into valuable blogs ➡️ https://bit.ly/4q7QgUT
🚀 New: App Control for Business — Part 7. Automate ACfB policy deployment: maintain, sign, and deploy to Intune via Azure DevOps pipelines or with PowerShell 7. Read more about this on my blog: www.ctrlshiftenter.cloud/bn0o
#AppControl #WDAC #Intune #PowerShell #DevOps #Security #Microsoft
🚀 New Blog Post – App Control for Business | Part 6
Learn how to sign, apply, and remove signed policies to protect against tampering.
Now on my blog 👇
👉 www.ctrlshiftenter.cloud/oat7 #WDAC #AppControl #EndpointSecurity #Cybersecurity #Microsoft #Intune #prevention
🚀 New Blog Post – App Control for Business | Part 5
How to create a custom base policy for fully managed devices — with PowerShell or the App Control Wizard.
Includes real examples with Notepad++
👉 www.ctrlshiftenter.cloud/4qz1
#WDAC #AppControl #Security #Intune
anyone else seeing "weird" behavior with #Intune Managed Installer? At first install of an application the files aren't tagged as being installed via Intune Managed Installer, if we uninstall the application and install it a second time they are tagged. #WDAC @intunesuppteam.bsky.social
IBM X-Force Highlights WDAC Bypass via Loki C2
IBM's X-Force team details methods to bypass Windows Defender Application Control using Loki C2, emphasizing the need for stringent security configurations and regular system audits.
Link: buff.ly/q1YS4uK
#CyberSecurity #WDAC #LokiC2 #IBMXForce
🚀 New blog post: Mastering App Control for Business – Part 4 🔐
Learn how to create a “starter base policy” for lightly managed Windows devices.
www.ctrlshiftenter.cloud/qu8h
#WDAC #AppControl #Intune #CyberSecurity #ZeroTrust #Windows #MSIntune #Microsoft #EndpointManagement #Endpoint #Security
🚀 New Blog Post: Mastering App Control for Business | Part 3 – App Tagging & Managed Installer
How to combine tagging policies with Windows Firewall & explore the pros/cons of Managed Installer.
🔗 www.ctrlshiftenter.cloud/gmva
#WDAC #AppControl #Intune #Securtiy #Microsoft
A new exploit that bypasses Windows Defender Application Control and leverages an advanced Command and Control (C2) method called Loki has been found.
#Electron #JavaScript #WDAC #C2Loki
🚀 New Blog Post: Mastering App Control for Business | Part 2 🔐
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
This can then be used to #block or #allow #software in #Microsoft #Defender - providing additional security ontop of App Control for business ( #WDAC )
I will have a blog post coming on App Control for Business, so keep your eyes peeled!
My issue with Intune EPM is that it can sort of deviate from the "everything must be pushed directly from intune" which means it leads further away from #WDAC
🚀 New Blog Post: Mastering App Control for Business | Part 1 🔐
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.
🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
🛡️ 𝗕𝗹𝗼𝗾𝘂𝗲𝘇 𝗹𝗲𝘀 𝗹𝗼𝗴𝗶𝗰𝗶𝗲𝗹𝘀 𝗻𝗼𝗻 𝗮𝘂𝘁𝗼𝗿𝗶𝘀𝗲́𝘀
Windows Defender Application Control est un puissant outil intégré à Windows et Windows Server permettant de contrôler les applications autorisées à s'exécuter sur vos machines💡
📺 www.youtube.com/watch?v=pEKg...
#Windows #WDAC #Sécurité #Microsoft #SysAdmin
I still think it's "weird" that Microsoft is making it this difficult for IT to manage their enterprise environment: you can block the Store app via policy, but the only option I've found to block the Store website is via AppLocker for Business #WDAC
In just a day WP Ninja Connect will take place.
The afternoon is fully packed with topics like #epm #automation and #tokens #windows365 #devicequery #compromisedaccounts #devicemanagement #WDAC
Checkout the full lineup at https://buff.ly/3Opd14M
WP Connect Speaker announcement:
We have a new speaker to announce that flew in just a short time ago. Thank you @NielsKok
He will talk about #WDAC and how to use it in Intune.
More information about the event check: https://buff.ly/3Opd14M
#WPNinjasNL #WPNinjaNLConnect #WPNinjaConnect
Last session of the @MemSummit with @PerLarsen1975 talking about application control in Windows. #Applocker #WDAC #MEMSummit
